NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Port forwarding to a VPN client
I enabled VPN access to my R7000 running the latest formware level. Port forwarding to a VPN client connected does not work. Is this supported? I forward the port to the local IP address provided to the client. Internally I can access the VPN client from other machines on local network. Externally, I cannot reach that VPN client when forwarding a port to it.
Hi scouzi66,
If you will use it on a PC, you should use TAP and TUN is for mobile or smartphones.
TUN mode - 12973 (for smartphone)
TAP mode – 12974 (for PC)
6 Replies
Hi scouzi66,
1. What is the software of your VPN?
2. Where is the VPN server connected?
3. Make sure the port forwarded is the correct port for your VPN.
Hi scouzi66,
We’d greatly appreciate hearing your feedback letting us know if you need further assistance.
Upon further investigation ...
The port is indeed forwarded to the client. However, since source IP address (outside) is not natted to the LAN side of the the NetGear router (LAN side of VPM server), the VPN client responds back through it's own WAN interface rather than it's tun0 interface which the original request came through.
It would be nice if a feature was available to SNAT external IPs (ie public) to a LAN side IP address with VPN server service.
Just a clarification to make ..
It's a TAP on the client and not a TUN.
Here is my client config file as generated by the router config
client
dev tap
proto udp
remote xxxxxxx.mynetgear.com xxxxx
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5