Jump to content
Not connected, Your IP: 3.81.97.37

Recommended Posts

Hi there,

 

I am fairly new to Linux and also to AirVPN. I am using the AirVPN client on 64 bit Linux Mate, running Transmission on my machine trying to set up remote access so I can view the web interface remotely. I have a DNS running on my Raspberry Pi so I am attempting to use my domain (for example 2Girls1CPU.mooo.com:9091) to access the web UI. I have tested the DNS, through port 22 to SSH into my raspberry pi to confirm that it is working. Here is what I have tried:

 

Initially I set up remote access in Transmission. I had the port as 9091, with authentication and no whitelist of IP addresses. Then I went into AirVPN client area and set up a port forwarding rule. Obviously 9091 was taken, so I just created a random port, forwarded through TCP (I've tried UDP, as well as both TCP and UDP). Then I took that random port, say 27364 and entered it into the remote access settings in Transmission. I also went into my port forwarding rules in my router and added a rule to forward 27364 to my Laptop running AirVPN and Transmission (say 192.168.1.43). External and internal port both the same obviously. Now with this setup, I would assume when I try to access port 27364 (with 2Girls1CPU.mooo.com:27364) - my VPN would forward that to my router port 27364, which would then forward to 192.168.1.43:27364. I may be completely wrong as I do not have a solid understanding of networking and port forwarding, but this setup did not work.

 

One thing that confused me was under the port forwarding rules on AirVPN client area, it says "Forwarded to 10.x.x.x". Why is this being forwarded to an IP with a 10. ip range? Should it not be forwarded to my internal IP? Or how exactly does that work?  I'm probably missing something here, but I just can't work it out. I'm not sure how the port forwarding within AirVPN works.

 

If anyone could give me some insight it would be greatly appreciated.

 

One more thing I am wondering - how safe is it to have a port forwarded like I am attempting while using AirVPN? Is there any potential for leaks?

 

Thanks!

 

-2Girls1CPU

 

 

Share this post


Link to post

 

One thing that confused me was under the port forwarding rules on AirVPN client area, it says "Forwarded to 10.x.x.x". Why is this being forwarded to an IP with a 10. ip range? Should it not be forwarded to my internal IP? Or how exactly does that work?

 

The 10.x.x.x address you see in the client area is in fact your VPN-internal IP, assigned to you be the VPN server - much like your home router assigns you your internal LAN IP address.

Before we get into AirVPN port forwarding, let's consider this example to better understand how port forwarding works in general:

 

  • your router has an internal IP 192.168.1.1 (internal means it's only reachable from within in your LAN)
  • your router has an external IP 234.123.111.222 (assigned by your ISP. external means it's reachable from the internet)
  • your PC has an internal IP 192.168.1.43
  • there's an application running on your PC, it's listening on port 27364, on all available IPs (192.168.1.43)

If you want to access this application from the internet:

  1. your router will have to accept incoming connections on port 27364 on its external IP
  2. your router will have to forward those connections to internal IP 192.168.1.43, port 27364
  3. your PC will have to accept incoming connections on port 27364 on its internal IP

If these conditions are met, you can access 234.123.111.222:27364 from anywhere in the world and be forwarded to your PC at port 27364.

 

Now let's try to do that through AirVPN:

  • the AirVPN server has an external IP 123.234.123.123 (reachable from the internet)
  • your PC has an internal IP 192.168.1.43 (only reachable from within in your LAN)
  • your PC has an internal VPN IP 10.x.x.x (only reachable from within the VPN, or more specifically, by you and by the AirVPN server)
  • there's an application running on your PC, it's listening on port 27364, on all available IPs (both 192.168.1.43 and 10.x.x.x)

If you want to access this application from the internet:

  1. AirVPN's server will have to accept incoming connections on port 27364 on its external IP
  2. AirVPN's server will have to forward those connections to your internal VPN IP 10.x.x.x, port 27364
  3. your PC will have to accept incoming connections on that IP/port

Step 3 is taken care by configuring your PC's firewall accordingly, whereas both step 1 and step 2 are taken care by using AirVPN's forwarding in the client area.

 

It's very important to keep in mind: Do not ever open/forward any ports on your router if you're forwarding through AirVPN. It's not at all necessary and might potentially leak your IP through correlation attacks.

 

 

how safe is it to have a port forwarded like I am attempting while using AirVPN? Is there any potential for leaks?

 

Unless you also forward the same ports in your router, there shouldn't be any IP leakage concerns when forwarding ports through AirVPN.

That said, opening a port to the internet - with or without a VPN - is only as safe as the application that's listening on that port.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

It's very important to keep in mind: Do not ever open/forward any ports on your router if you're forwarding through AirVPN. It's not at all necessary and might potentially leak your IP through correlation attacks.

 

Thanks a lot, I will give this a try. Regarding the above comment, if I have other ports forwarded in my router (say 32), then it's okay to forward 27354 in AirVPN right? Or when you say "any" do you mean literally no ports must be forwarded if you are forwarding others through AirVPN?

Share this post


Link to post

2Girls1CPU, you're right, I should have worded it more precisely:
If you forward port X through AirVPN, don't forward that same port X on your router.

