Howto - free/cheap VPN port forwarding for Starlink type systems (portmap.io)

Installing and Using OpenWrt Network and Wireless Configuration
1

How to:
okay for those who may want cheap or free port forwarding for starlink types systems where port forwarding is blocked or not possible
for this example it will interface with your openwrt router:

signup for a free single port forward at portmap.io or sign up for a premium account if you want more ports
when you create your mapping rule choose http or https depending on what your openwrt interface is using
download your ovpn file from portmap.io/configs

install openvpn and it luci counterpart

go to VPN > openvpn > "OVPN configuration file upload" and up load the file calling it "portmap"

if the openvpn version is lower then 2.5 you will need to modify the ovpn to a legacy version
basically it breaks at data-ciphers and if </cert> <ca> are together on the same line
modifications are:

cipher bf-cbc
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM

simply modify your ovpn file to look like this:

example:

client
nobind
dev tun
key-direction 1
remote-cert-tls server
#data-ciphers AES-256-GCM:AES-256-CBC:AES-128-CBC:BF-CBC  <----- comment out
cipher bf-cbc   <-----  modification
remote 193.161.193.99 1194 udp

and at the end

key-direction 1
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM  <--------add this

you can test for errors in ssh terminal window by running openvpn --config /etc/opnvpn/portmap.ovpn ( or whatever you called it)

Screenshot_20221109_055454
Screenshot_20221109_0554541164×221 90 KB

if everthing looks good start portrmap in openvpn
Screenshot_20221109_060038
Screenshot_20221109_060038859×336 30.9 KB

now create interface
for ease nano /etc/config/network

add this:

config interface 'vpn'
        option ifname 'tun0'
        option proto 'none'

Screenshot_20221109_060114
Screenshot_20221109_060114895×507 62.5 KB

now save
and nano /etc/config/firewall
add this:

config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'vpn'

config forwarding
        option src 'lan'
        option dest 'vpn'

config forwarding
        option src 'vpn'
        option dest 'lan'

Screenshot_20221109_060204
Screenshot_20221109_060204895×602 49.4 KB

then add in your traffic rule --- I open all ports for ease on the vpn

config rule
        option target 'ACCEPT'
        list proto 'all'
        option name 'vpn_portmap'
        option src 'vpn'

Screenshot_20221109_060311
Screenshot_20221109_060311897×268 29.6 KB

now the port forwarding rule from the VPN to the local lan

config redirect
        option dest_port '80'
        option src 'vpn'
        option name 'port'
        option src_dport '80'
        option target 'DNAT'
        option dest_ip '192.168.1.1' <------or whatever your router ip is
        option dest 'lan'

Screenshot_20221109_060235
Screenshot_20221109_060235895×249 21.7 KB

save and restart the router
now when you click on your mapping link

example:

http://username-ID.portmap.host:assignedport

http://openwrt99-50000.portmap.host:30111

it will open your openwrt router login page

good luck have fun

2 Likes
3

yes i did a how to for purevpn a while back -- i have no complaint it was for a company that had moved to starlink connection . and no longer had access to their internal network devices.. this is for a FREE connection or $30 per year for 100 connections .. purevpn cost is around $120 per year.. - I also have a list of free sstp servers that use you can get a list of them from IPSpeed

4

hi there - complete newbie here - is there any way to use portmap io to setup port fowarding to specific devices using their local IP and port?
i have 5 devices that send information, and with starlink they don't work
thanks in advance

5

The free level of portmap only allows one port meaning you can only run one service on one server. Though you can have multiple external devices connecting to that port.

This overall concept works with any ISP that (as many do) uses CGNAT or blocks incoming connections. It's not specific to Starlink.

6

you can get the paid version of portmap.io ( ~30.00 per year) for 100 ports or you can use the portmap.io config page to switch ports manually as you need them . and port forwarding on openwrt to push it the secondary devices

7

sounds great - but I understood nothing :upside_down_face: thanks for trying though

8

from this section above basically just change it to point the ip of the device and what ports you are targeting
and if you setup a portmap.io premium account then you just make multiple for each port and internal ip of the device you want to connect to

config redirect
        option dest_port '8080'
        option src 'vpn'
        option name 'port'
        option src_dport '8080'
        option target 'DNAT'
        option dest_ip '192.168.1.100' <------or whatever your device ip is
        option dest 'lan'