VPN Split Tunnel port forwarding
|
Posts: 9
Threads: 1
Joined: Sep 2016
Reputation:
0
[Not Solved]
Sep 02, 2016, 04:06 PM
(This post was last modified: Sep 02, 2016, 04:07 PM by gjosang.)
Hi,
So I got a working installation following «VPN Split Tunneling on Ubuntu 14.x»
But I would really like the option to use PIAs port forwarding.
Sadly I have some sites the requires me to have a open connection..
In my old setup I have been using this awesome tool:
https://github.com/mhum/pia-transmission-updater
Which automatically fetch a new open port from PIA and then updates transmission
The old setup was based on «Remote Access Transmission behind VPN»
Now I am getting the following error «Port forwarding not available for this region» on gateways which does have port forwarding»
drake suggested some iptables rule:
iptables -A INPUT -i $INTERFACE -p tcp --dport your_forwarded_port -j ACCEPT
iptables -A INPUT -i $INTERFACE -p udp --dport your_forwarded_port -j ACCEPT
And adding these with the open port does work.
The problem is these port changes quite often. So in the long run, it’s not a good solution..
What I would like is using pia-transmission-updater scripts on a cron, and dont have to thing about it.
I would really appreciate all the help I can get :-)
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Not Solved]
Sep 02, 2016, 04:32 PM
Is it the torrent trackers that require this port to be open and forwarded? Can you provide some context? I assumed it was the web interface you were trying to access.
I am sure we can help you setup a cronjob, I just need to see the full logic that needs to happen.
We need to ask PIA to open a port, then use that port it opens in the transmission daemon configuration, then restart transmission?
Posts: 9
Threads: 1
Joined: Sep 2016
Reputation:
0
[Not Solved]
Sep 02, 2016, 06:11 PM
I see.
Well english is not my first language.. Sorry for the misunderstanding.
I have no problem accessing the web interface thats working fine.
I have no problem setting up a cron.
It's a torrent tracker that needs the open port.
So I need to fetch port from pia and then give it to transmission.
The script "pia-transmission-updater" uses https://www.privateinternetaccess.com/vp...assignment
to find an open port and then communicates with transmission via rpc.
I also tried using this from pia:
https://www.privateinternetaccess.com/fo...nced-users
Seems like there there is some routing stopping the port forwarding.
Could you try and see if you could fetch a port using the this script?
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Not Solved]
Sep 02, 2016, 07:25 PM
Not a problem at all, a lot of these concepts overlap and have multiple meanings and use cases. It is easy to get confused, I do it myself
Can you tell me which port you need to set in transmission, I am assuming it is the listening port.
With the VPN split tunnel, are you able to manually get a port from PIA to forward and stick it in Transmission so it will work with your torrent tracker?
It is important the manual method works before we try automating it with a script.
Posts: 9
Threads: 1
Joined: Sep 2016
Reputation:
0
[Not Solved]
Sep 02, 2016, 07:37 PM
(Sep 02, 2016, 07:25 PM)Mike Wrote: Not a problem at all, a lot of these concepts overlap and have multiple meanings and use cases. It is easy to get confused, I do it myself
Can you tell me which port you need to set in transmission, I am assuming it is the listening port.
With the VPN split tunnel, are you able to manually get a port from PIA to forward and stick it in Transmission so it will work with your torrent tracker?
It is important the manual method works before we try automating it with a script.
Thats good
It's the peer-port (listening port) that I need to set.
As of now I not able not get a port from PIA.
When using port_forward script from PIA I'am getting "port forwarding not available for this region"
seems like it's getting blocked some how..
Posts: 1,646
Threads: 2
Joined: Aug 2015
Reputation:
42
[Not Solved]
Sep 02, 2016, 08:06 PM
Ok good, we are on the same page
Please try to switch to another country just to test, are you running that 'get the port to forward from PIA' script as the vpn user?
https://www.privateinternetaccess.com/fo...mment_4129
Posts: 9
Threads: 1
Joined: Sep 2016
Reputation:
0
[Not Solved]
Sep 02, 2016, 08:54 PM
(Sep 02, 2016, 08:06 PM)Mike Wrote: Ok good, we are on the same page
Please try to switch to another country just to test, are you running that 'get the port to forward from PIA' script as the vpn user?
https://www.privateinternetaccess.com/fo...mment_4129
I just going to reply that... haha
I tried running it as vpn user and it worked perfectly
I tried all kind of weird stuff, and totally forgot the services running as the vpn user..
Thanks for all the help. And keep ut the good work!
Posts: 9
Threads: 1
Joined: Sep 2016
Reputation:
0
[Not Solved]
Sep 04, 2016, 02:30 PM
I see there still is a small problem.
When running the scripts as vpn user, I'am able to fetch a open port from PIA.
But transmission still sees the port as closed..
Any idea what this could be?
I have tested the gateway on another machine which is based on http://www.htpcguides.com/remote-access-...vpn-linux/
And there the peer port shows as open in transmission, and I am connected to trackers.
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Not Solved]
Sep 04, 2016, 07:23 PM
Great work, I was not available for two days, and I wanted to reply now that you need to run the script as vpn user, but Mike already helped (very helpful, as always, thanks Mike). The script didn't work when not run as vpn user since the split tunnel rule block everything not run by vpn user - this is expected behaviour.
Now that you have the required port, did you try to add that port with the iptables rule I wrote? You need to allow the specific port in the iptables script, otherwise everything will be (and should be) blocked. Try it manually, and let us now if it works. After I believe we can fine tune the script to automate iptables rule too.
Sent from my Xperia Z3 Compact using Tapatalk
Posts: 9
Threads: 1
Joined: Sep 2016
Reputation:
0
[Not Solved]
Sep 05, 2016, 06:00 PM
(Sep 04, 2016, 07:23 PM)drake Wrote: Great work, I was not available for two days, and I wanted to reply now that you need to run the script as vpn user, but Mike already helped (very helpful, as always, thanks Mike). The script didn't work when not run as vpn user since the split tunnel rule block everything not run by vpn user - this is expected behaviour.
Now that you have the required port, did you try to add that port with the iptables rule I wrote? You need to allow the specific port in the iptables script, otherwise everything will be (and should be) blocked. Try it manually, and let us now if it works. After I believe we can fine tune the script to automate iptables rule too.
Sent from my Xperia Z3 Compact using Tapatalk
No worries
Well I tried adding the port to iptables.. The problem is now every time I restart openvpn the port from PIA changes..
|
|
|