[SOLVED] Having trouble with open ports.

[BBLotus 0]

Before now I've never had a problem with this. Usually just set the ports on the AirVPN website and it worked.

Signed back up with a second account (for another computer) and no matter what I do the UDP/TCP comes back as

Not reachable on server IP over the external port ****, tcp protocol. Error : 110 - Connection timed out (or)

Not reachable on server IP over the external port ****, tcp protocol. Error : 111 - Connection refused.

These ports are all in the 20000-50000 range.

But I realized that a UDP does work fine. So supposedly only the TCP's are the problem.

UDP comes back like this:

DANGER! Reachable on real IP over the external port *****, udp protocol.

Probably because I'm running these tests with my antivirus and firewall off. I am also connected directly to my router through ethernet.

I have tried this on two computers using two different internet services...

Not sure what happened.

[Staff 9764]

Before now I've never had a problem with this. Usually just set the ports on the AirVPN website and it worked.

Signed back up with a second account (for another computer) and no matter what I do the UDP/TCP comes back as

Not reachable on server IP over the external port ****, tcp protocol. Error : 110 - Connection timed out (or)

Not reachable on server IP over the external port ****, tcp protocol. Error : 111 - Connection refused.

These ports are all in the 20000-50000 range.

But I realized that a UDP does work fine. So supposedly only the TCP's are the problem.

UDP comes back like this:

DANGER! Reachable on real IP over the external port *****, udp protocol.

Probably because I'm running these tests with my antivirus and firewall off. I am also connected directly to my router through ethernet.

I have tried this on two computers using two different internet services...

Not sure what happened.

Hello!

[EDIT] We're looking into the issue, please stand-by. In the meantime you can try to:

- forward a new port explicitly specifying as "local port" the same number of the forwarded port;

- forward a new port without specifying any local port

[EDIT 2] About the red token, we are now aware that there's the chance that you get a red token (for an UDP port only) even if that port is closed on your router. Techies will work on it too asap.

Kind regards

[BBLotus 0]

Many of those ports I created by leaving both fields blank and pushing the create button.

Every time I try to put in a Local Port it automatically changes to a different external port. For instance 35000 on Local for UDP/TCP automatically became 13707.

What a strange glitch. The only thing I did differently from usual was installing Comodo Antivirus which offered to "Reroute your local DNS to our external DNS servers to protect it."

This was about the time these problems started occurring.

[Staff 9764]

Many of those ports I created by leaving both fields blank and pushing the create button.

Every time I try to put in a Local Port it automatically changes to a different external port. For instance 35000 on Local for UDP/TCP automatically became 13707.

Hello!

This is correct. If you leave the remote port field blank and click Add, the system will pick randomly an available port and remap it to the same local port (if the local port field has been left blank) or to the specified local port.

Kind regards

[BBLotus 0]

Is this glitch just effecting my account or is it a global issue?

In the mean time would it be possible to forward only a port both tcp/udp on my account? It doesn't matter which. I just need one

[Staff 9764]

Is this glitch just effecting my account or is it a global issue?

In the mean time would it be possible to forward only a port both tcp/udp on my account? It doesn't matter which. I just need one

Hello!

About the glitch of the red token on UDP ports, we are still investigating. This does not prevent anyway the correct forwarding of UDP packets. The remaining is not a glitch (please see our previous message). Also, it appears from our tests that everything is working properly. Can you please check that listening services are configured to listen to the matching ports and on the correct network interface?

Kind regards

[sunconceals 1]

just wondering if OP ever figured out what was wrong with his/her ports. I'm having the same issue w TCP, and have the same notif.

[jessez 3]

Hi,

Same here, always having problems with the open port using TCP. I only need it when connected to Castor or Draconis. When I can't get an open port connection on my computer I come here and check the forwarded ports page and get the not reachable message. I always test with the firewall disabled first.

MacX Lion and tunnelblick

BTW, I've tried this a few times too:

- forward a new port explicitly specifying as "local port" the same number of the forwarded port;

- forward a new port without specifying any local port

Thanks for any advice

jz

[Staff 9764]

Hi,

Same here, always having problems with the open port using TCP. I only need it when connected to Castor or Draconis. When I can't get an open port connection on my computer I come here and check the forwarded ports page and get the not reachable message. I always test with the firewall disabled first.

MacX Lion and tunnelblick

BTW, I've tried this a few times too:

- forward a new port explicitly specifying as "local port" the same number of the forwarded port;

- forward a new port without specifying any local port

Thanks for any advice

jz

Hello!

Just some ideas worth to check: can you please make sure that the service that listens to the remotely forwarded port is running and binds to the correct interface IP address while you perform the test?

Kind regards

[sunconceals 1]

Checked my listening ports on this ubuntu boot and the ones that were set seem to be working fine. Looks to me like a problem on my end; can't speak for anyone else though. Sorry I can't be more help. Good luck figuring it out.

[bitrogue 1]

Hi - having the same problem as well.

Running Ubuntu 11.10 on OpenVPN. Currently connecting to Draconis. The application Im using is KTorrent.

All the ports I try and forward are told that its 'Not reachable on server IP over the external port ###, tcp protocol, connection refused'

Ktorrent is currently setup to listen on port 28000

If I telnet 10.5.2.2 28000 (tunnel interface)

Trying 10.5.2.2...
Connected to 10.5.2.2.
Escape character is '^]'.
Connection closed by foreign host.

