NAT for use with OpenVPN
Morgan Wesström
freebsd-database at pp.dyndns.biz
Sat Nov 9 22:07:44 UTC 2019
> Internet -> Arris 6141 modem -> Netgear R6400.2 router/firewall ->
> threepio.mynetgear.com (FreeBSD)
Ah, you have a standalone SOHO router. That changes things drastically. :)
I assume the computers on your LAN (including FreeBSD) have private IP
addresses (192.168.x.x)? In that case your Netgear router is doing the
NAT for you and you don't need to worry about that part.
- You need to forward port 1194/udp (or whatever you chose for OpenVPN)
in your Netgear router so it points to the IP address of your FreeBSD
machine. Consult the router's manual how to do port forwarding.
- The firewall in the Netgear router also needs to allow incoming
connections on this port. It's probably setup along with the port
forwarding but once again you need to consult the Netgear manual.
- You can disable pf on your FreeBSD machine unless you absolutely want
an extra firewall to protect it. I strongly suggest you disable it at
this point though until you have the OpenVPN server running. It's
protected behind your Netgear router.
So to sum up:
- Configure firewall and port forwarding in your Netgear router.
- Configure the OpenVPN server on FreeBSD.
One caveat to look out for:
I'm not familiar with your Arris modem. Make sure it doesn't do routing
and NAT too so you have two layers of NAT since that would complicate
things. Make sure your modem is in bridge mode and that your Netgear
router has a public IP address on the interface connected to the modem.
Regards
Morgan
More information about the freebsd-pf
mailing list