farquaad 14 Posted ... Hi all, I am trying to forward a port to a box on my LAN for p2p. Let me start by saying I do not understand what is meant by: “IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client.” Still, I did my best to get it to work but have failed miserably. My setup is this:I created a port forward on AVPN (port 12345). I then created a port forwarding entry in pfSense 2.3 following this guide: https://nguvu.org/pfsense/pfsense-port-forward/ After quite a bit of debugging, it seems the port test will reach my host but rather than return through the VPN tunnel, instead goes through my WAN. My setup only allows a few boxes to go through the VPN which all have a fixed IP set in the DHCP server. This is clearly not an AVPN issue but you all seem to have quite a bit of experience so someone might be able to help. What rule am I missing to force the forward back out through the VPN? Thanks! 1 Mcavity reacted to this Quote Share this post Link to post
Mcavity 0 Posted ... I'm in the same boat. I'm using a asus router running merlin and while I can connect to the VPN I cant seem to get the port forwarding to work. Quote Share this post Link to post
farquaad 14 Posted ... So you are all probably waiting for logs before answering... Here they are. If anyone feels like confirming my suspicion or better, have a solution, that would be great thanks. The test is done by issuing a port forwarding test from the AirVPN client area. Seeing as I cannot (that I know of) listen to multiple interfaces in one go under pfSense, I have repeated the tests until all the data was gathered. The times simply will not match. IPs and host names where changed to protect the innocents... VPN20:58:56.569436 AF IPv4 (2), length 80: (tos 0x0, ttl 54, id 4487, offset 0, flags [DF], proto UDP (17), length 76) airvpn.org.37373 > 10.4.37.200.65500: [udp sum ok] UDP, length 48 20:59:02.846910 AF IPv4 (2), length 64: (tos 0x0, ttl 54, id 52317, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.55512 > 10.4.37.200.65500: Flags , cksum 0x426d (correct), seq 2205615572, win 29200, options [mss 1352,sackOK,TS val 1598802562 ecr 0,nop,wscale 7], length 0 LAN21:00:36.083764 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 53, id 7172, offset 0, flags [DF], proto UDP (17), length 76) airvpn.org.60342 > mymac.local.65500: [udp sum ok] UDP, length 48 21:00:41.386209 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 57921, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.56177 > mymac.local.65500: Flags , cksum 0x18af (correct), seq 4087531772, win 29200, options [mss 1352,sackOK,TS val 1598827197 ecr 0,nop,wscale 7], length 0 21:00:41.386694 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 36527, offset 0, flags [DF], proto TCP (6), length 64) mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0xa417 (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109629375 ecr 1598827197,sackOK,eol], length 021:00:42.387439 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 57922, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.56177 > mymac.local.65500: Flags , cksum 0x17b5 (correct), seq 4087531772, win 29200, options [mss 1352,sackOK,TS val 1598827447 ecr 0,nop,wscale 7], length 021:00:42.387815 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 49781, offset 0, flags [DF], proto TCP (6), length 64) mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x9f9f (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109630269 ecr 1598827447,sackOK,eol], length 021:00:43.811413 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 44963, offset 0, flags [DF], proto TCP (6), length 64) mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x9a8f (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109631565 ecr 1598827447,sackOK,eol], length 021:00:44.391132 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 57923, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.56177 > mymac.local.65500: Flags , cksum 0x15c0 (correct), seq 4087531772, win 29200, options [mss 1352,sackOK,TS val 1598827948 ecr 0,nop,wscale 7], length 021:00:44.391535 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 50038, offset 0, flags [DF], proto TCP (6), length 64) mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x9677 (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109632112 ecr 1598827948,sackOK,eol], length 021:00:44.843753 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 46859, offset 0, flags [DF], proto TCP (6), length 64) mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x94e0 (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109632519 ecr 1598827948,sackOK,eol], length 021:00:46.957997 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 48535, offset 0, flags [DF], proto TCP (6), length 64) mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x8d6b (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109634428 ecr 1598827948,sackOK,eol], length 0 BOX21:05:28.722888 IP airvpn.org.38347 > mymac.local.65500: UDP, length 4821:05:34.048991 IP airvpn.org.57744 > mymac.local.65500: Flags , seq 4134343342, win 29200, options [mss 1352,sackOK,TS val 1598900417 ecr 0,nop,wscale 7], length 021:05:34.049194 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109895461 ecr 1598900417,sackOK,eol], length 021:05:35.048910 IP airvpn.org.57744 > mymac.local.65500: Flags , seq 4134343342, win 29200, options [mss 1352,sackOK,TS val 1598900667 ecr 0,nop,wscale 7], length 021:05:35.048982 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109896394 ecr 1598900667,sackOK,eol], length 021:05:36.455138 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109897690 ecr 1598900667,sackOK,eol], length 021:05:37.052578 IP airvpn.org.57744 > mymac.local.65500: Flags , seq 4134343342, win 29200, options [mss 1352,sackOK,TS val 1598901168 ecr 0,nop,wscale 7], length 021:05:37.052650 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109898232 ecr 1598901168,sackOK,eol], length 021:05:37.510130 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109898644 ecr 1598901168,sackOK,eol], length 021:05:39.676843 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109900552 ecr 1598901168,sackOK,eol], length 021:05:40.732228 IP mymac.local.65500 > airvpn.org.57339: Flags [s.], seq 1325684733, ack 157412034, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109901503 ecr 1598883012,sackOK,eol], length 021:05:43.905016 IP mymac.local.65500 > airvpn.org.57339: Flags [R.], seq 1, ack 1, win 65535, length 021:05:44.003476 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109904368 ecr 1598901168,sackOK,eol], length 021:05:52.548081 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109912000 ecr 1598901168,sackOK,eol], length 021:06:05.295550 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109923136 ecr 1598901168,sackOK,eol], length 0 WAN21:01:18.122043 AF IPv4 (2), length 80: (tos 0x38, ttl 57, id 14570, offset 0, flags [DF], proto UDP (17), length 76) airvpn.org.58375 > 109.131.101.86.65500: [udp sum ok] UDP, length 4821:01:18.524551 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46854, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb2bc (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836494 ecr 0,nop,wscale 7], length 021:01:19.519547 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46855, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb1c2 (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836744 ecr 0,nop,wscale 7], length 021:01:21.519635 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46856, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xafcd (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598837245 ecr 0,nop,wscale 7], length 021:01:24.132447 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 1984, offset 0, flags [DF], proto TCP (6), length 64) 10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xcd68 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109668395 ecr 1598837879,sackOK,eol], length 021:01:25.113816 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 38373, offset 0, flags [DF], proto TCP (6), length 64) 10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xc8d2 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109669319 ecr 1598838129,sackOK,eol], length 021:01:26.536279 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 34360, offset 0, flags [DF], proto TCP (6), length 64) 10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xc3c2 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109670615 ecr 1598838129,sackOK,eol], length 021:01:27.122388 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 13890, offset 0, flags [DF], proto TCP (6), length 64) 10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xbfac (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109671160 ecr 1598838630,sackOK,eol], length 021:01:27.557064 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 12770, offset 0, flags [DF], proto TCP (6), length 64) 10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xbe13 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109671569 ecr 1598838630,sackOK,eol], length 021:01:29.670887 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 64979, offset 0, flags [DF], proto TCP (6), length 64) 10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xb69f (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109673477 ecr 1598838630,sackOK,eol], length 0 Quote Share this post Link to post
zhang888 1066 Posted ... 21:01:18.524551 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46854, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb2bc (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836494 ecr 0,nop,wscale 7], length 021:01:19.519547 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46855, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb1c2 (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836744 ecr 0,nop,wscale 7], length 021:01:21.519635 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46856, offset 0, flags [DF], proto TCP (6), length 60) airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xafcd (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598837245 ecr 0,nop,wscale 7], length 021:01:24.132447 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 1984, offset 0, flags [DF], proto TCP (6), length 64) What exactly did you hide under the alias airvpn.org?If that's the AirVPN tunnel IP? In that case it should not connect to your 109.131.xx.xx IP on port 65500, assumingthat was the port you were trying to forward. When you did the port forwarding NAT rules, you mixed up some interfaceswhich now makes it look this way. 10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xbfac (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109671160 ecr 1598838630,sackOK,eol], length 0 This looks more right, but again what is under airvpn.org? it was supposed to be 10.4.37.200.65500 > 192.168.x.x.65500 Make sure to follow this guide instead: https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ 1 farquaad reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 362 Posted ... Hi all, I am trying to forward a port to a box on my LAN for p2p. Let me start by saying I do not understand what is meant by: “IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client.” Still, I did my best to get it to work but have failed miserably. My setup is this:I created a port forward on AVPN (port 12345). I then created a port forwarding entry in pfSense 2.3 following this guide: https://nguvu.org/pfsense/pfsense-port-forward/ After quite a bit of debugging, it seems the port test will reach my host but rather than return through the VPN tunnel, instead goes through my WAN. My setup only allows a few boxes to go through the VPN which all have a fixed IP set in the DHCP server. This is clearly not an AVPN issue but you all seem to have quite a bit of experience so someone might be able to help. What rule am I missing to force the forward back out through the VPN? Thanks! when you create a forwarded port in pfsense you must select your AirVPN interface for the interface. (I'm guessing this is where you messed up and it defaulted to the WAN interface.) Then it'll create a corresponding firewall rule that will be in your AirVPN interface sub-section of rules. 1 farquaad reacted to this Quote Share this post Link to post
farquaad 14 Posted ... Hi guys, Thanks for your answers. I took a bit more time than expected but it seems all my troubles stem from having the WAN as the default gateway (some ppl at home still don't want it, even after all my speeches about security). After some manipulation to the rules, I now got it working. I might have to review my setup to make the VPN the default and the WAN the exception. Thank you both for pointing me into the right direction! Quote Share this post Link to post
Not connected, Your IP: 13.58.203.255
Online: 25444 users - 295730 Mbit/s total BW