search

peacey / split-vpn

A split tunnel VPN script for Unifi OS routers (UDM, UXG, UDR) with policy based routing.
GNU General Public License v3.0
802 stars 56 forks source link

Port Forwards on WAN IP not working #170

Closed jooost closed 1 year ago

jooost commented 1 year ago

Hi,

Firstly thank you for the fantastic scripts they are amazing, I maybe doing something stupid but would really appreciate your input to a problem I am having. I have a server on my LAN let's say 192.168.1.10 and I want all traffic from this server to go out the Mullvad VPN. I set the source IP in the config and it does this. All good.

However I also want inbound traffic into my normal WAN IP to be able to be port forwarded to the same 192.168.1.10 address and when the VPN is up this does not work, if VPN is down then it does. I feel I am probably missing something but would appreciate your suggestion in how I debug this.

Many thanks in advance

peacey commented 1 year ago

Hello @jooost,

You need to exempt the port you want to access from your WAN IP using EXEMPT_SOURCE_IPV4_PORT option in vpn.conf, or else traffic from that port will always go out the VPN. So for example, say I want to exempt source port 443 traffic from exiting the VPN so I can host a web server on this port and still rest of traffic go out the VPN for this client, then you can do use this option in addition to your FORCEDSOURCE* options.

EXEMPT_SOURCE_IPV4_PORT="both-192.168.1.10-443"

You can change both to udp or tcp if you only want one protocol. Also you can specific a range of ports with 443:446 for ports 443 through 446 for example, or 443,447,448 for ports 443, 447, and 448.

jooost commented 1 year ago

Many thanks for the quick response and advice, I will try that first thing in the morning and report back.

jooost commented 1 year ago

Thanks that worked perfectly, quick final question - can you have multiple entries with different IP’s in this list. Thanks again.

peacey commented 1 year ago

Yes you can. Just separate them with spaces like:

EXEMPT_SOURCE_IPV4_PORT="both-192.168.1.10-443 both-192.168.1.11-25 udp-192.168.1.65-32400"
jooost commented 1 year ago

Fantastic. Many thanks.

peacey commented 1 year ago

No problem! Feel free to close this once you set everything up and confirm it's working without any issues.

jooost commented 1 year ago

All working perfectly for me :)

signed2 commented 1 year ago

Hi Peacey,

I hijack this topic... I have problem to port forward from wan to local IP.

I can see by a port checker that a certain port is open when I enable it in udm pro firewall, and likewise I can see that the port is closed when I disable the rule. With port forward rule turned on I'm failing to reach to the final destination even when vpn.conf is configed as follow: EXEMPT_SOURCE_IPV4_PORT="udp-192.168.0.10-443" I have tried EXEMPT_SOURCE_MAC, without success.

And a newbie question, do I need to restart console everytime I change the vpn.conf file? So far I hade done it, but there might be a faster way to "kick in" the vpn.conf - or if its up and running when it's saved?

Can you please help me out and debug? Once again, please let me know if there is any way to make a donation!

Thank you,