Jump to content
Not connected, Your IP: 3.227.235.216
Obvious

The big Port Forwarding Airvpn Topic

Recommended Posts

Would it be possible that people with port forwarding requirement gather here perhaps?


As you know every server has 65535 ports in theory, some of these ports are control ports used by AirVpn itself. So for now we say there are 50000 ports available for port forwarding for a user that connects to choose from.

However as you understand at this moment people can really choose which ports they want to be forwarded. That is great, and you have at this moment up to 5 ports for example.

Now imagine I like to have 5 ports. Then from the 50000 ports divided by 5 only 10000 clients could connect to a single server without conflicting each other. In reality 10000 clients do not connect to a single server, but the issue is that with a limited number of in reality 10000 ports that are to be reserved on every AirVpn server is something that will not work for ever.


Now imagine to how other VPN sellers do this! Other VPN sellers if even allowed port forwarding do every time you connect offer in this example 3 randomly chosen ports for the user. You update your client software at your side every time you connect. That is doable if you reboot every week or so. This is how most VPN sellers with port forwarding work, they randomly give you a new set of ports to be forwarded and you set the ports in your software every connect.


But AirVpn could be smarter. Instead of reserving port forwarded ports for every AirVpn Server, in the future AirVpn could show which server has all available ports that you have chosen to be forwarded and that has these ports available when you have connected.

Instead of AirVpn having all ports a single client required available at all servers, the servers that have your forwarded ports free to use are instead in the future for example clearly highlighted.

Since 10000 people with each 5 forwarded ports is very limited, and randomly chosen ports every connection setup is a tidy process at the user side too, something needs to be done.

Now my personal experience, at some servers port forwarding is very reliable, on some servers port forwarding is lost after for example 2 days. And I would like to address a solution for the future towards AirVpn.

What I assume that happens is that port forwarding is lost because for a short moment on a single server something happens that uses the forwarded port(s) and so I loose forwarding at that server.

You can do this yourself by connecting to a server with 1 device, connecting with another device at that same server next. You will see port forwarding will cease to work. Instead at this moment for now, AirVpn should say towards the latest device that connects: This server is already connected to another device!.

I hope AirVpn users are willing to share their port forwarding issues in this topic, my request simply is AirVpn should say why, or when port forwarding is lost. Not a user looking for a server having the ports at that moment free, but for example Eddie AirVpn client clearly explaining, as simple as 'This server is already connected to another device!.'

But I do not connect to the same server myself, because I understand it means loosing port forwarding, instead I do not know why some servers are so very reliable, and others give up port forwarding in 2 days or 1 day.

Share this post


Link to post

Static port forwarding is one of Air's best features.  My port-forwarding application would collapse completely if it were dynamic per connection.  Because so few providers offer static port forwarding, those who need it often end up on Air.

Share this post


Link to post
21 hours ago, Obvious said:

As you know every server has 65535 ports in theory, some of these ports are control ports used by AirVpn itself. So for now we say there are 50000 ports available for port forwarding for a user that connects to choose from.

Fact: Exactly 1024 ports are inforwardable, 1-1023, that makes 64511 ports free to be forwarded by anyone.
 
21 hours ago, Obvious said:

However as you understand at this moment people can really choose which ports they want to be forwarded. That is great, and you have at this moment up to 5 ports for example.


People can forward up to 20 ports.
 
21 hours ago, Obvious said:

Now imagine I like to have 5 ports. Then from the 50000 ports divided by 5 only 10000 clients could connect to a single server without conflicting each other. In reality 10000 clients do not connect to a single server, but the issue is that with a limited number of in reality 10000 ports that are to be reserved on every AirVpn server is something that will not work for ever.


This applies only if you assume every user forwards five ports. I'd say the vast majority of people use 0-2 ports and a vast minority is above the 5 ports mark, simply because there are so little use cases for more than five ports. Most people want to torrent, that requires one port. All this renders the extrapolation somewhat difficult and needs some mathematical function to describe that is by no means linear, unlike the one you're trying to plot.
 
21 hours ago, Obvious said:

But AirVpn could be smarter. Instead of reserving port forwarded ports for every AirVpn Server, in the future AirVpn could show which server has all available ports that you have chosen to be forwarded and that has these ports available when you have connected.


That would make the feature unnecessarily difficult to manage. Besides, OpenVPN does not come with a feature like this, and neither does Wireguard. So such a feature would be limited to AirVPN clients, robbing everyone of their freedom to choose the client software.
 
21 hours ago, Obvious said:

You can do this yourself by connecting to a server with 1 device, connecting with another device at that same server next. You will see port forwarding will cease to work. Instead at this moment for now, AirVpn should say towards the latest device that connects: This server is already connected to another device!.

