Problem Port Forwarding to Openvpn Server

I have a Balance 30 as my gateway router and I have setup an OpenVPN server on the LAN side of the router. I can successfully connect via VPN to the OpenVPN server from a workstation on the LAN, so the server’s firewall does not seem to be a problem. Also, I am using the Peplink VLAN features on this network to segment LANs, but still no problem connecting to the VPN server from a different VLAN.

When I try to connect to the OpenVPN server from the WAN through the Peplink, it fails. I have tried both NAT mapping and port forwarding (TCP:443, TCP:993, and UDP:1194), but still no success either on the TCP or UDP ports.

When I scan the ports from the WAN side using nmap on an outside server, it shows the ports as filtered, meaning the Peplink is blocking the ports. When port forwarding, I have even tried it with the OpenVPN server’s firewall off, and still not luck connecting from the WAN side.

Interestingly enough, the port forwarding does work from the WAN side when I access the OpenVPN server’s HTTPS web page using TCP:443 and a web browser.

While I happen in this case to be using OpenVPN, it shouldn’t matter, and the NAT mapping or port forwarding should be working.

I would appreciate any help or suggestions.


OpenVPN is using TCP 443, TCP 943 and UDP 1194. You may find the details here.

If you still facing problem, please open ticket for us to take closer look.

The link you referenced above is to the ‘OpenVPN Access Server’ and I’m not sure that’s what the original poster was describing. It sounds as though he had configured an OpenVPN server on his LAN and was trying to forward client traffic to this server using a Balance 30.

I’m having the same problem using a Balance 20 as my gateway. I have configured an OpenVPN server on my LAN (as a package installed on my Synology DS411+II NAS) and need to forward OpenVPN client traffic to it. The Synology is configured correctly, as I can successfully connect to it locally at its LAN IP.

On my Balance 20:

I set up port forwarding to direct protocol UDP:8591 traffic from either WAN interface to the LAN IP of the Synology.

I set up a matching inbound firewall rule to allow UDP:8591 traffic from either WAN interface, with the destination IP set to the Synology NAS at port 1194 (the default OpenVPN port).

This is exactly the same method I’ve used to configure SSH, RDP, and other traffic.

But it simply doesn’t work.

Am I just missing something simple here? Do you have any suggestions as to how I should proceed?