ANSWERED Local ports for forwarded ports are ignored.

[space5 2]

If local port is different from external port, then local port is ignored and is made the same as the external port.

I verified it with wireshark. I had to redirect external port to local port on my machine's firewall.

I use wireguard on linux.

Edited ... by space5

[ss11 15]

The host where is the port you are trying to reach is not on the same host / computer where wireguard is running?

[space5 2]

@ss11The host that has the local port is the same host that runs wireguard client.

[Staff 9972]

@space5

Hello!

Everything is fine, your service is reachable on the proper port. You have split port forwarding into two different "devices" (keys) therefore only the ports linked to a specific device will be forwarded when that device is connected. There, your listening program is reachable and replies (just checked). The other port will be forwarded when connections from the other device (key) are established. If you want unconditional port forwarding (classic system) to all devices, just set "All devices" on the "Device" combo box available for each port in your AirVPN account port panel. Please read the answer to the following FAQ:
https://airvpn.org/contents/faq_port_forwarding/

Kind regards
 

[space5 2]

@Staff The problem isn't with unconditional port forwarding. The problem is that even if I set the local port to a different port than the external port on airvpn website, the local port is still the same as the external port.

I had to redirect the external port to the local port in my machine's linux firewall. Packets aren't actually delivered to the local port on my machine.

The ports are reachable because I configured my machine's firewall. If the local port is actually respected, then I wouldn't have to redirect the external port to the local port in my machine's firewall.

I think airvpn's firewall is configured incorrectly.

The FAQ says

Quote

You can't forward ports lower than 2048.

Can a local port be lower than 2048? Edited ... by space5

[Staff 9972]

@space5

Hello!

We have checked random ports of random users and the port "re-mapping" (let's call it in this way) works. The proper pre-routing rules for the DNAT are applied. We have checked the port control panel and we could not see any anomalous behavior. Of your forwarded ports, you have chosen not to "re-map" any of them. What happens if you try to do so, by changing the "local port" field on your AirVPN account port panel?
 

Quote

Can a local port be lower than 2048?

Yes, it can.

Kind regards
 

[space5 2]

59 minutes ago, Staff said:

What happens if you try to do so, by changing the "local port" field on your AirVPN account port panel?

Wireshark says the destination port of the TCP packets arriving my computer is the external port instead of the local port. Wireshark sees no packets whose destination port is the local port. Edited ... by space5

[Staff 9972]

33 minutes ago, space5 said:

Wireshark says the destination port of the TCP packets arriving my computer is the external port instead of the local port. Wireshark sees no packets whose destination port is the local port.

Hello!

In this case please open a ticket, we want to check directly from inside a VPN server while your account is connected to verify the "forward rules".

Kind regards
 

[Staff 9972]

Hello!

Confirmed. For the readers: the problem is that the system supports hot change (on the fly change) for port deletion, protocol change and port addition. However, the system does not support hot local port change, we're sorry. Quick solution: you will need to disconnect and re-connect when you need to change local port, as long as this feature is unimplemented. Luckily, local port change is, probably, quite a rare occurrence.
 
Kind regards
 

[space5 2]

8 hours ago, Staff said:

you will need to disconnect and re-connect when you need to change local port, as long as this feature is unimplemented.

If hot change for local port is implemented, will it be announced on the forum?