Jamertol 0 Posted ... Hi I have just started with AirVPN and quite happy. I have opened a port forwarding and it is working fine, but I only need that particular port in one session, not in all my sessions. I know it is not a big deal, but it could be a security risk. So my question is how do I assign a port forwarding to a single session instead to all of them. Is this possible? Thanks Quote Share this post Link to post
Staff 10015 Posted ... @Jamertol Hello! You can't but it's irrelevant. Make sure you have nothing listening to that port in any "other" system and it's not a security risk (something that does not exist is not a security risk by itself). Kind regards Quote Share this post Link to post
Jamertol 0 Posted ... I understand that if the other device has the port closed in theory it should be protected, but it does open an avenue of attack in case the other device has a bug or is badly configured. I also understand that this is just a small detail and not super important towards security, but it would be good if we could have the option to asign a port to a session, even if the default remains for the open ports to be for all sessions as it is now. I do not see how it would hurt to add the option to asign a port to a session for the ones who are interested. Quote Share this post Link to post
Staff 10015 Posted ... @Jamertol Quote I understand that if the other device has the port closed in theory it should be protected, but it does open an avenue of attack in case the other device has a bug or is badly configured. Hello! If a port does not exist there's physically no way to have some host process reached via that port (it seems you don't know what a port is, check it out). It's not a matter of bugs, it's a physical limitation in the code as the host lacks the information to process and assign the packet to any process. Quote it would be good if we could have the option to asign a port to a session, even if the default remains for the open ports to be for all sessions as it is now. I do not see how it would hurt to add the option to asign a port to a session for the ones who are interested. That's possible. Can you (or somebody else) make an example showing that the option would be useful and not an over-complication? We can't think of any, but If the reason is good, we can seriously think about adding the option(s). Kind regards Quote Share this post Link to post
Jamertol 0 Posted ... On 9/30/2020 at 1:24 PM, Staff said: @Jamertol Hello! If a port does not exist there's physically no way to have some host process reached via that port (it seems you don't know what a port is, check it out). It's not a matter of bugs, it's a physical limitation in the code as the host lacks the information to process and assign the packet to any process. That's possible. Can you (or somebody else) make an example showing that the option would be useful and not an over-complication? We can't think of any, but If the reason is good, we can seriously think about adding the option(s). Kind regards I understand what a port is. I understand it is not a direct threat, but it is always good to have another layer of security, even if removing that layer does not expose you. In any case, one use case would be being able to use the DDNS service you provide even when we have multiple devices connected (actually I came to do this today). As it is now it is not possible, beause your server can not know which connection to send the incoming traffic to. The default should remain like it is now. You open a port and it just works, but you could add the option to associate it with a connection, just like you offer the option to add a domain. There are several ways of associating the port with the session, by incoming ip, by airvpn server, by airvpn server country, via API. Select which options you think is more appropiate, although allowing to associate the session with the port via API should be included, since it would allow home servers to set themselves automatically. I understand this is an option that can be seen as "power user", but you can hide it and mark it as very optional so normal users do not get scared. Quote Share this post Link to post
Jamertol 0 Posted ... And another reason to be able to asign a port to a session:The solution Mullvad has taken, asigning a port for a user only in one server, is not as versatile, but still works quite well for the same purpose, so if Airvpn adopted the same solution, then we could have several sessions an still make the DDNS server work as long as the user only connects one device to that server. Quote Share this post Link to post
Jamertol 0 Posted ... I just learned about devices in AirVPN. Since we can already identify the sessions individually, another option would be to let us associate a device to a port, meaning only that device receives the incoming traffic from the port. Quote Share this post Link to post