Allowing outbound static ports with pfsense

Someone here had to set up a VPN connection using Logmein Hamachi, but kept getting timed out due to the software switching to a relay server. Remedy follows.

A quick search of the Hamachi support forum revealed the solution to this problem.

Like many VPN services, Logmein Hamachi likes to communicate using static ports. But by default pfSense automatically randomizes all outgoing port traffic, to reduce the risk of internal hosts being identified by outsiders.

While pfSense’s behavior is reasonable, if you need to use a VPN service like Logmein Hanachi you’re going to have to change that default behavior.

The way to do that is outlined in the pfSense wiki here.

Basically the procedure described requires going into Firewall… NAT, selecting “Manual Outbound NAT rule generation” and hitting save. Then you need to select the particular rule that needs to be set to static, for example “Auto created rule – LAN to WAN”, and hit edit. Once in the rule, check the “Static-port” box under “Translation”, and save to commit.

This entry was posted in Security, System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).