Jump to content
Not connected, Your IP: 18.191.215.30
Sign in to follow this  
locksmith

TCP/UDP filters

Recommended Posts

Hi,

I am new to AirVPN and would be most grateful for some guidance on setting it up

1. I have installed the AirVPN client and OpenVPN software but was unable to connect to the AirVPN servers until I added a TCP/UDP filter in my router firewall. The settings used are:

SourceIP/Netmask - 0.0.0.0/0.0.0.0

Destination IP/Netmask - 0.0.0.0/0.0.0.0

Protocol - UDP

Source port(s) - 0~65535. Inbound "Block"

Destination port(s) - 443~443. Outbound "Allow"

My computer uses fixed IP and DNS addresses (as it is part of a small workgroup), WinXP SP3. Port 443 has not been forwarded to my local IP address

Being a complete newbie my first question is, even though the connection seems solid and fine, whether the settings I have used for "SourceIP/Netmask", "DestinationIP/Netmask" and "source port" are correct. Or should they be in some way tailored to the AirVPN network.

2. As a follow on from the above, am I correct to presume that I have to set a TCP/UDP filter in my router firewall for each remote port forwarded.

3. I tested the VPN connection (using just the above default setup) on the recommended DNS leak Test sites and there doesn't appear to be any DNS leaks. This being the case should I still implement the DNS leak procedures recommended by these sites?

Many thanks

Share this post


Link to post

Hi,

I am new to AirVPN and would be most grateful for some guidance on setting it up

1. I have installed the AirVPN client and OpenVPN software but was unable to connect to the AirVPN servers until I added a TCP/UDP filter in my router firewall. The settings used are:

SourceIP/Netmask - 0.0.0.0/0.0.0.0

Destination IP/Netmask - 0.0.0.0/0.0.0.0

Protocol - UDP

Source port(s) - 0~65535. Inbound "Block"

Destination port(s) - 443~443. Outbound "Allow"

My computer uses fixed IP and DNS addresses (as it is part of a small workgroup), WinXP SP3. Port 443 has not been forwarded to my local IP address

Hello!

It's ok, you don't need to forward it.

2. As a follow on from the above, am I correct to presume that I have to set a TCP/UDP filter in my router firewall for each remote port forwarded.

No, you should not do that. All the traffic is tunneled over the port you have chosen to connect to. Your router firewall will not see any traffic from/to our servers on any other port. Forwarding on the router the same ports you have remotely forwarded exposes you to correlation attacks.

3. I tested the VPN connection (using just the above default setup) on the recommended DNS leak Test sites and there doesn't appear to be any DNS leaks. This being the case should I still implement the DNS leak procedures recommended by these sites?

If your OS is Windows, you can never tell whether a DNS leak will happen in the future, so for additional security you should consider to implement them anyway. Please read here as well:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142

Kind regards

Share this post


Link to post

Hi,

@admin. Just to confirm that your answer means the SourceIP & DestinationIP details are OK as they stand and need not be tailored to AirVPN's network details.

If possible I have a few other questions.

1. from your response, with respects to remote port forwarding, as the port I am connecting to is 443, does it mean I have to change the setting for the source ports(s) Inbound rule from "Block" to "Allow"?

2. what do I put in the box above "Protocol" ("Your forwarded ports" web page) if I want to forward a port.

3. In AirVPN client, under "Preferences", the "Proxy" settings currently are Type - None, Host - 127.0.0.1 and Port - 9050. Do I need to select a Proxy from the choices of "HTTP" or "Socks"? If so what details do I use for Host/Port.

4. The AirVPN client takes over 1 minute (average 75 secs) to establish a connection. By comparison I have been experimenting with Viscosity which connects almost instantaneously. Any idea as to why is there such a big difference.

Being a complete noob in VPN matters I thank you for your help. So far I have been pretty impressed with the quality of your connections and assistance and shall renew for a longer term when it comes up.

Regards

Share this post


Link to post

Hi,

@admin. Just to confirm that your answer means the SourceIP & DestinationIP details are OK as they stand and need not be tailored to AirVPN's network details.

If possible I have a few other questions.

1. from your response, with respects to remote port forwarding, as the port I am connecting to is 443, does it mean I have to change the setting for the source ports(s) Inbound rule from "Block" to "Allow"?

Hello!

If your connection to VPN servers is already working, you don't need any further change.

2. what do I put in the box above "Protocol" ("Your forwarded ports" web page) if I want to forward a port.

It depends on your needs. In case of doubt, leave TCP & UDP. Please be aware that when forwarding a port, your system will be reachable from the Internet on that port. Our firewall will not protect you anymore on that port, so open only the strictly necessary ports which your service(s) listen(s) to.

3. In AirVPN client, under "Preferences", the "Proxy" settings currently are Type - None, Host - 127.0.0.1 and Port - 9050. Do I need to select a Proxy from the choices of "HTTP" or "Socks"? If so what details do I use for Host/Port.

Host is the name or the IP address of the proxy and port is the port the proxy listens to. If you don't run or use a proxy or don't know what all this is about, just leave the proxy field to "None".

4. The AirVPN client takes over 1 minute (average 75 secs) to establish a connection. By comparison I have been experimenting with Viscosity which connects almost instantaneously. Any idea as to why is there such a big difference.

True, the difference is due to the fact that Air client retrieves certificates, key and configuration via an SSL connection and passes them to OpenVPN. Finally, it performs a safety check to verify whether the connection has been really established. Viscosity does not need to retrieve any file, because it already has them on the HDD (generated by our configuration generator).

Being a complete noob in VPN matters I thank you for your help. So far I have been pretty impressed with the quality of your connections and assistance and shall renew for a longer term when it comes up.

Thank you for your nice words, they are appreciated.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...