Port Closes after a Certain Period of Time VPN

[Undesirable]

Hi there, I've made a hole in the firewall to open a port for the VPN with this script on firewall-start:

#!/bin/sh

iptables -I FORWARD -i tun11 -p udp -d 192.168.1.86 --dport 56211 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.86 --dport 56211 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 56211 -j DNAT --to-destination 192.168.1.86
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 56211 -j DNAT --to-destination 192.168.1.86

192.168.1.86 is the local address of my NAS where the server software is running. 56211 is the port I need to stay open.

After a certain period of time, the port will become unreachable remotely. It's fine for about 6 hours, but when I come back to check after a further 15 hours (unknown exactly when it occurs) it has closed. The VPN options I changed after uploading a .OVPN file are setting "Accept DNS Configuration" to "Relaxed" and "Redirect Internet traffic" to "Policy Rules" and then assigning my NAS IP as "VPN" and my main computer's IP as "WAN". Also "Block routed clients if tunnel goes down" = "Yes". All other settings are default.

Things I've tried: Restarting the NAS server software when the port becomes unreachable - doesn't fix the issue. Switching VPN off and then back on again - the port becomes reachable again, albeit temporarily.

 

[Fitz Mutch]

... After a certain period of time, the port will become unreachable remotely... Switching VPN off and then back on again - the port becomes reachable again, albeit temporarily.

Can you reproduce the problem by power-cycling your cable modem? When the WAN goes down and up, the router re-runs the firewall scripts. It could be flushing the NAT table, cause you to loose the NAT rules that you set previously in firewall-start.

Things to try. Test one at a time, to see if either fixes the problem.

1. Move only your NAT rules from firewall-start to nat-start
   
2. Administration -> System -> "Enable WAN down browser redirect notice" = No

 

[Undesirable]

Unfortunately, restarting my cable modem didn't reproduce the issue. The port was immediately reachable again when the internet connection came back up.

I recently came to the realisation that it could somehow be the NAS causing this issue, because I used to run server software from an ODROID-C2 single-board computer with Ubuntu and I never had a closed port with that setup, and I was using the same firewall script and VPN settings on the router. I'm not sure what could be causing the port to close on the NAS either, since I haven't touched the firewall or network settings there.

Anyway, I take it there's no point in testing the things you suggested since I can't reproduce the problem by power-cycling my modem? I've started testing the nat-start script right now, but it'll take hours to see if it has helped.

 

[Undesirable]

Well, I believe I figured it out eventually. I had an idea that the port I needed open was somehow being "knocked off" by a service on the NAS. Turns out the one I selected was, unbeknownst to me, in the PASV FTP port range. I don't use the FTP server on the NAS, but changing the port seems to have fixed the issue I was having with the other server software I needed it open for.