subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
517 views 2 comments
by anonymous

I have a RUT950 which is connected via the mobile network, Three (no VPN blocking). It then uses IP Passthrough to supply the external address to the OPNsense firewall WAN port. My firewall is on

I want to be able to have my OPNSense firewall to continue to act as the OpenVPN server (this was working previously when using a DSL Draytek Vigor 130 in bridge mode).

I have followed the previous advice on setting up Port Forwarding on the RUT950, but this is making no difference, I cannot secure a connection externally.

I can confirm when on the WiFi I can get OpenVPN connected, so this seems to be an issue with it coming from the WAN, I don't think Port Forwarding is working.

Firmware version RUT9_R_00.07.04

Firmware build date 2023-03-03 14:32:39

Internal modem firmware version EC25ECGAR06A09M1G_01.001.01.001

Kernel version 5.4.229

by anonymous
The attached pictures show the port forwarding on the RUT, the WAN rule on the OPNsense firewall to pass VPN traffic from that interface and the OPENVPN (virtual interface) to pass traffic through.

1 Answer

0 votes
by anonymous

To better understand your case, I would like you to provide a topology of your network.

When operating in passthrough mode, most of the router's functionalities, including firewall capabilities are disabled. The router mostly acts as a transparent gateway between a remote host and device connected to the router simply forwarding traffic between those nodes.

Port forwarding becomes necessary only if you want to have access to the router itself. Then separate rules should be configured to enable access from WAN. Otherwise, default configuration does not prevent openVPN traffic, nor require specific configuration.

Does the VPN tunnel itself establish?

Also, could you provide an explanation, on how the WiFi configuration is implemented?

Best regards,
by anonymous

I hope this picture helps to make the set-up a little more clear, I had to design this manually as I don't have professional mapping software so I hope it is sufficient in its detail.

The OPNsense firewall is always up and listening for incoming connections, so I checked that the dynamic public IP address of the WAN0 port is being updated against my DDNS address correctly, and this is working fine so that can be ruled out. This basically ceased to work once I replaced my Draytek Vigor 130 DSL modem (bridge mode) with the RUT950, so I decided to factory restore the RUT950 to start again, just in-case I had modified something without realising. Port Forwarding mentioned above, is the only change that has been made based on advice to others on this community.

On the RUT950, I have tested both IP Passthrough mode and Bridge mode and neither allow the VPN traffic to reach the OPNSense Firewall which I found odd myself as it should just work, however when I am connected to my WiFi with my mobile using the OpenVPN app, I am able to secure a connection on my firewall (VPN Server). So I re-checked my WAN firewall rule on the OPNSense and I believe that is fine too.

Thank you for your help.


Understanding that RUT has its own OpenVPN server, I noticed that there was an article stating that the Forwarding Zones need to be modified afterwards, so with that in mind, I selected 'Accept' to each of the zones and it is now working.