I spent creazy hours to understand,
yes upnp is insecure!
But i have many devices with many port to Forward, so i think througth openvpn should be good.
But upnp only set port Forward between wan and lan, need to do it between openvp/lan.
The folowing screenshot show the dif
You don't need to redirect any ports when using your own VPN, just connect by device IP.
Not working with Huawei 4 g router
hi, perhap's this because i use openvpn routed rather openvpn bridge?
From house i see only the vpn ip 192.68.27.xx but not the local network behind 192.168.8.xxx
Access the LAN host by IP and allow access from outside the local subnet in Windows firewall.
at home there is openvpn routed server in the french isp FreeBox, with 192.168.0.xxx
at work, behind a hueawei 4G router, there is an openwrt router with openvpn client connected to the 192.168.0.xx home network, the local lan is 192.168.8.xxx
At work, i can use all 192.168.0.xx ip throught the vpn, without any problem
At home, i don't have acces to the "at work" lan, 192.168.8.xxx
on both side, i use linux PC
Maybe this sounds dumb on my part, but the Huawei 4G router doesn't have the OpenVPN server role installed/enabled, right?
Also, do you initiate the OpenVPN tunnel from work and leave it active for home?
It seems that this is normal behavior: the client is granted access on the server's network via the tunnel.
Unless you create individual connections from the other work devices through the OpenVPN client on the Huawei 4G router or you create static routes on your work laptop from your work subnet to your VPN tunnel, your home LAN will never see your work LAN devices.
yes 4g router don't have openvpn, that's why i added an openwrt router.
right, work is the client, home the server.
so, i'm correct when i forward ports port of work device to the openvpn client IP.
We come back at the stating point of this thread, upnp do forwarding only for the lan/wan, not for the openvpn lan.
I see in upnp lease the list of port of my devices, but again, nmap ipofopenvpn don't show any open ports than the one i have added manualy through LUCI.