for those who may want port forwarding on starlink connection for RDP or other application.
this is the relatively easiest method if your router will support it.
first install luci-proto-sstp, sstp-client, mwan3, luci-app-mwan3 then reboot
i found installing as a multiwan worked the best it even improved starlink download speed doing it this way, which i found odd but happy to take. it went from ~100Mbps to ~175Mbps for download speed about a 30% improvement. ( even if you have one wan mwan3 seams to keep everyone happy and you can use it to monitor the vpn connection and test and ping it multiwan diagnostics )
as a vpn provider I used purevpn with dedicated ip
edit /etc/config/network
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option metric '10'
config interface 'vpn' # purevpn setting
option proto 'sstp'
option username 'purevpnxxxxxxxxxx'
option password 'xxxxxxxxx'
option log_level '0'
option server 'xxx-ded-xxx.pointtoserver.com'
option metric '30'
option mtu '1400'
config interface 'wanb'
option proto 'dhcp'
option device 'lan4' # this will probably be different on your router as mine is lambro R1
option metric '20'
then edit /etc/config/firewall
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'vpn'
config forwarding
option src 'lan'
option dest 'vpn'
config forwarding
option scr 'vpn'
option dest 'lan'
config zone
option name 'wanb'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wanb'
config forwarding
option src 'lan'
option dest 'wanb'
and remote port forwarding you link to 'vpn'
example:
config redirect
option dest 'lan'
option target 'DNAT'
option name 'vnc'
option src_dport '5900'
option dest_ip '192.168.1.228'
option dest_port '5900'
option src 'vpn'
I also opened all the ports on the vpn, mainly because through the purevpn portforwarding in done on the server side which ports to allow it just simplified open ports as it will then only need to be adjusted at one interface and not multiple
config rule
option name 'sstpvpn'
list proto 'all'
option src 'vpn'
option target 'ACCEPT'
for mwan basically open the luci app enable wanb save and apply.
now your basic internet connect will run shared on wan and wanb and any port forwarding comes down the vpn and then directed to the appropriate internal ip.. I tried both L2TP and SSTP on openwrt for some reason thier speeds are restricted to around 5Mbps even though on a ubuntu base computer and the same protocols it is around 60Mbps . plus it does not work with all web pages ( ie some https websites openwrt forum as an example) or actions (ie you can not run the software manager on openwrt via sstp or L2tp for some reason either) and again on
if you are having issues run --- logread ---and see what the issue might be -- if your vpn is interrupted you need to restart it and restart mwan afterwards for things to wok properly again
