Question on p2p FAQ.

[gajanq1 0]

Hi, based on the FAQ "Do you allow p2p? How can I optimize performance of eMule and BitTorrent with AirVPN?" , I have 1 question.

 

What does the last paragraph mean " IMPORTANT: do NOT forward on your router the same ports you use on your Bittorrent or eMule client (or any other listening service) while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes uncencrypted packets to be sent outside the tunnel from your client." ?

 

Does it mean that for example I use port 16621 for my torrent client, tixati. So I should disable port forwarding for port 16621 in my router ? 

 

 

[Zaroad 26]

Does it mean that for example I use port 16621 for my torrent client, tixati. So I should disable port forwarding for port 16621 in my router ? 

 

Yes or use, for your torrent client, any other port like 16622 that is closed in your router but you had set it to forward in AirVPN config. You don't have to open any port in your router for  p2p when you are connected to the VPN, just set it on port forwarding

[gajanq1 0]

Thanks for the answer Zuroud   , it is clear to me now.

[go558a83nk 352]

 

Does it mean that for example I use port 16621 for my torrent client, tixati. So I should disable port forwarding for port 16621 in my router ? 

 

Yes or use, for your torrent client, any other port like 16622 that is closed in your router but you had set it to forward in AirVPN config. You don't have to open any port in your router for  p2p when you are connected to the VPN, just set it on port forwarding

 

to be clear, if you are using an openvpn client, such as AirVPN's eddie, on your computer, then it's bad to open ports on you router.

 

but, if you run VPN from your router, then you do need to forward ports in the router.

[drpaneas 1]

So far, I used to download torrents without any port-forwarding setup on my router. Frankly speaking, I don't understand why "should I" in the first place. Torrent client, is a client, not a server/daemon listen on some socket and waiting for connections. I would really appreciate it if you guys could help me to understand this.

 

One guess, is that my router supports some kind of port triggering, so even if I've never had to configure it manually, my router did the job in the background. If this is the case, does this mean that I have to disable this feature now that I am using AirVPN via my macbook (eddie) ?

[Staff 9762]

So far, I used to download torrents without any port-forwarding setup on my router. Frankly speaking, I don't understand why "should I" in the first place. Torrent client, is a client, not a server/daemon listen on some socket and waiting for connections. I would really appreciate it if you guys could help me to understand this

 

 

Hello!

 

Every peer is peer to any other peer, hence "peer to peer": no node acts as a client only, no node acts as a server only (with a relevant exception for the initial seeder of something). For true p2p, each client must be able to accept incoming packets from the Internet. If all the nodes were unable to receive incoming connection, p2p would completely stop working.

 

 

One guess, is that my router supports some kind of port triggering, so even if I've never had to configure it manually, my router did the job in the background. If this is the case, does this mean that I have to disable this feature now that I am using AirVPN via my macbook (eddie) ?

 

That's correct. Disable UPnP, NAT-PMP and any other auto port mapping when in the VPN, and do not forward any port from the router to the devices connected to it (assuming that it's NOT the router itself to connect to a VPN server by running OpenVPN). That will only expose you to correlation attacks. You don't need your physical network card ports.

 

This FAQ answer may clarify concepts:

https://airvpn.org/faq/what_is

 

Kind regards

[drpaneas 1]

Because of your explanation, now I can finally say that I understand the concept of p2p. Thanks again

 

Disable UPnP, NAT-PMP and any other auto port mapping when in the VPN, and do not forward any port from the router to the devices connected to it (assuming that it's NOT the router itself to connect to a VPN server by running OpenVPN). That will only expose you to correlation attacks. You don't need your physical network card ports.I did some search, but my router supports only German language and I don't speak German that good. So, to sum up, I didn't find any ports forwarded to my Macbook, or UPnP.

 

The only thing I did found it was: Netbios and Teredo filters are active. in my router Should I disable them?

[drpaneas 1]

btw I've forgot to mention I'm using SSL (443) with Eddie.

 

Does this mean that I can't do port forwarding this 443 port if I wanted to at some point in the future? Or I should have already done remote port fordwarding to 443 ?

[Staff 9762]

btw I've forgot to mention I'm using SSL (443) with Eddie.

 

Does this mean that I can't do port forwarding this 443 port if I wanted to at some point in the future? Or I should have already done remote port fordwarding to 443 ?

Hello,

 

that 443 port is a port that one of our OpenVPN daemons listen to.443 is also a listening port (in the alternative entry-IP address) for SSL connections. Both of those ports have nothing to do with your system ports or with your VPN remotely forwarded ports.

 

Kind regards

[altae 22]

Even if one does not use bittorrent or any other peer to peer service it's not very wise to leave UPnP active. It opens any port at any time requested by any application supporting UPnP. From a security point of view with UPnP one completely loses control over which ports are open. Or in other, more drastic words: If anyone manages to covertly install a malicous piece of software that makes use of UPnP on your pc he or she could open any port at any time and your pc would become a completely open server to them.