Warning: Two or more sessions are connected to the same server. The same IP+Port can't be mapped to multiple destination.
Client area. It is a limitation, yes, but I think it is impossible to deny an OpenVPN client the connection if such a situation is encountered. OpenVPN does not know AirVPN's infrastructure. So if you see that two connections of yours are pointing towards the same server, reconnect with one of them and port forwarding should work again.
 
21 hours ago, Obvious said:

my request simply is AirVpn should say why, or when port forwarding is lost


It is never lost, it's always there. It just isn't possible to provide that feature in situations like above.
 
21 hours ago, Obvious said:

But I do not connect to the same server myself, because I understand it means loosing port forwarding, instead I do not know why some servers are so very reliable, and others give up port forwarding in 2 days or 1 day.


I'd say, check your own setup first before pointing fingers at others. Likely there's something happening with your OS.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post

I tested it for several years now and I can say that the problem might be in OpenVPN and within Linux. However that does not explain why only some servers are affected by loosing port forwarding, in 1 or 2 or 3 days. Although I use EDDIE, for convience, I assume that EDDIE uses 'openvpn' in the background. Or since OpenVPN is open source has its own 'openvpn' inside EDDIE package. It happens at every Ubuntu distribution since 2018, so there is no luck to make it stable in all circumstances.

OpenVPN became to complex to really maintain and has much legacy. Hence WireGuard as I understood will become available in September 2021 as a pilot for those who want to try and if more robust I hopefully hope so.

When I use OpenVPN from the CLI and forwarding within iptables the ports the same happens as when I use EDDIE. ( Some servers are very stable for length of time, others consistently stop working within 1,2 or 3 days with port forwarding only, other things keep working. )

Since I also read about a firewall at servers which seems logical, I assumed also the server firewall might decide to many simultaneous incoming connections for a port from to very different IP addresses. But then again it would not explain why other servers work very robust.

I tried different hardware too, and different Network Adapters also. But the common thing is GNU/Linux with OpenVPN. Situation always the same. Port Forwarding lost at certain servers, then only reboot works, since OpenVPN (EDDIE inherent) in my opinion deeply affects the TCP/IP stack.

So the only thing that works is looking for a server which does not create this situation. As for now, there are enough servers which do not exhibit this and sometimes the favorite servers do exhibit it, like servers that don't change website languages despite having a browser having English only in headers for example.

Everything in common: OpenVPN, GNU/Linux Ubuntu Distributions
Everything different: Different hardware (different computer), different Network Adaptor/hardware
Everything in common: Software eMule
Everything that works: Find a server that works, this means loosing favorite but it mitigates and does work.

Since OpenVPN deeply affects all network stack, it is also possible to simply unplug, re plug. But it does not explain diffent hardware having the same problem.

What I did not try is a different Router, what I did try is a different Internet provider too! ( Asus routers are known to be good but since selecting a right server doesn't give the problem of port forwarding lost, I have no reason to assume it is the Asus router.)

What I cannot try is Microsoft Windows. I assume Linux has more market share at OpenVPN but in other circumstances Microsoft Windows is far more tested by many more users (assumption.)

Other things I tried is all kinds of protocols instead of automatic, like TCP or different entry but automatic using UDP is always more stable.

The question remains, why only some servers are affected, and why some servers are not affected. The only difference is here: Different Country.

At this time I am trying 10 Gigabit from which I can see they are very popular.

As a response to the math, I tried to have it very simple hence easy math instead of dynamic scenario I instead used a theoretical approach easy to understand.
 

Share this post


Link to post
@Obvious

Hello!

Incoming packet forwarding is a server side matter. It makes no difference whether the VPN connection is handled by OpenVPN 2,. OpenVPN 3 or Wireguard.

In Linux and macOS, Eddie can run both OpenVPN and Hummingbird, which is an AirVPN software based on OpenVPN3-AirVPN library. You can tell Eddie to run Hummingbird and not OpenVPN by ticking "Use Hummingbird" item in Eddie's "Preferences" > "Advanced" window.

On a client settings equal footing, packet forwarding behavior discrepancy between VPN servers should be investigated server side too. From your description it is possible that you're just wasting time as it appears that you're investigating incorrectly: please open a ticket. The support team can, first and foremost, ascertain whether packets are actually pre-routed and forwarded to your node or not.

Kind regards
 

Share this post


Link to post

I'm actively using port-forwarding and without issues. Except today :)The Bt client doesn't show as many incoming connections as it would if the port-forwarding worked. I've used this port for weeks and it has worked fine yesterday on this same server. Other than this anomaly, (I just checked, it was just a fluke. The website tester was unreliable) I've been using port forwarding without any issues ever since I got AirVPN.
Adding a new port in the client area immediately enabled it for the current VPN connection (no noticable delay, no reconnect was required).

