Has anyone tried portforwarding an external ip on an openvpn server over to an internal ip/port on an openvpn client? I am curious how this would be accomplished. I have tried a couple of different NAT / Iptables configs but no luck as yet Interesting. No I haven't. I would imagine that it's no different than other routing/natting. However I know that OpenVPN itself has some primitive firewalling (preventing clients from connecting to one another, unless configured to allow it) I came across some blog posts referring to an OpenVPN packet filter but could not find documentation on how to disable / configure it mnathani: you would have to (in pf syntax, presuming em0 and tun0) do something akin to .. 'pass in on em0 to (em0) port 1234 rdr-to 10.9.0.2' then 'nat out on tun0 from !(tun0) to (tun0:network)' wow I mixed old and new syntax the 2nd should be 'pass out on tun0 from !(tun0) to (tun0:network) nat-to (tun0) ' bottom line is those pf rules would need to be translated / converted to Iptables syntax on Centos 6? remote side of openvpn expects to see your ip / subnet and nothing more unless they are told to route to it. and I doubt you want the remote end to route to 0.0.0.0/0 through your end so translate your end of the openvpn tunnel to what the remote end is expecting to see and use rdr as needed to direct inbound packets on other interfaces across the openvpn tunnel mnathani: I have no experience in Centos 6, but since it does iptables you'd need similar concepts, which I'd be surprised if it can't do I dont really mind if all 0.0.0.0/0 gets routed through the openvpn server Its more of an experiment to see if I can connect to the openvpn client which is behind a firewall I do not have control over hence the need to use the vpn to allow inbound access consider what 0.0.0.0/0 means. ensure you have a static route to the openvpn server. its a matter of understanding how networking and firewalls work, nothing more. it is doable. nmap output: 3389/tcp filtered ms-term-serv what does the filtered refer to? and how is it different from closed filtered indicates to me it has a firewall blocking it vs returning icmp unreach if you check nmap while running a tcpdump to watch: \( 192.168.0.112 and tcp port 3389 \) or icmp you might see more clearly what this means I got it working my nat rule was too broad woot right on I spent hours on it last night here is the nat rule now: iptables -t nat -A POSTROUTING -s 10.8.1.6/32 -j SNAT --to A.B.C.D where A.B.C.D is my vpn server ip previously it was 10.0.0.0/8 ;) hi kevr hello. ~ ! `;->~ can OpenVPN be used to provide IPv6 connectivity to an IPv4 only client (Server would be dual stacked ofcourse)