Closed ports when using VPN client

Fliegenfalle · 2014-02-08 01:45:39

I'm running Transmission bittorrent on client-side and configured my port shares so that everything is just fine. I did it by adding a rule for my LAN router and setting up the predefined transmission ufw rule.
My problem is that all ports are closed for Transmission after I connected to my personal VPN. The VPN provider doesn't block any ports he explained.

So what do I have to do in order to set up a port share for the OpenVPN tunnel adapter that Transmission can connect through?

Thank you in advance (sorry guys if I was just blind when searching on the Internet for a while ^^)

Jannis

Rexilion · 2014-02-10 14:24:56

Here is my best guess: Once you connect to your VPN, all traffic is redirected over this connection. Since the VPN provider is *not* forwarding the torrent ports, the ports appear to be closed in transmission.

Fliegenfalle · 2014-02-11 23:35:39

Mhm this seems legit at least noone can tell something different.
I'll contact the VPN guy again I think. He's kind of a geek and he is responsible for the whole service so I'm wondering if he closed the ports indeed and told me they were open. Mysterious

Last edited by Fliegenfalle (2014-02-17 20:58:56)

Rexilion · 2014-02-12 05:55:14

There is a slight difference in understanding here, I think.

He might have opened the ports, but *not* forward them (correctly).

Fliegenfalle · 2014-02-12 06:25:49

Yes, I have also heard that some ISPs block ports when using VPN but that may be irritating for this topic

Rexilion · 2014-02-12 10:21:28

I would not know how that would be possible without hacking the credentials used for the VPN.

Furthermore, OpenVPN uses tun/tap devices. Maybe you need to look at your end of the firewall. Maybe use tcpdump?

Fliegenfalle · 2014-02-16 22:24:37

Rexilion wrote:

I would not know how that would be possible without hacking the credentials used for the VPN

hacking the credentials? Do you know a post which explains the context?

Rexilion wrote:

Maybe use tcpdump?

well, thank you for the idea

$ sudo tcpdump -i tun0
22:59:59.745054 IP google-public-dns-a.google.com.domain > archdesktop.39808: 50663 1/0/0 PTR transmissionbt.com. (75)
22:59:59.767607 IP transmissionbt.com.http > archdesktop.60731: Flags [P.], seq 161:166, ack 152, win 108, options [nop,nop,TS val 2994357953 ecr 4805043], length 5
22:59:59.767641 IP archdesktop.60731 > transmissionbt.com.http: Flags [.], ack 166, win 237, options [nop,nop,TS val 4805061 ecr 2994357953], length 0
23:00:00.031406 IP archdesktop.60726 > transmissionbt.com.http: Flags [F.], seq 0, ack 1, win 237, options [nop,nop,TS val 4805141 ecr 2994335415], length 0
23:00:00.544686 IP archdesktop.60726 > transmissionbt.com.http: Flags [F.], seq 0, ack 1, win 237, options [nop,nop,TS val 4805295 ecr 2994335415], length 0
23:00:01.574738 IP archdesktop.60726 > transmissionbt.com.http: Flags [F.], seq 0, ack 1, win 237, options [nop,nop,TS val 4805604 ecr 2994335415], length 0
23:00:03.634763 IP archdesktop.60726 > transmissionbt.com.http: Flags [F.], seq 0, ack 1, win 237, options [nop,nop,TS val 4806222 ecr 2994335415], length 0
23:00:05.603465 IP transmissionbt.com.http > archdesktop.60731: Flags [F.], seq 166, ack 152, win 108, options [nop,nop,TS val 2994359412 ecr 4805061], length 0
23:00:05.641361 IP archdesktop.60731 > transmissionbt.com.http: Flags [.], ack 167, win 237, options [nop,nop,TS val 4806824 ecr 2994359412], length 0
23:00:07.748104 IP archdesktop.60726 > transmissionbt.com.http: Flags [F.], seq 0, ack 1, win 237, options [nop,nop,TS val 4807456 ecr 2994335415], length 0

