Jump to content
Not connected, Your IP: 35.172.223.30
Jamertol

Port forwarding to a single session

Recommended Posts

Hi

I have just started with AirVPN and quite happy. I have opened a port forwarding and it is working fine, but I only need that particular port in one session, not in all my sessions. I know it is not a big deal, but it could be a security risk. So my question is how do I assign a port forwarding to a single session instead to all of them. Is this possible?

Thanks

Share this post


Link to post
@Jamertol

Hello!

You can't but it's irrelevant. Make sure you have nothing listening to that port in any "other" system and it's not a security risk (something that does not exist is not a security risk by itself).

Kind regards
 

Share this post


Link to post

I understand that if the other device has the port closed in theory it should be protected, but it does open an avenue of attack in case the other device has a bug or is badly configured.

I also understand that this is just a small detail and not super important towards security, but it would be good if we could have the option to asign a port to a session, even if the default remains for the open ports to be for all sessions as it is now. I do not see how it would hurt to add the option to asign a port to a session for the ones who are interested.

Share this post


Link to post
@Jamertol
 
Quote

I understand that if the other device has the port closed in theory it should be protected, but it does open an avenue of attack in case the other device has a bug or is badly configured.


Hello!

If a port does not exist there's physically no way to have some host process reached via that port (it seems you don't know what a port is, check it out). It's not a matter of bugs, it's a physical limitation in the code as the host lacks the information to process and assign the packet to any process.
 
Quote

it would be good if we could have the option to asign a port to a session, even if the default remains for the open ports to be for all sessions as it is now. I do not see how it would hurt to add the option to asign a port to a session for the ones who are interested.


That's possible. Can you (or somebody else) make an example showing that the option would be useful and not an over-complication? We can't think of any, but If the reason is good, we can seriously think about adding the option(s).

Kind regards
 

Share this post


Link to post
On 9/30/2020 at 1:24 PM, Staff said:
@Jamertol
  
Hello!

If a port does not exist there's physically no way to have some host process reached via that port (it seems you don't know what a port is, check it out). It's not a matter of bugs, it's a physical limitation in the code as the host lacks the information to process and assign the packet to any process.
 
That's possible. Can you (or somebody else) make an example showing that the option would be useful and not an over-complication? We can't think of any, but If the reason is good, we can seriously think about adding the option(s).

Kind regards
 

I understand what a port is. I understand it is not a direct threat, but it is always good to have another layer of security, even if removing that layer does not expose you.

In any case, one use case would be being able to use the DDNS service you provide even when we have multiple devices connected (actually I came to do this today). As it is now it is not possible, beause your server can not know which connection to send the incoming traffic to.

The default should remain like it is now. You open a port and it just works, but you could add the option to associate it with a connection, just like you offer the option to add a domain. There are several ways of associating the port with the session, by incoming ip, by airvpn server, by airvpn server country, via API. Select which options you think is more appropiate, although allowing to associate the session with the port via API should be included, since it would allow home servers to set themselves automatically.

I understand this is an option that can be seen as "power user", but you can hide it and mark it as very optional so normal users do not get scared.

Share this post


Link to post

And another reason to be able to asign a port to a session:The solution Mullvad has taken, asigning a port for a user only in one server, is not as versatile, but still works quite well for the same purpose, so if Airvpn adopted the same solution, then we could have several sessions an still make the DDNS server work as long as the user only connects one device to that server.

Share this post


Link to post

I just learned about devices in AirVPN. Since we can already identify the sessions individually, another option would be to let us associate a device to a port, meaning only that device receives the incoming traffic from the port.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...