Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: VPN acting as if it is behind a firewall

  1. #21
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,610
    Blog Entries
    1

    Default Re: VPN acting as if it is behind a firewall

    Quote Originally Posted by jrobb564 View Post
    I make no such assumptions. I checked my IP A. Through Eddie, as it prominently displays the public ID once connected and B. via my torrenting site, which also displays it.



    Yes, the AirVPN people said it did not work

    TSU -
    When I say the problem might be either A or B,
    An answer saying "Yes, it doesn't work" isn't that informative.
    Quote Originally Posted by jrobb564 View Post

    You've lost me...

    TSU -
    A fundamental concept is that if you're going to provide a network service, there are typically two parts...
    1. You need to have a running application that will respond on a network port
    2. If you have a firewall running, you need to allow access through the firewall to that one port.
    It's as simple as that, you can tickle the application by sending a probe to that port from the same machine. Since you're deploying in a VPN, the VPN address and port is how remote machines expect to connect to your application.
    Quote Originally Posted by jrobb564 View Post
    That was the correct IP at the time. I recheck every time I login.

    It was and I do.
    TSU-
    There are two probe tests you need to run
    1. From your own machine to your VPN address and port, The VPN address is obtained by running 'ip address" which is one of the commands you had to run earlier, and apparently AirVPN is assigning customers like you an address which starts with a 10, ie 10.x.y.z
    2. From outside your VPN to your public address and port.
    Quote Originally Posted by jrobb564 View Post
    I don't understand. You said to run two probes but only mention one. You'll need to explain the VPN address and how I get it.
    TSU -
    No, you didn't. You ran your telnet probe from your machine in your VPN to your public IP address which is definitely not what I've been describing. I explained to you that such a test is unreliable because it's a hair pin connection. You have to run your test from a machine outside your network, like from the adminkit.net website, or from your phone when using a telco carrier connection to the Internet, or someone else' machine, etc.
    Quote Originally Posted by jrobb564 View Post
    I have already done this and included it in the last results.
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  2. #22

    Default Re: VPN acting as if it is behind a firewall

    Quote Originally Posted by tsu2 View Post
    TSU-
    There are two probe tests you need to run
    1. From your own machine to your VPN address and port, The VPN address is obtained by running 'ip address" which is one of the commands you had to run earlier, and apparently AirVPN is assigning customers like you an address which starts with a 10, ie 10.x.y.z
    2. From outside your VPN to your public address and port..
    No firewall, everything forwarded correctly, bittorrent listening on port 7848.

    VPN address from ip address and Eddie logs: 10.14.54.247

    Me@linux-bsnx:~> telnet 10.14.54.247 7848
    Trying 10.14.54.247...
    telnet: connect to address 10.14.54.247: Connection refused

    PRIVATE address from ip address and Eddie logs: 104.254.90.237 7848

    Via https://www.adminkit.net/

    "Connection failed: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 104.254.90.237:7848"

    Is that what I needed to do? If so, where did it get me aside from not connected?

  3. #23

    Default Re: VPN acting as if it is behind a firewall

    This is what AirVPN is telling me:

    "Hello!

    We verified from inside the server you are currently connected to:
    # iptables-save | grep 10.14.54.247
    -A PREROUTING -d 104.254.90.235/32 -p tcp -m tcp --dport 52024 -j DNAT --to-destination 10.14.54.247:52024
    -A PREROUTING -d 104.254.90.235/32 -p udp -m udp --dport 52024 -j DNAT --to-destination 10.14.54.247:52024
    -A PREROUTING -d 104.254.90.235/32 -p tcp -m tcp --dport 16738 -j DNAT --to-destination 10.14.54.247:16738
    -A PREROUTING -d 104.254.90.235/32 -p udp -m udp --dport 16738 -j DNAT --to-destination 10.14.54.247:16738
    -A PREROUTING -d 104.254.90.235/32 -p tcp -m tcp --dport 7848 -j DNAT --to-destination 10.14.54.247:7848
    -A PREROUTING -d 104.254.90.235/32 -p udp -m udp --dport 7848 -j DNAT --to-destination 10.14.54.247:7848

    Everything is fine, packets are properly forwarded to your node. 10.4.54.247 is your node current IP address in the VPN.

    So... packets are sent to your node, but they don't reach your torrent client. We recommend that you re-check your firewall rules and the settings of the torrent software.

    We assume that the machine running the torrent software is the same machine that's connected to the VPN server. Is this correct?

    Kind regards
    AirVPN Support Team"


    -AND- (torrenting PC is the one connected to the VPN server)


    "Hello!

    Because the packets are not replied by your listening services. We see that packets are forwarded from the server to your node correctly, and then they are not replied.
    Kind regards
    AirVPN Support Team"


    Port forwarding is set up correctly to port 7848 in my client and the VPN.
    As noted, *no firewall*.
    When I don't use the VPN, everything works when I port forward on my router.

    What sort of misconfiguration could cause this?

  4. #24
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,610
    Blog Entries
    1

    Default Re: VPN acting as if it is behind a firewall

    Quote Originally Posted by jrobb564 View Post
    This is what AirVPN is telling me:

    "Hello!

