I am missing some information to be able to specifically answer your question, but I will try to sort out some things to help you further.
[...] I'd like to forward all traffic from the internet on port 4443 back to the client so the client responds.
You can not forward other data to a port that does not have a suitable service for the data.
VPN works by creating a virtual network, which includes virtual network interfaces. For the virtual network interface to work, a VPN software must be running (client or server). When the VPN software receives data/packets from the virtual network interface, the data is repackaged and traditionally encrypted and then transferred by the physical network, and vice versa when data is received.
Physical Ethernet
is wan interfaces.
Due to VPN characteristics you got two networks. A physics and virtual with each their ip address. With these networks you can do all the common things you can do with a network.
Client (any machine) ---> VPN Client (Raspberry Pi) ---> OpenVPN Server ---> Internet
The Physical Ethernet
and Physical Ethernet 0
is wan interface. The Physical Ethernet 1
is to connect with the Client (machine)
.
I assume you are using an ethernet cable to connect Client (machine)
to VPN Client (Raspberry Pi)
, and you have iptables on the Raspberry Pi...
To set up NAT forwarding between the two networks Physical Ethernet 1
and Virtuel Ethernet
, I assume that Physical Ethernet 1
has the name eth0 and the Virtuel Ethernet
has the name tun0.
# Set default policies
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# NAT
iptables -A POSTROUTING -o tun0 -j MASQUERADE # Enable NAT
# Forwarding
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT # Allow forwarding from client to vpn
iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT # Allow forwarding from client to client
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow forwarding from vpn to client, for already established connections
See also How to configure a simple router with iptables in Ubuntu
I do not know which OS you use on the machine with the VPN server. I can therefore not go into detail on how to NAT forward...