Since it connected, the app is listening.

[bitrogue 1]

OK, I think I figured it out - or at least part of the problem.

The issue is actually a matter of timing and local open ports. If I telnet locally to any random port, I get connection refused. And its this error message that seems to get reported back to the forwarded ports status page. What I was doing was generating a forwarded port and then copying that port into Ktorrent. But while I was doing that, the Status Page has already tested the port 'before' I have entered it into the app, and of course nothing was listening there yet, so it fails.

So in selecting a forwarded port, entering it in Ktorrent and then refreshing the status, I now get a green light.

Its a belated victory though, because KTorrent still isnt working. The test torrent remains in stalled status. It does not seem to listen on the UDP tracker port, so allocating one still gives me 'connection refused' as does telneting directly to it.

If I set up a UDP forwarded port, I get the aforementioned red status bar that says DANGER!: my real IP is reachable. And maybe it will work, or maybe it won't, but Ktorrent is still not happy.

[Staff 9764]

OK, I think I figured it out - or at least part of the problem.

The issue is actually a matter of timing and local open ports. If I telnet locally to any random port, I get connection refused. And its this error message that seems to get reported back to the forwarded ports status page. What I was doing was generating a forwarded port and then copying that port into Ktorrent. But while I was doing that, the Status Page has already tested the port 'before' I have entered it into the app, and of course nothing was listening there yet, so it fails.

So in selecting a forwarded port, entering it in Ktorrent and then refreshing the status, I now get a green light.

Hello!

So far so good. Of course the service behind the VPN server must be running and listening to the correct port in order to respond.

Its a belated victory though, because KTorrent still isnt working. The test torrent remains in stalled status. It does not seem to listen on the UDP tracker port, so allocating one still gives me 'connection refused' as does telneting directly to it.

If I set up a UDP forwarded port, I get the aforementioned red status bar that says DANGER!: my real IP is reachable. And maybe it will work, or maybe it won't, but Ktorrent is still not happy.

Can you please try another torrent client (e.g. Transmission)? Can you please clarify "KTorrent is still not happy"?

Kind regards

[bitrogue 1]

So far so good. Of course the service behind the VPN server must be running and listening to the correct port in order to respond.

 

Hi, thanks for your response. OK, I think I understand whats happening. Most services (typically routers) allow you to open and forward ports irrespective of whether there is something listening on that port, but in AirVPNs case, it actually tests if there is an application listening on that port and is able to report back a status. The fact that it was reporting back errors made me suspect something was wrong on my side, but actually it wasnt. (Not sure about the UDP warning though)

Can you please try another torrent client (e.g. Transmission)? Can you please clarify "KTorrent is still not happy"?

OK, short answer, I got it working. I suspect working on this at 2am wasnt really helping any clarity of thought. Its amazing I got as far as I did.

The issue is a combination of misunderstanding and bad luck. The torrent obtained from 'checkmytorrentip.com' is permanently in stalled status. As a secondary test, I selected a random torrent and it too went straight to stalled status.

It turns out, after doing a RTFM on the website, is that checkmytorrentip's test torrent is designed to never complete and the tracker status reports back the IP I hit the internet with. So in fact, its working as designed.

The random test torrent - turns out that its tracker is actually offline/broken and was never going to get peers - just my luck.

After pulling in a few more torrents, I found that everything was working. Working very well, in fact.

As you suggested, I also tried transmission, and of course, now, it also works. Though I could not bind it to the tun0 interface, so Im not sure how secure that is. KTorrent seems better in this regard.

So for KTorrent, I only needed to open up one port, the listening port which I set to 6880. The UDP tracker port is left at its default of 4444 (not forwarded). And the DHT communications port is 8881 (also no need to be forwarded, as far as I can see).

If you think I may have an issue with these settings , let me know, but from my side it now seems to work well. Thanks for your patience and help. And thanks for a great service.

[Staff 9764]

If you think I may have an issue with these settings , let me know, but from my side it now seems to work well. Thanks for your patience and help. And thanks for a great service.

Hello!

Thanks for keeping us informed.

The settings look just fine, probably you don't need any further fine-tuning.

Kind regards

[jessez 3]

Hi, Thanks everybody for all the tips. After working through everything I tracked my problem down to the NAT to the VM.

Thanks airvpn staff for a great service and the best tech support!

Best regards,

jz

[DPurnell 1]

Hi, I'm getting a red on a UDP port. I am using this for wake on LAN. The port is not enabled as a forward so I'm confused as to the problem.

This is my dd wrt startup...

arp -i br0 -s 192.168.2.102 BC:5F:F4:3B:61:19

iptables -t nat -I PREROUTING -i tun1 -p udp --dport 10 -j DNAT --to-destination 192.168.2.102

Should I read as a false positive?

[Staff 9764]

Hi, I'm getting a red on a UDP port. I am using this for wake on LAN. The port is not enabled as a forward so I'm confused as to the problem.

This is my dd wrt startup...

arp -i br0 -s 192.168.2.102 BC:5F:F4:3B:61:19

iptables -t nat -I PREROUTING -i tun1 -p udp --dport 10 -j DNAT --to-destination 192.168.2.102

Should I read as a false positive?

Hello!

It definitely looks like a false positive.

Kind regards