    We verified from inside the server you are currently connected to:
    # iptables-save | grep 10.14.54.247
    -A PREROUTING -d 104.254.90.235/32 -p tcp -m tcp --dport 52024 -j DNAT --to-destination 10.14.54.247:52024
    -A PREROUTING -d 104.254.90.235/32 -p udp -m udp --dport 52024 -j DNAT --to-destination 10.14.54.247:52024
    -A PREROUTING -d 104.254.90.235/32 -p tcp -m tcp --dport 16738 -j DNAT --to-destination 10.14.54.247:16738
    -A PREROUTING -d 104.254.90.235/32 -p udp -m udp --dport 16738 -j DNAT --to-destination 10.14.54.247:16738
    -A PREROUTING -d 104.254.90.235/32 -p tcp -m tcp --dport 7848 -j DNAT --to-destination 10.14.54.247:7848
    -A PREROUTING -d 104.254.90.235/32 -p udp -m udp --dport 7848 -j DNAT --to-destination 10.14.54.247:7848

    Everything is fine, packets are properly forwarded to your node. 10.4.54.247 is your node current IP address in the VPN.

    So... packets are sent to your node, but they don't reach your torrent client. We recommend that you re-check your firewall rules and the settings of the torrent software.

    We assume that the machine running the torrent software is the same machine that's connected to the VPN server. Is this correct?

    Kind regards
    AirVPN Support Team"


    -AND- (torrenting PC is the one connected to the VPN server)


    "Hello!

    Because the packets are not replied by your listening services. We see that packets are forwarded from the server to your node correctly, and then they are not replied.
    Kind regards
    AirVPN Support Team"


    Port forwarding is set up correctly to port 7848 in my client and the VPN.
    As noted, *no firewall*.
    When I don't use the VPN, everything works when I port forward on my router.

    What sort of misconfiguration could cause this?
    The first thing to note is that <as expected> your external IP address changed, and your AirvPN support kindly verified that port forwarding was set up and working using the new external address. Still though, it's worthwhile to doublecheck with an external prove as I described,AirVPN only gave you a display of their own firewall rules that do the port forwarding, they didn't show you the results of an actual test.

    If your firewall is indeed down, then the only possible reason for failure is that your torrent app isn't set up properly to always use your chosen port (turn port randomization off).
    Double-check your firewall is off, how did you disable it?

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #25

    Default Re: VPN acting as if it is behind a firewall

    Quote Originally Posted by tsu2 View Post
    The first thing to note is that <as expected> your external IP address changed, and your AirvPN support kindly verified that port forwarding was set up and working using the new external address. Still though, it's worthwhile to doublecheck with an external prove as I described,AirVPN only gave you a display of their own firewall rules that do the port forwarding, they didn't show you the results of an actual test.

    If your firewall is indeed down, then the only possible reason for failure is that your torrent app isn't set up properly to always use your chosen port (turn port randomization off).
    Double-check your firewall is off, how did you disable it?

    TSU
    Yes, the public IP changes every time that I restart the client. I recheck every time that I restart the client. I keep the VPN off most times as p2p stops working when it's on. If it's different in the email from AirVPN vs something that I posted here, that does not surprise me. I'm not necessarily posting to this forum at the same time as I am troubleshooting with AirVPN, nor are they necessarily responding to the most recent email.

    I will ask AirVPN about an actual test.

    There is nothing obviously (to me) misconfigured in my client. I have the ports all specified. They do not change from start to start. I would have a problem configuring port forwarding on my router every restart if they did, which I don't.

    I uninstalled the firewall completely.


    I am having a hard time understanding why, if things work with the VPN off, the problem would be a firewall. Wouldn't the very same ports have to be included in any firewall rules for P2P to work in the first place? On either my computer or the router?

  6. #26
    Join Date
    Sep 2012
    Posts
    4,916

    Default Re: VPN acting as if it is behind a firewall

    Quote Originally Posted by jrobb564 View Post
    Ktorrent is listening on port 7848
    So far you did not provide any evidence that ktorrent is listening on your VPN IP. Show output of "ss -lnptu" after establishing VPN connection together with "ip a" and "ip r" output.

  7. #27

    Default Re: VPN acting as if it is behind a firewall

    My client was looking at the wrong interface.

    Thanks for the help.

  8. #28
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,610
    Blog Entries
    1

    Default Re: VPN acting as if it is behind a firewall

    Quote Originally Posted by jrobb564 View Post
    Yes, the public IP changes every time that I restart the client. I recheck every time that I restart the client. I keep the VPN off most times as p2p stops working when it's on. If it's different in the email from AirVPN vs something that I posted here, that does not surprise me. I'm not necessarily posting to this forum at the same time as I am troubleshooting with AirVPN, nor are they necessarily responding to the most recent email.

    I will ask AirVPN about an actual test.

    There is nothing obviously (to me) misconfigured in my client. I have the ports all specified. They do not change from start to start. I would have a problem configuring port forwarding on my router every restart if they did, which I don't.

    I uninstalled the firewall completely.


    I am having a hard time understanding why, if things work with the VPN off, the problem would be a firewall. Wouldn't the very same ports have to be included in any firewall rules for P2P to work in the first place? On either my computer or the router?

    When your VPN is off, your Kottrent application will be accepting inbound packets through your regular network (eth0 or Wifi) interface.
    When your VPN is on, your ktorrent application will be accepting inbound packets through a TUN/TAP interface.

    Your firewall has to allow the port to be open on both interfaces.

    You might not have needed to know this particular detail, if you had run your "telnet to VPN IP address from your own machine" as I described, it would have verified your working or non-working status.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •