How to:
okay for those who may want cheap or free port forwarding for starlink types systems where port forwarding is blocked or not possible
for this example it will interface with your openwrt router:
signup for a free single port forward at portmap.io or sign up for a premium account if you want more ports
when you create your mapping rule choose http or https depending on what your openwrt interface is using
download your ovpn file from portmap.io/configs
install openvpn and it luci counterpart
go to VPN > openvpn > "OVPN configuration file upload" and up load the file calling it "portmap"
if the openvpn version is lower then 2.5 you will need to modify the ovpn to a legacy version
basically it breaks at data-ciphers and if </cert> <ca> are together on the same line
modifications are:
cipher bf-cbc
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
simply modify your ovpn file to look like this:
example:
client
nobind
dev tun
key-direction 1
remote-cert-tls server
#data-ciphers AES-256-GCM:AES-256-CBC:AES-128-CBC:BF-CBC <----- comment out
cipher bf-cbc <----- modification
remote 193.161.193.99 1194 udp
and at the end
key-direction 1
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM <--------add this
you can test for errors in ssh terminal window by running openvpn --config /etc/opnvpn/portmap.ovpn ( or whatever you called it)
if everthing looks good start portrmap in openvpn
now create interface
for ease nano /etc/config/network
add this:
config interface 'vpn'
option ifname 'tun0'
option proto 'none'
now save
and nano /etc/config/firewall
add this:
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'vpn'
config forwarding
option src 'lan'
option dest 'vpn'
config forwarding
option src 'vpn'
option dest 'lan'
then add in your traffic rule --- I open all ports for ease on the vpn
config rule
option target 'ACCEPT'
list proto 'all'
option name 'vpn_portmap'
option src 'vpn'
now the port forwarding rule from the VPN to the local lan
config redirect
option dest_port '80'
option src 'vpn'
option name 'port'
option src_dport '80'
option target 'DNAT'
option dest_ip '192.168.1.1' <------or whatever your router ip is
option dest 'lan'
save and restart the router
now when you click on your mapping link
example:
http://username-ID.portmap.host:assignedport
http://openwrt99-50000.portmap.host:30111
it will open your openwrt router login page
good luck have fun