hanswurst77 1 Posted ... hello, i just signed up to your service yesterday, have done some testing and still got some issues. i hope it is ok that i bundle them all in one thread rather then opening a seperate thread for each question. first i want to say that my first impression is very good. i tried btguard for a month and was not satisfied, speed was appalingly slow both on bittorrent and surfing, and they gave literally no support. it seems that i made a better choice with your service. now to my questions. fyi, i have windows7 home basic 32bit, and a router that runs as a modem, so no port forwarding there, its firewall is turned off. 1. port forwarding doesn't seem to work until now. i have forwarded two ports for emule, one tcp and udp each, exactly the ones emule chose by default. your security check tells me that the tcp port is not reachable on the external port (error 110 connection timed out; grey) and the udp port is reachable on my real ip (red). those results are given no matter whether emule is running or not. when it runs, i only get a low id (=kad status firewalled). the port for bittorrent is also grey. however, bt seems to run fine without port forwarding, is this normal? as i mentioned, there are no ports forwarded in my router as it is set up as a modem. neither in my comodo forewall, which is freshly installed. the only thing i did there was to follow your instructions to let emule & bt connect via vpn only, which leads to my second question. 2. i have tested the behaviour of bt when there's no vpn connection. when i connect to the internet normally, without running vpn, it does as expected: all connections are blocked. then i did it the other way round: first connected to the net, then to vpn, then started bt and let it run for a while, and then killed the vpn connection. i would have expected that all up/download speeds would be zero at this instant. but it rather looked liked bt took some time to slow down: it took about 10-20 seconds until up/down speeds dropped to zero. is this just a peculiaryity in the display of bt, or does that really mean that comodo doesn't block the connections instantly, but rather lets them "run out", thus revealing my true ip for a few seconds? 3. with btguard, i used vpnlifeguard to monitor my vpn connection, which it did just fine. when i disconnected the vpn, it instantly shut down my chosen applications as well as the internet connection. unfortunately, it doesn't recognize the vpn now, so i can't use it anymore. i guess it works with pptp only, or do you know any way to use it with openvpn? i think it would be a good idea to implement such a feature in the airvpn client. is there any chance you would consider doing so? 4. another thing i am missing in the client, is the possibility to switch servers. for example, i might want to switch from the swedish server to one in the states. as i see it, i have to disconnect first, then reconnect and choose the desired server. it would be really nice to be able to switch servers while the application is running. that would be all for now... thanks in advance for your answers. Quote Share this post Link to post
Staff 9972 Posted ... hello,i just signed up to your service yesterday, have done some testing and still got some issues. i hope it is ok that i bundle them all in one thread rather then opening a seperate thread for each question.Hello!Thanks for your subscription. Yes, it's perfectly ok, of course.first i want to say that my first impression is very good. i tried btguard for a month and was not satisfied, speed was appalingly slow both on bittorrent and surfing, and they gave literally no support. it seems that i made a better choice with your service.Thanks agains.now to my questions. fyi, i have windows7 home basic 32bit, and a router that runs as a modem, so no port forwarding there, its firewall is turned off. 1. port forwarding doesn't seem to work until now. i have forwarded two ports for emule, one tcp and udp each, exactly the ones emule chose by default. your security check tells me that the tcp port is not reachable on the external port (error 110 connection timed out; grey) and the udp port is reachable on my real ip (red).The red token on the UDP port might be a bug of the checking system. Currently, we have just re-checked that port forwarding works ok. Can you please make sure that the emule port number matches the remotely forwarded port number? You should obtain a green token. Also, can you please tell us which server(s) are you using for that?those results are given no matter whether emule is running or not. when it runs, i only get a low id (=kad status firewalled).the port for bittorrent is also grey. however, bt seems to run fine without port forwarding, is this normal?Yes, BT can work without port forwarding, but performance may be