Jump to content
Not connected, Your IP: 18.191.218.234
soup123

Can't get port forwarding to work at all!

Recommended Posts

Hey there, I'm new to AirVPN but not new to computers and VPN's, I know how to port forward on routers and have had success with port forwarding in the past..although I've never had a VPN where I can port forward. That being said, this doesn't seem to work either! I've tried on two different accounts on two different computers on two different networks! Still the ports are seen as closed and running a TCP test produces an error. (Not reachable on server IP over the external port xxxxxx, tcp protocol. Error: 110 - Connection timed out)

 

I've tried different randomized ports and all produce the same results. Canyouseeme.org says my port is still closed and running an nmap scan on my IP says that my port is still closed. What gives?

Share this post


Link to post

Were you actually running a service listening on that port at the time of the test? It matters. For example, if you generate a port (let's say 1234) in Air's client area and enter it into a torrent client.

 

1) You close the torrent client and test the port forward on a service such as canyouseeme. You'll be told that you are unreachable.

2) You leave the service listening (i.e. the app using the forwarded port is open). You'll be told you are reachable and the test succeeds.

 

Please also note, just in case you didn't know, you don't need to forward ports on the router for a software based OpenVPN connection. That is, if you connect to Air from a program on your device(s) you don't need to do anything with your router at all.

Share this post


Link to post

Were you actually running a service listening on that port at the time of the test? It matters. For example, if you generate a port (let's say 1234) in Air's client area and enter it into a torrent client. 1) You close the torrent client and test the port forward on a service such as canyouseeme. You'll be told that you are unreachable. 2) You leave the service listening (i.e. the app using the forwarded port is open). You'll be told you are reachable and the test succeeds.

I've been puzzling for days why I apparently couldn't get port forwarding working, and this important fact isn't mentioned anywhere on the port forwarding page. It really should be, this was a great help. Thanks!

Share this post


Link to post

Hello,

 

different world visions. We have enough consideration for our customers to firmly believe that they can understand that a program that's not running can not do anything, even less can it reply to incoming packets. Writing that a program that's not running can't run until it is run is somehow insulting.

 

Of course momentary lapse of reasons are always possible but just like in your case they will be spotted soon and they will be functional to inner growth. :D

 

Kind regards

Share this post


Link to post

Well I think as much as I had to laugh about your answer it does not really hit the nail on it's head. According to my understanding soup123 and TACD fell for something different. On routers and with software firewalls it works like this:

 

1. You need to open a port

2. You need to forward that port to a certain IP/ MAC address

 

Only after that the corresponding pc will be reachable over the internet. What's more if you run a port scan that port is always open, it does not matter if an application is actually listening on that port or not. There is only open or closed.

 

With AirVPN on the other hand it works differently. Correct me if I'm wrong but the way I understand it a port is not always open and forwarded, even if you forward it correctly. It stays closed/ not forwarded unless an application listening on that port triggers it. That would also be the reason why port scanners recognize ports as closed even if they are actually forwarded.

 

One last word on ports and forwarding them. I know that with some routers opening ports and forwarding them unfortunately is the same (best and most common example are the FritzBoxes). But that's incomplete or you could even say it's simply wrong. Actually opening the port is nothing more than telling the firewall to allow incoming traffic on that port (which otherwise would be blocked). But that alone does not help since even if the port is open you cannot reach any pc behind the router since you don't know it's network internal IP. In order to being able to reach a certain pc (web server for example) behind a router you need to forward the corresponding port to that pc. By doing this you tell the router to direct any incoming traffic on port x to pc y. Only then you will be able to reach the server.

 

Warning: Do not open any ports in your firewall settings or forward them in your router's settings if you want to use p2p or other server applications through the AirVPN tunnel. It will be of no use to AirVPN port forwarding but will actually open a security hole through which a possible intruder could access your pc.

Share this post


Link to post

if running a client on

 

Well I think as much as I had to laugh about your answer it does not really hit the nail on it's head. According to my understanding soup123 and TACD fell for something different. On routers and with software firewalls it works like this:

 

1. You need to open a port

2. You need to forward that port to a certain IP/ MAC address

 

Only after that the corresponding pc will be reachable over the internet. What's more if you run a port scan that port is always open, it does not matter if an application is actually listening on that port or not. There is only open or closed.

 

With AirVPN on the other hand it works differently. Correct me if I'm wrong but the way I understand it a port is not always open and forwarded, even if you forward it correctly. It stays closed/ not forwarded unless an application listening on that port triggers it. That would also be the reason why port scanners recognize ports as closed even if they are actually forwarded.

 

One last word on ports and forwarding them. I know that with some routers opening ports and forwarding them unfortunately is the same (best and most common example are the FritzBoxes). But that's incomplete or you could even say it's simply wrong. Actually opening the port is nothing more than telling the firewall to allow incoming traffic on that port (which otherwise would be blocked). But that alone does not help since even if the port is open you cannot reach any pc behind the router since you don't know it's network internal IP. In order to being able to reach a certain pc (web server for example) behind a router you need to forward the corresponding port to that pc. By doing this you tell the router to direct any incoming traffic on port x to pc y. Only then you will be able to reach the server.

 

NO.  If you're running *any openvpn client* on a machine in your LAN do NOT open ports on your router.  All the router sees is a tunnel (whatever port and protocol you chose for the tunnel) and cannot at all affect any changes on that tunnel as it's encrypted.  Trying to open ports within that tunnel would be impossible.  With this kind of setup if you do open ports you're opening them to "clear" internet and that's not what you want.

 

If running VPN on the router then you have to create some DNAT iptables to forward from the TUN device to the IP of the machine on your LAN.

 

Soup123 was not detailed enough in his/her post for us to say much.  TACD simply didn't have the daemon listening when testing if the port was open.

Share this post


Link to post

Hm, did you actually read my answer? Where do I write that you need to open a port on the router/ firewall in order to get port forwarding working through AirVPN? In fact what I explain in my text is the difference between port forwarding on AirVPN and port forwarding on a router

Share this post


Link to post

Hm, did you actually read my answer? Where do I write that you need to open a port on the router/ firewall in order to get port forwarding working through AirVPN? In fact what I explain in my text is the difference between port forwarding on AirVPN and port forwarding on a router

 

OK, maybe I misunderstood what you were trying to say. 

Share this post


Link to post

But maybe you are right and my text is indeed misleading. I've edited my post and added a warning.

Share this post


Link to post

Correct me if I'm wrong but the way I understand it a port is not always open and forwarded, even if you forward it correctly. It stays closed/ not forwarded unless an application listening on that port triggers it. That would also be the reason why port scanners recognize ports as closed even if they are actually forwarded.

 

When you forward a port it's opened until you shut it. It's always "opened" and doesn't need to be triggered. The issue is if there isn't a program at the other side to reply, then scanners will deem it closed because "connection timed out" (it waited so long for a reply but got none). This is just how networks, work. If you wait indefinitely for a reply you might never get it. So give it so long and then give up. It has nothing to do with "triggering" a port to open.


Certified CompTIA A+ IT, Remote Support and Depot Technician, CompTIA Network+, MCP, MCDST Windows XP

Certifying Cisco CCENT/CCNA (currently expired and awaiting recertification)

Uncertified Windows Server 2003, 2003 R2, 2008, 2008 R2, Windows Vista,7,8,8.1

Uncertifiably Awesome

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...