Google provides the DNS resolve as shown btw it's on VPN side doesn't it?

vs

$ sudo tcpdump >lan device without vpn<
23:09:19.330891 IP fritz.box.domain > archdesktop.fritz.box.35475: 6213 1/1/0 CNAME vm1-ipv4.transmissionbt.com. (123)
23:09:19.332735 IP archdesktop.fritz.box.55404 > transmissionbt.com.http: Flags [S], seq 3777571741, win 29200, options [mss 1460,sackOK,TS val 4972931 ecr 0,nop,wscale 7], length 0
23:09:19.375504 IP6 2001:41d0:52:300::917.51413 > archdesktop.51413: UDP, length 49
23:09:19.377032 IP transmissionbt.com.http > archdesktop.fritz.box.55404: Flags [S.], seq 2615252068, ack 3777571742, win 5792, options [mss 1380,sackOK,TS val 2994497853 ecr 4972931,nop,wscale 6], length 0
23:09:19.377067 IP archdesktop.fritz.box.55404 > transmissionbt.com.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 4972944 ecr 2994497853], length 0
23:09:19.377094 IP archdesktop.fritz.box.55404 > transmissionbt.com.http: Flags [P.], seq 1:152, ack 1, win 229, options [nop,nop,TS val 4972944 ecr 2994497853], length 151
23:09:19.422040 IP transmissionbt.com.http > archdesktop.fritz.box.55404: Flags [.], ack 152, win 108, options [nop,nop,TS val 2994497865 ecr 4972944], length 0
23:09:19.422079 IP transmissionbt.com.35115 > archdesktop.fritz.box.51413: Flags [S], seq 2715110152, win 5840, options [mss 1380,sackOK,TS val 2994497865 ecr 0,nop,wscale 6], length 0
23:09:19.422166 IP archdesktop.fritz.box.51413 > transmissionbt.com.35115: Flags [S.], seq 3497137966, ack 2715110153, win 28960, options [mss 1460,sackOK,TS val 4972958 ecr 2994497865,nop,wscale 7], length 0
23:09:19.465791 IP transmissionbt.com.35115 > archdesktop.fritz.box.51413: Flags [.], ack 1, win 92, options [nop,nop,TS val 2994497876 ecr 4972958], length 0
23:09:19.465832 IP transmissionbt.com.35115 > archdesktop.fritz.box.51413: Flags [F.], seq 1, ack 1, win 92, options [nop,nop,TS val 2994497876 ecr 4972958], length 0
23:09:19.465849 IP transmissionbt.com.http > archdesktop.fritz.box.55404: Flags [P.], seq 1:161, ack 152, win 108, options [nop,nop,TS val 2994497876 ecr 4972944], length 160
23:09:19.465864 IP archdesktop.fritz.box.55404 > transmissionbt.com.http: Flags [.], ack 161, win 237, options [nop,nop,TS val 4972971 ecr 2994497876], length 0
23:09:19.468028 IP archdesktop.fritz.box.51413 > transmissionbt.com.35115: Flags [.], ack 2, win 227, options [nop,nop,TS val 4972972 ecr 2994497876], length 0
23:09:19.510574 IP transmissionbt.com.http > archdesktop.fritz.box.55404: Flags [P.], seq 161:166, ack 152, win 108, options [nop,nop,TS val 2994497887 ecr 4972971], length 5
23:09:19.510617 IP archdesktop.fritz.box.55404 > transmissionbt.com.http: Flags [.], ack 166, win 237, options [nop,nop,TS val 4972984 ecr 2994497887], length 0
23:09:19.621340 IP archdesktop.fritz.box.51413 > transmissionbt.com.35115: Flags [F.], seq 1, ack 2, win 227, options [nop,nop,TS val 4973018 ecr 2994497876], length 0
23:09:19.664541 IP transmissionbt.com.35115 > archdesktop.fritz.box.51413: Flags [.], ack 2, win 92, options [nop,nop,TS val 2994497925 ecr 4973018], length 0

fritz.box is the router here, 51413 the port everything is about (and archdesktop always my host).

