Jump to content
Not connected, Your IP: 3.16.70.99
space5

ANSWERED Local ports for forwarded ports are ignored.

Recommended Posts

Posted ... (edited)

If local port is different from external port, then local port is ignored and is made the same as the external port.

I verified it with wireshark. I had to redirect external port to local port on my machine's firewall.

I use wireguard on linux.

Edited ... by space5

Share this post


Link to post

The host where is the port you are trying to reach is not on the same host / computer where wireguard is running?

Share this post


Link to post
@space5

Hello!

Everything is fine, your service is reachable on the proper port. You have split port forwarding into two different "devices" (keys) therefore only the ports linked to a specific device will be forwarded when that device is connected. There, your listening program is reachable and replies (just checked). The other port will be forwarded when connections from the other device (key) are established. If you want unconditional port forwarding (classic system) to all devices, just set "All devices" on the "Device" combo box available for each port in your AirVPN account port panel. Please read the answer to the following FAQ:
https://airvpn.org/contents/faq_port_forwarding/

Kind regards
 

Share this post


Link to post
Posted ... (edited)
@Staff The problem isn't with unconditional port forwarding. The problem is that even if I set the local port to a different port than the external port on airvpn website, the local port is still the same as the external port.

I had to redirect the external port to the local port in my machine's linux firewall. Packets aren't actually delivered to the local port on my machine.

The ports are reachable because I configured my machine's firewall. If the local port is actually respected, then I wouldn't have to redirect the external port to the local port in my machine's firewall.

I think airvpn's firewall is configured incorrectly.

The FAQ says
Quote
You can't forward ports lower than 2048.
Can a local port be lower than 2048? Edited ... by space5

Share this post


Link to post
@space5

Hello!

We have checked random ports of random users and the port "re-mapping" (let's call it in this way) works. The proper pre-routing rules for the DNAT are applied. We have checked the port control panel and we could not see any anomalous behavior. Of your forwarded ports, you have chosen not to "re-map" any of them. What happens if you try to do so, by changing the "local port" field on your AirVPN account port panel?
 
Quote

Can a local port be lower than 2048?


Yes, it can.

Kind regards
 

Share this post


Link to post
Posted ... (edited)
59 minutes ago, Staff said:

What happens if you try to do so, by changing the "local port" field on your AirVPN account port panel?

Wireshark says the destination port of the TCP packets arriving my computer is the external port instead of the local port. Wireshark sees no packets whose destination port is the local port. Edited ... by space5

Share this post


Link to post
33 minutes ago, space5 said:
Wireshark says the destination port of the TCP packets arriving my computer is the external port instead of the local port. Wireshark sees no packets whose destination port is the local port.

Hello!

In this case please open a ticket, we want to check directly from inside a VPN server while your account is connected to verify the "forward rules".

Kind regards
 

Share this post


Link to post

Hello!

Confirmed. For the readers: the problem is that the system supports hot change (on the fly change) for port deletion, protocol change and port addition. However, the system does not support hot local port change, we're sorry. Quick solution: you will need to disconnect and re-connect when you need to change local port, as long as this feature is unimplemented. Luckily, local port change is, probably, quite a rare occurrence.
 
Kind regards
 

Share this post


Link to post
8 hours ago, Staff said:

you will need to disconnect and re-connect when you need to change local port, as long as this feature is unimplemented.

If hot change for local port is implemented, will it be announced on the forum?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...