0

I have a FortiGate 80c and I'm getting at a lost on how to port forward to get my OpenVPN service accessible externally.

I did setup the VirtualIP assigning tcp 1194 on the internal IP to the external one.

I did a firewall policy about this : ACCEPT any from WAN_external to any protocol openvpn (tcp+ud^1194) when source:all and dest:VIP_OPENVPN

What could I be doing wrong? Note that the setup works on the LAN.

Thank you.

vn.
  • 375
  • 2
  • 10

1 Answers1

5

You say that you have assigned TCP 1194 on the internal IP to the external one, but then you assign an additional UDP 1194 in your Policy.

This UDP port should also be handled by the External interface.

I don't have a 80C but a 3140B, should be the same. Here is how i would setup things (assuming that your OpenVPN port and protocol are correct).

For the sample, let's say that :

  • 200.200.200.200 is the public IP (WAN_External)
  • 192.168.0.10 is the private IP of the OpenVPN Server (LAN_Internal)

First you should create two "Virtual IP" with Port Forwarding, like this :

enter image description here

enter image description here

Second, create the Policy :

enter image description here

krisFR
  • 12,830
  • 3
  • 31
  • 40
  • such details. much screenshots. wowe. – mbrownnyc Apr 04 '14 at 00:18
  • Wow, excellent reply. Note that this is exactly what has been done and the tcp/udp thing is only for when I switch back to udp later. OpenVPN is actually set to tcp on port 1194 for diagnostics purposes. Once that works, it'll switch back to UDP and then I'll have to switch the external rule. – vn. Apr 04 '14 at 15:04
  • I can trace from the internal switch to the local IP, vice-versa too and same goes on for internal IP to external IP... Tried with/without NAT without luck. Sample of openvpn.conf: local 172.16.0.4 port 1194 proto tcp dev tun – vn. Apr 04 '14 at 15:27
  • @vn Can you post the trace ? – krisFR Apr 04 '14 at 15:59