On the topic of port exhaustion: splitting up forwarded ports per server/country would confuse A LOT of people. On the other hand those who know to configure port forwarding probably will manage through that hoop too. The only other way is to have an additional exit IP for each VPN to 'double' the amount of available ports (max. 2 allocations per port but then it would need to be static, so each user must be statically assigned into either group for routing)

Share this post


Link to post

Ok, installed hummingbird and it is exceptional faster in connecting compared to OpenVPN 2.4.7. And I use it with the EDDIE client software. The installation guide was clear but I first downloaded the wrong operating system version from which LDD told ' no dynamic executable '. Which required me to look clearly for x86_64 version, then it worked following the steps, but I needed to completely exit EDDIE and then start EDDIE again to make it work if anyone else needs to know. Also hummingbird must be availlable in the paths mentioned in the instructions.

Something I forgot to mention is also, that I run eMule on top of WINE since eMule is a Windows application and the operating system I use is GNU/LINUX Ubuntu x86-64 ( 64 bit ). Before opening this topic I already considered something wrong in WINE to run Windows applications. ( but I should rather say something not yet complete since WINE is a method to run Windows applications on other operating systems than Microsoft Windows.  )

Now I would like to get back on the idea of the topic, since this topic which I started and Ninja'd myself, is about
how in the future for example a hundreds of thousands of people can have port forwarding.

The only thing that comes up in my limited knowledge is IPv6 in which the last section of the IPv6 address can be anything a client desires. And it means there are far more IPv6 last section numbers than people at the entire earth, so...

But then again, IPv6 was build with people not having to port forward in mind as I understand.

With IPv4 in the opening post I already explained other providers than AirVPN, so I think the future is in IPv6 but,...


Not all software is IPv6 aware or becomes it aware and will continue to require IPv4 and in my example that is eMule as you guessed it.

With torrent like a Ubuntu GNU/LINUX distribution port forwarding works fine and the client is native GNU/Linux so no WINE in between it. Also I did see for example downloading a Linux Distribution shows easily hundreds of connected computers and so my theory of a firewall outside of AirVPN is unlikely.

My current theory is eMule should become IPv6 ready and a native client aMule should be put back in the repositories. ( aMule is the native GNU/Linux version and eMule is the Windows version. )


Since Linux is a kernel I use the term GNU/Linux for desktop GNU/Linux distributions like a famous person always calls it every time.

What I also tried is running windows in a virtual machine but windows is requiring resources especially disk resources which I don't like. Especially Windows 10 requires also so much time to maintain and people that have tried Windows 10 with a classical mechanical HDD know how much disk I/O Windows 10 does.  Windows XP in a virtual machine is no longer possible because even Firefox is no longer working with Windows XP, but it would have been an option. For now I could install Windows 7 in a virtual machine to get eMule running but in that case I need to buy a new SSD since my storage drive has only a few GigaByte cache that would wear out with running a Virtual Machine on it. But buying a new SSD and installing Windows 7 perhaps 8.1 to run eMule would be possible, but $$$ for Microsoft to run a single application and so much time which could be spend better.

So on topic again, what about IPv6

Share this post


Link to post
On 8/24/2021 at 11:55 AM, Obvious said:

But then again, IPv6 was build with people not having to port forward in mind as I understand.


While true about forwarding as no end user device usually gets public v4 addresses (so they must be mapped on the firewall to the private v4), be advised that the port must still be opened in almost all routers since there's still a firewall involved dropping connections.
 
On 8/24/2021 at 11:55 AM, Obvious said:
My current theory is eMule should become IPv6 ready and a native client aMule should be put back in the repositories. ( aMule is the native GNU/Linux version and eMule is the Windows version. )

You should probably jump ship to BitTorrent as well. eD2k was cool, when it actually was the year 2k. It's like using 2G GSM because it was cool in the 2000s while the world around you is on its way to 5G technology. eMule will most probably never become v6 ready, don't get your hopes up.
 
On 8/24/2021 at 11:55 AM, Obvious said:

Since Linux is a kernel I use the term GNU/Linux for desktop GNU/Linux distributions like a famous person always calls it every time.


Then you should probably start calling your phone Foxconn/Apple. Same logic: It's an iPhone, but if most of the hardware is made by Foxconn, don't you dare leave out Foxconn! They want to be marketed, too!!
Stallman does not really encourage freedom of speech here. Just because people choose to bundle GNU tools in their distribution because it's widely regarded as standard does not mean Stallman's word is law. He also doesn't think highly of freedom of women, so, yeah, think thrice about everything he writes and says.
 
On 8/24/2021 at 11:55 AM, Obvious said:

Windows XP in a virtual machine is no longer possible because even Firefox is no longer working with Windows XP, but it would have been an option.


It is. You only need the last version of Firefox with XP support. Should be Firefox 52 ESR. You can download them quite safely from oldversion.com or so. But, yeah, don't do banking with that system. :D
 
On 8/24/2021 at 11:55 AM, Obvious said:

So on topic again, what about IPv6


Last year or so Staff mentioned that IPv6 in port forwarding not a priority but on the list. Can't find the post right now, though.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...