d) Can an OpenVPN or pfSense's software/implementation stack communicate this request to open and close ports to the end server / VPN provider? Is this documented?
e) OR does it depend on the VPN provider?

Scenario 3
As above, either scenario #1 or #2, but the question of what ports the VPN provider is blocking at their VPN exit point also concerns me:
a) do I have any control over this?
b) can I set them to match my preferences set on my OS's Firewall?
c) what if 'someone else' wants 443 or another common port number?)

I would assume that here the FW port-forwarding rules ARE respected, so Windows Firewall and IPtables based Linux firewalls are placed 'behind' the virtual VPN/NIC adaptor (that is, closer to the user from the perspective of the endpoint) or am I wrong, or does it depend on the specific OS implementation? TRUE/FALSE

a) I would assume that as the VPN tunnels through the gateway firewall/router that no port-forwarding preferences are able to be applied to the traffic on the encrypted VPN tunnel. Ture/False

b) But then what about on the endpoint itself, so Linux and Windows?

Scenario 2:

Exactly the same 'restrictive' setup as scenario 1 above (so no port-forwarding enabled and UPNP off on the hardware gateway router) but this time I use a paid for VPN service and establish a connection to a VPN server/exit-node in, say, France.

What exactly happens to my port-forwarding preferences, including the settings I've made on the hardware gateway and on the local Linux/Windows boxes?

Let's say for arguments sake that I block everything from entering my network unless explicitly originating from my local Linux/Windows box, so no 'port-forwarding' enable and UPNP explicitly disabled gateway FW (and presumably the OS too?....).

I can test and verify this works and then slowly enable / open ports as I require for services I want to allow remote incoming connections to, such as web-servers, FTP , Skype, anything I like etc

I get this, it seems clear :)

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.