Connection problems after restart (Transmission, Gluetun, pfSense)

[jnussbaum 0]

I've had an extremely stable and fast setup for some time, but after a middle-of-the-night power outage, I can no longer connect, and I can't tell what has triggered the problem; my configuration hasn't changed, and my IP address(es) haven't changed. I am not that sophisticated about all this stuff, so forgive me if I'm giving too much information, but since I'm not sure where the problem is I'd rather give more rather than less info.

I'm using AirVPN _only_ for torrenting. For the latter, I'm using transmission with gluetun, both running in Docker containers on the same host. The Transmission network config is 'network_mode: "service:gluetun"'. The relevant (I think) config for gluetun is:

 environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=[blah]=
      - WIREGUARD_PRESHARED_KEY=[blah]=
      - WIREGUARD_ADDRESSES={my home IP address}
      - FIREWALL_VPN_INPUT_PORTS=54321
      - SERVER_COUNTRIES=United States
    ports:
      - "0.0.0.0:9091:9091/tcp" # transmission
      - 54321:54321/tcp # transmission
      - 54321:54321/udp # transmission

(The port is not actually "54321", but it's in a similar range, and I"m using that same port number throughout this explanation.) I have not changed this configuration. Both transmission and gluetun are running, as are other services on the Docker host, that are reachable as expected.

My router runs pfSense. I have a firewall rule that forwards any WAN traffic on port 54321 to {IP address of the Docker host}. I also have a port forwarding entry that has both NAT port and destination port of 54321 with a NAT IP address of {IP of Docker host} and a destination address of the WAN. I have restarted the firewall to ensure that these is loaded.

Meanwhile, on AirVPN Client Area, under "Forwarded Ports", I have a forwarded port of 54321 pointing to a local port of 54321. (This is my only forwarded port.) When I click "Test Open", it opens up a window with a bunch of servers on it; all of them spin for a while before returning "Connection timed out (110)". 

In Transmission, under Remote Preferences -> Connections, I have "Peer port" set to 54321. When I click Port test -> "Test", it pauses for a while before returning "Couldn't test port: No Response (0)".

I also note that in the AirVPN Client Area, it reports that "There are 16 sessions active on this account. Max 5 concurrent sessions allowed."; I have no idea what these sessions are, and it's not clear to me how I can shut them down. I don't have any other devices or services that use AirVPN.

I have confirmed that after the power outage, my home IP address is still indeed the one configured in the gluetun config. I have also used canyouseeme.org to check the port; it confirms "Success: I can see your service on {my home IP address} on port (54321) Your ISP is not blocking port 54321".

I don't know what else to try, or where else to look; I've occasionally had issues after unplanned restarts, but they always resolve themselves quickly, or they have obvious causes (e.g. my ISP gives me a new IP address after the modem resets) that I can fix. I'd be grateful for any suggestions! Thank you.

[jnussbaum 0]

Well, a bit of followup here. After struggling further, I decided to create a configuration file, to make absolutely sure I was using the right keys. I was, but almost accidentally I noticed that the value for "WIREGUARD_ADDRESSES" had changed, from my home IP address to a private address in the "10." family. I don't understand what this represents, and it seems like a pretty significant change in how things are set up, but I tried it, and everything is working now, and has continued to work.

I'm also showing the correct "1 session active on this account" value.

So I guess I'm good. I'm not sure if it's correct to tag this question "Answered", without knowing why this has changed, but at least things are working.

[Staff 10394]

43 minutes ago, jnussbaum said:

I noticed that the value for "WIREGUARD_ADDRESSES" had changed, from my home IP address to a private address in the "10." family. I don't understand what this represents

Hello!

The WIREGUARD_ADDRESSES environment variable in Gluetun specifies the WireGuard IP network interface address in CIDR format; in AirVPN it is inside the big subnet 10.128.0.0/10.

Kind regards
 

[jnussbaum 0]

6 minutes ago, Staff said:

Hello!

The WIREGUARD_ADDRESSES environment variable in Gluetun specifies the WireGuard IP network interface address in CIDR format; in AirVPN it is inside the big subnet 10.128.0.0/10.

Kind regards
 

Thanks. I understand this, but I guess I don't know why it had previously been set to (and working with) my own external IP address, and now it's set to (and working with) the AirVPN subnet.

[Staff 10394]

51 minutes ago, jnussbaum said:

I guess I don't know why it had previously been set to (and working with) my own external IP address,

Hello!

This sounds impossible indeed. There's no way that our servers can guess your public key from a random address.  

Kind regards