impaired, because it can't receive incoming connections.2. i have tested the behaviour of bt when there's no vpn connection. when i connect to the internet normally, without running vpn, it does as expected: all connections are blocked. then i did it the other way round: first connected to the net, then to vpn, then started bt and let it run for a while, and then killed the vpn connection. i would have expected that all up/download speeds would be zero at this instant. but it rather looked liked bt took some time to slow down: it took about 10-20 seconds until up/down speeds dropped to zero.is this just a peculiaryity in the display of bt, or does that really mean that comodo doesn't block the connections instantly, but rather lets them "run out", thus revealing my true ip for a few seconds?It is just a peculiarity of any and each BT client speed indicators, no worries.3. with btguard, i used vpnlifeguard to monitor my vpn connection, which it did just fine. when i disconnected the vpn, it instantly shut down my chosen applications as well as the internet connection. unfortunately, it doesn't recognize the vpn now, so i can't use it anymore. i guess it works with pptp only, or do you know any way to use it with openvpn?That method is not safe. Apart from considerations on possible data loss and corruption in forced killing of applications with this barbaric method, in this case the time between disconnection detection and program killing may allow packet leaks. If you are determined to follow this method anyway (but there's no reason, since you are already protected by Comodo) you can use VPNetMon (http://vpnetmon.webs.com/), which supports OpenVPN and has been tested successfully with Air servers. Just tell it to monitor subnet "10" if it does not detect the correct private IP (usually it does not detect it at all).i think it would be a good idea to implement such a feature in the airvpn client. is there any chance you would consider doing so?4. another thing i am missing in the client, is the possibility to switch servers. for example, i might want to switch from the swedish server to one in the states. as i see it, i have to disconnect first, then reconnect and choose the desired server. it would be really nice to be able to switch servers while the application is running.that would be all for now... thanks in advance for your answers.We'll pass this request to the Air client programmer. Kind regards Quote Share this post Link to post
hanswurst77 1 Posted ... The red token on the UDP port might be a bug of the checking system. Currently, we have just re-checked that port forwarding works ok. Can you please make sure that the emule port number matches the remotely forwarded port number? You should obtain a green token. Also, can you please tell us which server(s) are you using for that? thanks for your quick answers! i am not using any servers, i connect through kad only. i'm afraid the problem remains. to be sure, i enclosed a screenshot of my connections settings. i forwarded the ports given there. i also hit the "test ports" button and the result was "tcp test failed, udp test skipped". so the port is not reachable, hence the grey token. the red token still worries me, though. another strange thing just happened: when i tried to upload the image to imgur, i was told "uploads via tor network have been disabled. please disable tor and try again." i switched to the uk server, and everything worked. what was that all about? Quote Share this post Link to post
Staff 9972 Posted ... The red token on the UDP port might be a bug of the checking system. Currently, we have just re-checked that port forwarding works ok. Can you please make sure that the emule port number matches the remotely forwarded port number? You should obtain a green token. Also, can you please tell us which server(s) are you using for that?thanks for your quick answers!i am not using any servers, i connect through kad only. i'm afraid the problem remains. to be sure, i enclosed a screenshot of my connections settings. i forwarded the ports given there.Hello!We meant: which Air server(s) are you connected to when emule port tests fail?another strange thing just happened: when i tried to upload the image to imgur, i was told "uploads via tor network have been disabled. please disable tor and try again." i switched to the uk server, and everything worked. what was that all about?Maybe you were connected to TOR [over Air]?Or perhaps imgur wrongly identifies one of our exit-IP addresses as an IP of a TOR exit-node (this fact could be caused by TOR exit nodes run behind our VPN: we don't know whether there's any, as usual we don't monitor connections at all).We'll perform further tests with eMule once you tell us which Air server(s) you use with eMule.In the meantime, make sure that eMule is a "Trusted Application" for Comodo.Kind regards Quote Share this post Link to post