Or, to use a practical example: You have two applications that need a forwarded port:

  • a P2P application
  • a game server

To keep your P2P usage private, you should only forward that port through AirVPN. If you also forwarded the P2P port on your router, you would allow people to connect to your P2P application directly, which would obviously go against the whole idea of tunneling your P2P application through a VPN.

At the same time, it's totally okay to open other ports on your router, say for a game server that you don't need or don't want to be tunneled through AirVPN.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Okay I gave it a try and it worked! You know I was actually doing it correctly initially, but I realized I was trying to use my DNS to access the remote UI. Which would've been pointing to my public IP without the VPN. I needed to point to the public IP given to me when I'm connected to the VPN. So I did that and it works! Thanks so much!

 

Is it possible to setup some kind of DNS that would point ot whatever IP I am assigned each time I connect to a server through AirVPN? Or not, since it will be different each time?

Share this post


Link to post

Sure, it's called Dynamic DNS. Sign up for a free Dynamic DNS account and subdomain, maybe at nsupdate.info, then run a Dynamic DNS client to keep the IP up to date. nsupdate.info automatically generates config files for ddclient and inadyn, two popular Dynamic DNS clients.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

 

Is it possible to setup some kind of DNS that would point ot whatever IP I am assigned each time I connect to a server through AirVPN?

 

@2Girls1CPU

 

Hello,

 

we provide a DDNS which is already included in any AirVPN account subscription and that does exactly what you're asking for:

https://airvpn.org/topic/9314-what-is-dynamic-dns

 

Kind regards

 

 

I was tentative to mention AirVPN's DynDNS feature because of the prominent "Warning: DDNS doesn't work correctly with two o more connections." I suspect most users will be using two or more connections.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

 

 

Is it possible to setup some kind of DNS that would point ot whatever IP I am assigned each time I connect to a server through AirVPN?

 

@2Girls1CPU

 

Hello,

 

we provide a DDNS which is already included in any AirVPN account subscription and that does exactly what you're asking for:

https://airvpn.org/topic/9314-what-is-dynamic-dns

 

Kind regards

 

 

I was tentative to mention AirVPN's DynDNS feature because of the prominent "Warning: DDNS doesn't work correctly with two o more connections." I suspect most users will be using two or more connections.

 

Hello!

 

That's very true, thanks for the clarification.

 

Kind regards

 

Disclaimer: DynDns is a registered trademark by Dynamic Network Services, Inc. AirVPN does not use anywhere in its service, web site, forums and support tickets the term "DynDns" to indicate or describe AirVPN DDNS.

Share this post


Link to post

 

 

Is it possible to setup some kind of DNS that would point ot whatever IP I am assigned each time I connect to a server through AirVPN?

 

@2Girls1CPU

 

Hello,

 

we provide a DDNS which is already included in any AirVPN account subscription and that does exactly what you're asking for:

https://airvpn.org/topic/9314-what-is-dynamic-dns

 

Kind regards

 

 

I was tentative to mention AirVPN's DynDNS feature because of the prominent "Warning: DDNS doesn't work correctly with two o more connections." I suspect most users will be using two or more connections.

 

Thank you, I will give AirVPN's DNS a try! I do use more than one connection of course. I do currently have a dynamic DNS of some sort set up on my raspberry pi - I remember I used inadyn and freedns.afraid.org - but I set it up a while ago and I don't fully understand it. Right now it is just pointing at my home public IP. Theoretically I should be able to change my DNS set-up in my pi to work with AirVPN IP as well? Would I be able to do both - my home network with and without vpn? How would that work though, because isn't my public I different with each server I connect to? So if I am connected to two servers, which one would the dns point to?

 

Sorry for all the newb questions guys, thanks for all your help!

Share this post


Link to post

I'm not sure what exactly you're trying to do, so my apologies if my answers don't go into the right direction.
 

I do currently have a dynamic DNS of some sort set up on my raspberry pi - I remember I used inadyn and freedns.afraid.org - but I set it up a while ago and I don't fully understand it. Right now it is just pointing at my home public IP.

Would I be able to do both - my home network with and without vpn? How would that work though, because isn't my public IP different with each server I connect to? So if I am connected to two servers, which one would the dns point to?

DNS entries can easily point to more than one IP address, that's not a problem.
Although an unusual setup for Dynamic DNS, it would certainly be possible to set up.

However, it would probably be unwise to have the same DNS entry point to both your public home IP and your current AirVPN IP. If you do that, you could just as well not use AirVPN for your purpose at all.

Why would you want your DNS entry to resolve to both your home IP and the AirVPN IP? Wouldn't it be sufficient to be reachable just on the AirVPN IP?

The way I see it, all you need to do is run a DDNS client like inadyn or ddclient on whatever device you want to be reachable: As an example, if you want your Transmission interface to be reachable on 2Girls1CPU.afraid.org:12345, you need to run inadyn/ddclient (configured to update the IP for your 2Girls1CPU.afraid.org account) on whatever machine runs Transmission.
The client will constantly update the DNS record to that machine's current external IP, regardless if that's your home IP or an AirVPN server. If an AirVPN connection is established on that machine, the AirVPN IP will be the only one in your DNS record, unless you do some extra work, but I don't even see why you would want another IP to show up there.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...