Looks like no income through the port on tun0. Is there possibly an issue with the router or isn't the port forwarded to me as mentioned before? Feels like almost solved

Rexilion · 2014-02-17 07:04:17

It's like transmission does not even bother to try the port with VPN. Did you censor these logs?

Fliegenfalle · 2014-02-17 20:53:11

No, I didn't cut out any lines.
I checked it again but it does work on the Transmission side.
I tried it in Microsoft Windows with uTorrent and I discovered a strange issue: It displays a small upload speed like it would seed correctly but the total upload is 0. uTorrent shows me that I configured the port correctly in addition.

I think I will contact my VPN provider again.
That's it, thank you again. If you know how to get some additional information about the issue that I can report to him please tell me.

Jannis

Rexilion · 2014-02-18 06:21:10

Ow, I get it. Transmissionbt.com is used for testing if the port is open. Did you do that with the tcpdump+vpn combo? If yes, then it's a port or route problem. Also, please show me the output of:

/sbin/ip route list table 0

Fliegenfalle · 2014-02-18 06:32:40

The first one was tcpdump -i (interface) tun0 for VPN the second I postet completely without.
In my last answer I wrote that it works because even when VPN is activated Transmission contacts the peers (in tcpdump myhost.port -> remote host).

And the routing table (just censored my public ip):

$ /sbin/ip route list table 0
default via 10.8.0.113 dev tun0  proto static 
10.8.0.1 via 10.8.0.113 dev tun0  proto static 
10.8.0.113 dev tun0  proto kernel  scope link  src 10.8.0.114 
xx.xxx.x.xxx via 192.168.178.1 dev enp6s0  proto static 
192.168.178.0/24 dev enp6s0  proto kernel  scope link  src 192.168.178.75  metric 1 
local 10.8.0.114 dev tun0  table local  proto kernel  scope host  src 10.8.0.114 
broadcast 10.8.0.114 dev tun0  table local  proto kernel  scope link  src 10.8.0.114 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
broadcast 192.168.178.0 dev enp6s0  table local  proto kernel  scope link  src 192.168.178.75 
local 192.168.178.75 dev enp6s0  table local  proto kernel  scope host  src 192.168.178.75 
broadcast 192.168.178.255 dev enp6s0  table local  proto kernel  scope link  src 192.168.178.75 
local ::1 dev lo  proto kernel  metric 256 
2002:5cc2:69c3::/64 dev enp6s0  proto kernel  metric 256  expires 6655sec
fe80::/64 dev enp6s0  proto kernel  metric 256 
default via fe80::be05:43ff:fee8:acd7 dev enp6s0  proto ra  metric 1024  expires 1695sec
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101
local ::1 dev lo  table local  proto none  metric 0 
local 2002:5cc2:69c3:0:be5f:f4ff:fe77:91fe dev lo  table local  proto none  metric 0 
local fe80::be5f:f4ff:fe77:91fe dev lo  table local  proto none  metric 0 
ff00::/8 dev enp6s0  table local  metric 256 
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101

Last edited by Fliegenfalle (2014-02-19 00:21:11)

Arch Linux

#1 2014-02-08 01:45:39

Closed ports when using VPN client

#2 2014-02-10 14:24:56

Re: Closed ports when using VPN client

#3 2014-02-11 23:35:39

Re: Closed ports when using VPN client

#4 2014-02-12 05:55:14

Re: Closed ports when using VPN client

#5 2014-02-12 06:25:49

Re: Closed ports when using VPN client

#6 2014-02-12 10:21:28

Re: Closed ports when using VPN client

#7 2014-02-16 22:24:37

Re: Closed ports when using VPN client

#8 2014-02-17 07:04:17

Re: Closed ports when using VPN client

#9 2014-02-17 20:53:11

Re: Closed ports when using VPN client

#10 2014-02-18 06:21:10

Re: Closed ports when using VPN client

#11 2014-02-18 06:32:40

Re: Closed ports when using VPN client

Board footer