hanswurst77 1 Posted ... We meant: which Air server(s) are you connected to when emule port tests fail? ah, ok. i was using the swedish server, and tried the uk one. same results on both of them. set emule as trusted application in comodo, same results. still low id, still failing tcp port test. the port forwarding test seems actually to be quite buggy. i refresehed it several times, the emule udp port changed from red to green and back, so did the bittorrent port from grey to yellow. no changes on the emule tcp port. Quote Share this post Link to post
Staff 9972 Posted ... We meant: which Air server(s) are you connected to when emule port tests fail? ah, ok. i was using the swedish server, and tried the uk one. same results on both of them. set emule as trusted application in comodo, same results. still low id, still failing tcp port test.the port forwarding test seems actually to be quite buggy. i refresehed it several times, the emule udp port changed from red to green and back, so did the bittorrent port from grey to yellow. no changes on the emule tcp port.Hello!We have checked that port forwarding works both on Draconis and Delphini and that the system check is ok as well. eMule and various BT clients work properly and receive incoming connections.Try to do following:- forward a port TCP/UDP- do not remap it to a local port- change the eMule ports (TCP and UDP) to the same number of the port you have just forwarded- make sure that Windows firewall is disabledWe're looking forward to hearing from you.Kind regards Quote Share this post Link to post
hanswurst77 1 Posted ... Try to do following: - forward a port TCP/UDP - do not remap it to a local port erm... sorry for that noob-question, but what exactly does that mean (remap)? i'm afraid i will need a step-by-step explanation here... windows firewall is of course turned off. Quote Share this post Link to post
Staff 9972 Posted ... Try to do following:- forward a port TCP/UDP- do not remap it to a local port erm... sorry for that noob-question, but what exactly does that mean (remap)? i'm afraid i will need a step-by-step explanation here...windows firewall is of course turned off.Hello!Just leave the "local port" field blank.Kind regards Quote Share this post Link to post
hanswurst77 1 Posted ... it works now!!! thanks again for your quick and patient help! Quote Share this post Link to post
hanswurst77 1 Posted ... hello, i have one more question regarding the aforementioned comodo rule for emule. why do you recommend to block outgoing connections only? when the vpn crashes, i would want the downloads to be cut off also. so i thought i'd want to block connections both ways in that rule; tried that, and ended up with a low id. am i missing something here? Quote Share this post Link to post
Staff 9972 Posted ... hello,i have one more question regarding the aforementioned comodo rule for emule.why do you recommend to block outgoing connections only? when the vpn crashes, i would want the downloads to be cut off also. so i thought i'd want to block connections both ways in that rule; tried that, and ended up with a low id.am i missing something here?Hello!Blocking outgoing packets is enough to prevent leaks, no packet with your real IP address as origin will get out of eMule. If you wish to block ingoing packets as well for eMule, things are just a little bit more complex with Comodo, because you can't know from which IP address and ports those packets come from. But what you do know is that eMule must accept only packets coming from the TAP-Win32 adapter. So you can add a rule for eMule that says Typical solution:Action: BlockDirection: InProtocol: TCP or UDPSource Address: Network Zone (specify the Network Zone defined for your physical network adapter)Source Address (alternate solution): MAC (specify MAC address of your physical network adapter)Destination Address: AnySource Port: AnyDestination Port: AnyAlternative Solution:Action: BlockProtocol: TCP or UDPSource Address: NOT Network Zone (specify the Network Zone defined for your TAP-Win32 adapter when connected to the VPN)Destination Address: AnySource Port:AnyDestination Port: AnyThe alternative solution might pose issues if you change connection port to Air servers, because for each connection port Comodo will define (correctly, because subnets are different) a different Network Zone. In this case you'll need to add further rules for each Zone created for the VPN.Kind regards Quote Share this post Link to post
hanswurst77 1 Posted ... Blocking outgoing packets is enough to prevent leaks, no packet with your real IP address as origin will get out of eMule. that's basically what i wanted to know, so i'm good with that i guess. thanks again! Quote Share this post Link to post