Port Forwarding Question

[mhumm2]

Goal: Access my FreeNAS server via the internet using OpenVPN.

Knowns: I have a jail set up with OpenVPN. I know my internet IP address and I know the OpenVPN IP address of my FreeNAS server.

Unknowns:
Port forwarding my internet IP address to my FreeNAS server's OpenVPN IP address on my UVerse 2Wire router model 3801HGV. I've attempted that a couple of times, but the prompts are very cryptic to me. I don't know if I'm entering the correct information into the fields to do what I want to do.

Additional Question: Do I have to use a DNS service if I'm okay typing in the IP address when I want access to the server? Is there any other reason to use a DNS service? Can I get a DNS name after everything is configured and working?

I appreciate any help I can get.

 

[SweetAndLow]

Using a dns service is optional, it just makes it easier to remember. Also your external IP might change and you could use ddns to update your DNS entry with the correct IP.

For the port forwarding you just need to forward any port greater than 1024, you pick a number, to the open vpn port in your jail.

External ip:External port -> jail IP:port

 

[pirateghost]

Without having that router, kind of hard to tell you what you need to know. You don't even specify what the issue is.

you do not have to use a DNS service, but why wouldnt you? If you think it is a complicated setup process, you couldnt be further from the truth....it is easy and you SHOULD do it for ease of use later on in case your IP changes, but if you dont want to, it is not required. Yes you can add it later if you want.

Just a tip:
Make sure the subnet your OpenVPN server is handing out to it's clients is NOT the same subnet as the rest of your network. If your subnet is 192.168.1.1/24 use something like 192.168.100.0/24, or I prefer to go completely different with 172.16.0.0/24

 

[mhumm2]

Ok. My gateway router is 192.168.1.254. My FreeNAS server (OpenVPN) is 192.168.1.110. The 4 computers on the same LAN as the FreeNAS server are already connected and I have no trouble on that side. I'm only using OpenVPN access to one folder for family and friends. Mostly being able to exchange family photos, and that kind of stuff.

I'm not sure what you mean by "Make sure the subnet your OpenVPN server is handing out to it's clients is NOT the same subnet as the rest of your network." The only external (internet) connection it has is via the 192.168.1.110 IP address.

So do I have to open the port on my UVerse router or on the FreeNAS server or both?

 

[pirateghost]

Ok. My gateway router is 192.168.1.254. My FreeNAS server (OpenVPN) is 192.168.1.110. The 4 computers on the same LAN as the FreeNAS server are already connected and I have no trouble on that side. I'm only using OpenVPN access to one folder for family and friends. Mostly being able to exchange family photos, and that kind of stuff.

I'm not sure what you mean by "Make sure the subnet your OpenVPN server is handing out to it's clients is NOT the same subnet as the rest of your network." The only external (internet) connection it has is via the 192.168.1.110 IP address.

So do I have to open the port on my UVerse router or on the FreeNAS server or both?

FreeNAS isn't routing or running firewall duties, so the only port to open is the router to the OpenVPN jail IP. Your jail should have its own IP, it does not share an IP with FreeNAS.

When you configure an OpenVPN server it runs its own "dhcp" for the clients that connect to it. There are issues if you use the same subnet for your OpenVPN clients as your regular network. Or if you make the OpenVPN subnet the same as the subnet you are connecting from. There are some caveats you need to account for when running a VPN.

1. make sure your subnets are different but can talk to each other
2. make sure your normal internal subnet is not going to be the same subnet as a connecting vpn client
3. make sure you use certificates and passwords on your clients

 

[mhumm2]

I'm confused. When I port forward my public IP to my OpenVPN IP (yes it is assigned static IP 192.168.1.110) to get to my server I'm going to use my public IP address, correct? My local IP addresses (my subnet if I'm using the term correctly), doesn't mean anything to a browser, correct?

One of the links you provided explains the certs and passwords, but I thought there were specific directories for those on both the server and the clients.

 

[pirateghost]

so your OpenVPN jail is 110? not the freenas IP right?

when you connect to your vpn you are using your external ip. the outside world doesnt know what the hell is behind your router and your entire subnet behind your router is unroutable (a completely private network).

Think of it like this:
Your external IP is the address to an office building.
Your internal IP addresses are the different offices/suites. You have to enter the front door to get to the offices.

 

[nightshade00013]

This should help with your router and setting up the forwarded port. http://portforward.com/english/routers/port_forwarding/2wire/3801HGV/OpenVPN.htm

 

[pirateghost]

This should help with your router and setting up the forwarded port. http://portforward.com/english/routers/port_forwarding/2wire/3801HGV/OpenVPN.htm

holy crap. and people think that real routers are complicated? lmao.

 

[nightshade00013]

holy crap. and people think that real routers are complicated? lmao.

ROFL, Yeah the "combined" router modem setups are made almost intentionally harder to do things with to discourage their use that way it seems. On top of that you have no option to change the firmware to something with more features either.

 

[pirateghost]

:::shudders:::