Howto - free/cheap VPN port forwarding for Starlink type systems (

How to:
okay for those who may want cheap or free port forwarding for starlink types systems where port forwarding is blocked or not possible
for this example it will interface with your openwrt router:

signup for a free single port forward at or sign up for a premium account if you want more ports
when you create your mapping rule choose http or https depending on what your openwrt interface is using
download your ovpn file from

install openvpn and it luci counterpart

go to VPN > openvpn > "OVPN configuration file upload" and up load the file calling it "portmap"

if the openvpn version is lower then 2.5 you will need to modify the ovpn to a legacy version
basically it breaks at data-ciphers and if </cert> <ca> are together on the same line
modifications are:

cipher bf-cbc
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM

simply modify your ovpn file to look like this:


dev tun
key-direction 1
remote-cert-tls server
#data-ciphers AES-256-GCM:AES-256-CBC:AES-128-CBC:BF-CBC  <----- comment out
cipher bf-cbc   <-----  modification
remote 1194 udp

and at the end

key-direction 1
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM  <--------add this

you can test for errors in ssh terminal window by running openvpn --config /etc/opnvpn/portmap.ovpn ( or whatever you called it)

if everthing looks good start portrmap in openvpn

now create interface
for ease nano /etc/config/network

add this:

config interface 'vpn'
        option ifname 'tun0'
        option proto 'none'

now save
and nano /etc/config/firewall
add this:

config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'vpn'

config forwarding
        option src 'lan'
        option dest 'vpn'

config forwarding
        option src 'vpn'
        option dest 'lan'

then add in your traffic rule --- I open all ports for ease on the vpn

config rule
        option target 'ACCEPT'
        list proto 'all'
        option name 'vpn_portmap'
        option src 'vpn'

now the port forwarding rule from the VPN to the local lan

config redirect
        option dest_port '80'
        option src 'vpn'
        option name 'port'
        option src_dport '80'
        option target 'DNAT'
        option dest_ip '' <------or whatever your router ip is
        option dest 'lan'

save and restart the router
now when you click on your mapping link


it will open your openwrt router login page

good luck have fun

1 Like

yes i did a how to for purevpn a while back -- i have no complaint it was for a company that had moved to starlink connection . and no longer had access to their internal network devices.. this is for a FREE connection or $30 per year for 100 connections .. purevpn cost is around $120 per year.. - I also have a list of free sstp servers that use you can get a list of them from IPSpeed