After struggling for quite some time to discover why the once-working OpenVPN setup on my DD-WRT router suddenly stopped working, I finally realized the configuration was corrupted. I had been issuing a number of iptables commands (inserts and deletes) at the command prompt via ssh prior to the failure, although I do not know if the two are connected.

After disabling the OpenVPN client and rebooting the router, I noticed the Public Client Cert was partially truncated. I pasted the certificates back in, applied changes and rebooted the router and it works again once more.

As a long time friend of linux’s itables command, I mistakenly assumed that trying to port forward on Windows Server 2008 R2 would be just as easy. After quite a long while of searching I was able to determine the correct command; through use of netsh on the command line, it is easy to map incoming TCP traffic from one port to another port.

In my scenario, I needed to have an SSL connection initiated on a port other than 443 on the same machine, but handled by a service listening on port 443. To do this, the following command is entered on the command line; in this example, port 12345 is used as the initiating port.

C:\Users\Administrator> netsh interface portproxy add v4tov4 listenport=12345 listenaddress=192.168.1.1 connectport=443 connectaddress=192.168.1.1

Port 12345 is mapped to port 443 on the same machine. To have the traffic transferred to another machine, change the ip address for the connect address to the desired ip address.