Jump to content
Not connected, Your IP: 34.228.240.6

Recommended Posts

Hi all,

 

I am trying to forward a port to a box on my LAN for p2p. Let me start by saying I do not understand what is meant by:

 

“IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client.”

 

Still, I did my best to get it to work but have failed miserably.

 

My setup is this:

I created a port forward on AVPN (port 12345). I then created a port forwarding entry in pfSense 2.3 following this guide: https://nguvu.org/pfsense/pfsense-port-forward/

 

After quite a bit of debugging, it seems the port test will reach my host but rather than return through the VPN tunnel, instead goes through my WAN.

 

My setup only allows a few boxes to go through the VPN which all have a fixed IP set in the DHCP server. This is clearly not an AVPN issue but you all seem to have quite a bit of experience so someone might be able to help.

 

What rule am I missing to force the forward back out through the VPN?

 

Thanks!

Share this post


Link to post

I'm in the same boat. I'm using a asus router running merlin and while I can connect to the VPN I cant seem to get the port forwarding to work. 

Share this post


Link to post

So you are all probably waiting for logs before answering...

 

Here they are. If anyone feels like confirming my suspicion or better, have a solution, that would be great thanks.

 

The test is done by issuing a port forwarding test from the AirVPN client area. Seeing as I cannot (that I know of) listen to multiple interfaces in one go under pfSense, I have repeated the tests until all the data was gathered. The times simply will not match.

 

IPs and host names where changed to protect the innocents...

 

VPN

20:58:56.569436 AF IPv4 (2), length 80: (tos 0x0, ttl 54, id 4487, offset 0, flags [DF], proto UDP (17), length 76)
    airvpn.org.37373 > 10.4.37.200.65500: [udp sum ok] UDP, length 48
 
20:59:02.846910 AF IPv4 (2), length 64: (tos 0x0, ttl 54, id 52317, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.55512 > 10.4.37.200.65500: Flags , cksum 0x426d (correct), seq 2205615572, win 29200, options [mss 1352,sackOK,TS val 1598802562 ecr 0,nop,wscale 7], length 0
 
LAN
21:00:36.083764 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 53, id 7172, offset 0, flags [DF], proto UDP (17), length 76)
    airvpn.org.60342 > mymac.local.65500: [udp sum ok] UDP, length 48
 
21:00:41.386209 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 57921, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.56177 > mymac.local.65500: Flags , cksum 0x18af (correct), seq 4087531772, win 29200, options [mss 1352,sackOK,TS val 1598827197 ecr 0,nop,wscale 7], length 0
 
21:00:41.386694 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 36527, offset 0, flags [DF], proto TCP (6), length 64)
    mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0xa417 (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109629375 ecr 1598827197,sackOK,eol], length 0
21:00:42.387439 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 57922, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.56177 > mymac.local.65500: Flags , cksum 0x17b5 (correct), seq 4087531772, win 29200, options [mss 1352,sackOK,TS val 1598827447 ecr 0,nop,wscale 7], length 0
21:00:42.387815 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 49781, offset 0, flags [DF], proto TCP (6), length 64)
    mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x9f9f (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109630269 ecr 1598827447,sackOK,eol], length 0
21:00:43.811413 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 44963, offset 0, flags [DF], proto TCP (6), length 64)
    mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x9a8f (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109631565 ecr 1598827447,sackOK,eol], length 0
21:00:44.391132 00:a8:2a:e8:33:a5 (oui Unknown) > 10:dd:b1:aa:c6:43 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 57923, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.56177 > mymac.local.65500: Flags , cksum 0x15c0 (correct), seq 4087531772, win 29200, options [mss 1352,sackOK,TS val 1598827948 ecr 0,nop,wscale 7], length 0
21:00:44.391535 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 50038, offset 0, flags [DF], proto TCP (6), length 64)
    mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x9677 (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109632112 ecr 1598827948,sackOK,eol], length 0
21:00:44.843753 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 46859, offset 0, flags [DF], proto TCP (6), length 64)
    mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x94e0 (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109632519 ecr 1598827948,sackOK,eol], length 0
21:00:46.957997 10:dd:b1:aa:c6:43 (oui Unknown) > 00:a8:2a:e8:33:a5 (oui Unknown), ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 48535, offset 0, flags [DF], proto TCP (6), length 64)
    mymac.local.65500 > airvpn.org.56177: Flags [s.], cksum 0x8d6b (correct), seq 1084012712, ack 4087531773, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109634428 ecr 1598827948,sackOK,eol], length 0
 
BOX
21:05:28.722888 IP airvpn.org.38347 > mymac.local.65500: UDP, length 48
21:05:34.048991 IP airvpn.org.57744 > mymac.local.65500: Flags , seq 4134343342, win 29200, options [mss 1352,sackOK,TS val 1598900417 ecr 0,nop,wscale 7], length 0
21:05:34.049194 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109895461 ecr 1598900417,sackOK,eol], length 0
21:05:35.048910 IP airvpn.org.57744 > mymac.local.65500: Flags , seq 4134343342, win 29200, options [mss 1352,sackOK,TS val 1598900667 ecr 0,nop,wscale 7], length 0
21:05:35.048982 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109896394 ecr 1598900667,sackOK,eol], length 0
21:05:36.455138 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109897690 ecr 1598900667,sackOK,eol], length 0
21:05:37.052578 IP airvpn.org.57744 > mymac.local.65500: Flags , seq 4134343342, win 29200, options [mss 1352,sackOK,TS val 1598901168 ecr 0,nop,wscale 7], length 0
21:05:37.052650 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109898232 ecr 1598901168,sackOK,eol], length 0
21:05:37.510130 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109898644 ecr 1598901168,sackOK,eol], length 0
21:05:39.676843 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109900552 ecr 1598901168,sackOK,eol], length 0
21:05:40.732228 IP mymac.local.65500 > airvpn.org.57339: Flags [s.], seq 1325684733, ack 157412034, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109901503 ecr 1598883012,sackOK,eol], length 0
21:05:43.905016 IP mymac.local.65500 > airvpn.org.57339: Flags [R.], seq 1, ack 1, win 65535, length 0
21:05:44.003476 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109904368 ecr 1598901168,sackOK,eol], length 0
21:05:52.548081 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109912000 ecr 1598901168,sackOK,eol], length 0
21:06:05.295550 IP mymac.local.65500 > airvpn.org.57744: Flags [s.], seq 107238468, ack 4134343343, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109923136 ecr 1598901168,sackOK,eol], length 0
 
