The Firewalla VPN Server requires its port to be accessible from outside your network.
- If your Firewalla is running in router mode and has a public IP address, Firewalla will take care of everything for you– no need to take extra steps to set up port forwarding.
- If you're using OpenVPN, Firewalla's upstream router has UPnP enabled, and your box isn't in router mode, Firewalla will also automatically set up port forwarding for you via UPnP.
- If you're under CGNAT, you may need to contact your ISP to see if they allow port forwarding. If not, you can change your DDNS to "IPv6 only" if you have a working IPv6 address or change it to another WAN if you have multiple WANs.
On your VPN Server's Setup page, Firewalla will automatically detect whether port forwarding needs to be set up manually.
If you have a double NAT setup and are looking for instructions on how to configure port forwarding on the second router, just replace the IP address of your Firewalla box in Step 2 with the IP address of your first router. The rest of these instructions are the same.
Step 1: Get the IP Address of your Firewalla Box
If you have a single WAN setup with Firewalla, tap on the gear button on the top right of your box's main page. The number in the IP Address field is your box's IP Address.
If you have a dual-WAN setup, you may need to set up port forwarding on both of your upstream routers in order to make both WANs work properly.
On your box's main page, tap Network Manager, tap on the WAN connections, and write down each of their IP Addresses.
Note: if Firewalla is in DHCP mode, and your overlay network is configured to be the same subnet as the primary network, the VPN server may use Firewalla's IP address in the overlay network to talk with VPN clients instead of the IP address in the primary network. When configuring port forwarding, make sure you forward to Firewalla's IP address in the overlay network. On Firewalla Red, Blue, or Blue Plus, you can check the IP address information in Settings -> Advanced -> Network Settings.
Step 2: Set up Port Mapping on your Router
You'll then need to map your upstream router's public port to Firewalla's local port. default, Firewalla uses UDP port 1194 for OpenVPN, and 51820 for WireGuard VPN.
We'll use Apple AirPort as an example here. For other brands of routers, we recommend checking out this website for detailed instructions. If your router is not listed and you have trouble setting up port mapping, please email us at help@firewalla.com.
On AirPort Utility, select the base station > Edit > Network tab:
- Click the "+" (Add) button under Port Settings or Port Mappings.
- Description: <enter: Firewalla VPN>
- Public UDP Ports: <enter 1194>
- Public TCP Ports: <leave blank>
- Private IP Address: <enter the IP address from Step 1>
- Private UDP Ports: <enter 1194>
- Private TCP Ports: <leave blank>
- Click "Save"
- Click "Update"
Comments
0 comments
Please sign in to leave a comment.