PEPVPN port forwarding to internal server

I have a PEPWave Surf/SOHO (f/w 8.1.1 build 4994) at the office, with a Windows server on the LAN behind it. I want to enable OpenVPN on the Surf, and then VPN into it from home in order to access the Windows server files. I thought it would be straight forward and simple.

IP setup on the office side is: public IP (108.190.x.x) → pepwave interface ( → Lan (192.168.1.x) with DHCP server option enabled. Windows server IP is (

A few questions:

First, in the Remote User Access page, the “Listen On” for the WAN is checked (with checked). I generated/downloaded the .ovpn config to use on my home computer, selecting the “Route all traffic” option . But the .ovpn is configured with the address. But shouldn’t the .ovpn be loaded with the public IP address (108.190.x.x)? If so, how do I accomplish that?

Second, once I do get the .ovpn configured correctly to use on my home computer, once I connect to the LAN (192.168.1.x) network, where will I enter the local LAN userid/password?

Third, is it necessary/required to do any port forwarding on the Surf/SOHO to make this work?

Thanks, in advance, for any help.

There’s the rub - how does your external device connect to, a non-public IP address?

Unless you have established routing (port forwarding or the like) mapping the external/public IP interface at 108.190.x.x (at a corporate router or firewall?) to your local router there is no way to connect to your router to establish the VPN.

As far as your router knows, is its external address for the VPN to connect to.

If you have established the appropriate mapping from the external to the internal address then it is a simple matter of replacing with 108.190.x.x in the client VPN set-up.



Z, thanks. In other words the ISP router needs to forward a port (1194? 443?) to the PEP router? I have to check, but I thought (perhaps, incorrectly) that I had the ISP configure their router for ‘bridge mode’, and that all traffic would flow to the PEP router.

I would think so as well. However, for a bridge mode connection your router should report its WAN IP address as 108.190.x.x (the same as the ISP router). Since it does not, there may be an issue with the bridge mode setup for the ISP router, or with how your router gets its IP address.

When your router has as its WAN address then it will not respond to connections directed to 108.190.x.x (under most circumstances).