How to achieve port forwarding with a client-side VPN connection

[jasons2645]

My ISP blocks all incoming requests on all ports, but I want to host a personal web server and a couple other services.

The way I want to accomplish this is to have a PC sit behind my firewall that is connected to a PureVPN dedicated IP VPN connection. They'll forward all incoming requests they receive on that static IP to my PC connected on the VPN. Then, the trick is that I want to forward everything that comes in to one or more servers.

I've looked into Windows ICS to accomplish this, but it's a true pain in the rear. I've also looked into ClearOS, but they don't support any VPN clients. Any thoughts? I'm willing to use Windows, Windows Server, *nix, ...

 

[bill001g]

It likely would be easiest to use a router with vpn support to accomplish it or do it with your firewall if it has the ability. Windows is not meant to run as a router even the server version are very limited in their abilities. You could load a linux based router/firewall.

Still your largest problem is that you not have 2 gateways in your network. The real one and the one via the VPN. It gets very messy to make the machines on your network choose the correct one. Best results would be to place the device between the firewall and the lan and force all traffic though it and let the device decide if it needs to go via the vpn or directly. This is why your firewall would be the optimum place for the vpn function.

For the cost of the vpn you may be better off spending the money on a hosted virtual server. These have gotten extremely inexpensive lately.

 

[jasons2645]

I would tend to agree with you. Can you recommend any VPN routers that support port forwarding for incoming requests made on the VPN?

It likely would be easiest to use a router with vpn support to accomplish it or do it with your firewall if it has the ability. Windows is not meant to run as a router even the server version are very limited in their abilities. You could load a linux based router/firewall.

Still your largest problem is that you not have 2 gateways in your network. The real one and the one via the VPN. It gets very messy to make the machines on your network choose the correct one. Best results would be to place the device between the firewall and the lan and force all traffic though it and let the device decide if it needs to go via the vpn or directly. This is why your firewall would be the optimum place for the vpn function.

For the cost of the vpn you may be better off spending the money on a hosted virtual server. These have gotten extremely inexpensive lately.

 

[bill001g]

As complex as your requirements are I would look at a router that you can load third party firmware like dd-wrt on. There are likely a number of routers that can do the basic vpn but I am not sure how many support port based routing. It is a different form of port forwarding since a vpn is involved. They add lots of support to routers all the time I just don't keep up with it, whenever I need something complex I use either dd-wrt or more commonly my cisco commercial router since I know that better than any other.

 

[jasons2645]

I just found the answer I was looking for... You can do this on any Windows OS. I did it on Windows 10 Professional.

Let's say your Windows machine you want to use to (i) connect to the VPN that will give you your static IP and (ii) forward incoming requests off said static IP to other machines on your network. Let's assume this windows box has IP 192.168.1.20 and you want to forward port 5000 to machine 192.168.1.22. You need to:

1) Run netsh.exe interface portproxy add v4tov4 listenport=5000 connectaddress=192.168.1.22 connectport=5000
2) Open port 5000 in your firewall on 192.168.1.20 so that the port forward can occur

In addition, you need to ensure the VPN is started whenever 192.168.1.20 is rebooted. This can be done by creating a scheduled task to run at startup to run a bat file with the contents:

rasdial.exe “MY VPN” “DOMAINNAME\USERNAME” “PASSWORD“

Be sure to configure the scheduled task to start 30 seconds after computer startup and with the highest privileges. The delay to start is to ensure your IP gets acquired and all before attempting to connect the VPN.