WAN
21:01:18.122043 AF IPv4 (2), length 80: (tos 0x38, ttl 57, id 14570, offset 0, flags [DF], proto UDP (17), length 76)
    airvpn.org.58375 > 109.131.101.86.65500: [udp sum ok] UDP, length 48
21:01:18.524551 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46854, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb2bc (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836494 ecr 0,nop,wscale 7], length 0
21:01:19.519547 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46855, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb1c2 (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836744 ecr 0,nop,wscale 7], length 0
21:01:21.519635 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46856, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xafcd (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598837245 ecr 0,nop,wscale 7], length 0
21:01:24.132447 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 1984, offset 0, flags [DF], proto TCP (6), length 64)
    10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xcd68 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109668395 ecr 1598837879,sackOK,eol], length 0
21:01:25.113816 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 38373, offset 0, flags [DF], proto TCP (6), length 64)
    10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xc8d2 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109669319 ecr 1598838129,sackOK,eol], length 0
21:01:26.536279 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 34360, offset 0, flags [DF], proto TCP (6), length 64)
    10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xc3c2 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109670615 ecr 1598838129,sackOK,eol], length 0
21:01:27.122388 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 13890, offset 0, flags [DF], proto TCP (6), length 64)
    10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xbfac (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109671160 ecr 1598838630,sackOK,eol], length 0
21:01:27.557064 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 12770, offset 0, flags [DF], proto TCP (6), length 64)
    10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xbe13 (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109671569 ecr 1598838630,sackOK,eol], length 0
21:01:29.670887 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 64979, offset 0, flags [DF], proto TCP (6), length 64)
    10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xb69f (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109673477 ecr 1598838630,sackOK,eol], length 0

Share this post


Link to post

 

21:01:18.524551 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46854, offset 0, flags [DF], proto TCP (6), length 60)

    airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb2bc (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836494 ecr 0,nop,wscale 7], length 0
21:01:19.519547 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46855, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xb1c2 (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598836744 ecr 0,nop,wscale 7], length 0
21:01:21.519635 AF IPv4 (2), length 64: (tos 0x38, ttl 57, id 46856, offset 0, flags [DF], proto TCP (6), length 60)
    airvpn.org.41923 > 109.131.101.86.65500: Flags , cksum 0xafcd (correct), seq 766900232, win 29200, options [mss 1452,sackOK,TS val 1598837245 ecr 0,nop,wscale 7], length 0
21:01:24.132447 AF IPv4 (2), length 68: (tos 0x0, ttl 63, id 1984, offset 0, flags [DF], proto TCP (6), length 64)

 

What exactly did you hide under the alias airvpn.org?

If that's the AirVPN tunnel IP? In that case it should not connect to your 109.131.xx.xx IP on port 65500, assuming

that was the port you were trying to forward. When you did the port forwarding NAT rules, you mixed up some interfaces

which now makes it look this way.

 

    10.4.37.200.65500 > airvpn.org.56362: Flags [s.], cksum 0xbfac (correct), seq 2518285956, ack 1716806231, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1109671160 ecr 1598838630,sackOK,eol], length 0

 

This looks more right, but again what is under airvpn.org? it was supposed to be 10.4.37.200.65500 > 192.168.x.x.65500

 

Make sure to follow this guide instead: https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Hi all,

 

I am trying to forward a port to a box on my LAN for p2p. Let me start by saying I do not understand what is meant by:

 

“IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client.”

 

Still, I did my best to get it to work but have failed miserably.

 

My setup is this:

I created a port forward on AVPN (port 12345). I then created a port forwarding entry in pfSense 2.3 following this guide: https://nguvu.org/pfsense/pfsense-port-forward/

 

After quite a bit of debugging, it seems the port test will reach my host but rather than return through the VPN tunnel, instead goes through my WAN.

 

My setup only allows a few boxes to go through the VPN which all have a fixed IP set in the DHCP server. This is clearly not an AVPN issue but you all seem to have quite a bit of experience so someone might be able to help.

 

What rule am I missing to force the forward back out through the VPN?

 

Thanks!

 

when you create a forwarded port in pfsense you must select your AirVPN interface for the interface.  (I'm guessing this is where you messed up and it defaulted to the WAN interface.)  Then it'll create a corresponding firewall rule that will be in your AirVPN interface sub-section of rules.

Share this post


Link to post

Hi guys,

 

Thanks for your answers. I took a bit more time than expected but it seems all my troubles stem from having the WAN as the default gateway (some ppl at home still don't want it, even after all my speeches about security).

 

After some manipulation to the rules, I now got it working. I might have to review my setup to make the VPN the default and the WAN the exception.

 

Thank you both for pointing me into the right direction!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...