PrivateVPN native port forwarding #1859
Comments
|
I was able to get the port open with I am able to reach this port (from another device) via my isp directly or while connected to other vpn service, but unable when connected to PrivateVPN. Maybe this has something to do with private vpn blocking access due to their ip-leak-vulnerability-when-using-port-forward but not certain Also not really sure if this brings any security concerns. Edit 06-May-2024: To workaround this issue you'll need to get your open port from above mentioned link https://connect.pvdatanet.com/v3/Api/port?ip[]=<vpn_local_ip_here> and set it in the gluetun container via iptables, e.g. if port is docker exec gluetun /sbin/iptables -A INPUT -i tun0 -p tcp --dport 12345 -j ACCEPT
docker exec gluetun /sbin/iptables -A INPUT -i tun0 -p udp --dport 12345 -j ACCEPTto check if port was added docker exec gluetun /sbin/iptables -L -v |
qdm12
changed the title
|
This can be automated (similarly to Private Internet Access and ProtonVPN port forwarding). Please try image Also, what's the response you get when requesting from a "Dedicated IP server"? I'm especially curious about what the |
|
this is good news actually, thank you :) unfortunately currently i don't have a chance to test this out |
I just tried this, but unfortunately it doesn't work. I get this error: X.X.X.X being the public IP I get on the VPN. I'm assuming that this is the IP sent to the pvdatanet.com API endpoint. The IP that needs to be used in that URL however is the internal address assigned to the tun0 interface, not the public address. Anyway, in case it may be helpful, I'm sharing how I've made this sort of work using a cronjob that runs a script every 5 minutes. The script just checks if the port has changed since last time it was run, and adds the firewall rules as well as updates the forwarded port in Transmission. Method shamelessly nicked from here: https://github.com/haugene/vpn-configs-contrib/blob/main/openvpn/privatevpn/update-port.sh #!/bin/bash
source /path/to/envfile # Only necessary for Transmission if using authentication, must contain the variable TR_AUTH=username:password (or just change $TR_AUTH to username:password in the docker exec-command below if you're comfortable with putting auth-info in a script)
PORTFILE=/path/to/portfile.txt # A textfile to store the forwarded port
if [ ! -f $PORTFILE ]; then
echo 0 > $PORTFILE
fi
LAST_PORT=$(cat $PORTFILE)
TUN_ADDR=$(docker exec gluetun ip address show dev tun0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1)
PORT_RESPONSE=$(curl -s -f "https://connect.pvdatanet.com/v3/Api/port?ip%5B%5D=$TUN_ADDR")
CURRENT_PORT=$(echo "$PORT_RESPONSE" | grep -oe 'Port [0-9]*' | awk '{print $2}' | cut -d/ -f1)
if [ $LAST_PORT != $CURRENT_PORT ]; then
# Store the new port
echo $CURRENT_PORT > $PORTFILE
# Remove the old port firewall rules (if they exist, otherwise this will print errors, but I don't care)
docker exec gluetun /sbin/iptables-legacy -D INPUT -i tun0 -p tcp --dport $LAST_PORT -j ACCEPT
docker exec gluetun /sbin/iptables-legacy -D INPUT -i tun0 -p udp --dport $LAST_PORT -j ACCEPT
# Add the new port to the firewall
docker exec gluetun /sbin/iptables-legacy -A INPUT -i tun0 -p tcp --dport $CURRENT_PORT -j ACCEPT
docker exec gluetun /sbin/iptables-legacy -A INPUT -i tun0 -p udp --dport $CURRENT_PORT -j ACCEPT
# Update the port in Transmission (just remove "-n $TR_AUTH" if not using authentication)
docker exec transmission transmission-remote localhost:9091 -n $TR_AUTH -p $CURRENT_PORT
fiIt's not pretty, but it gets the job done until a more streamlined solution is possible ;) |
Correct, and yes that was the mistake! Changed in 5cc29a7 to use the internal vpn ip address. Can you please re-pull the image and see if it works now?
That is definitely something I'm starting to think would be a great addition for torrent clients built-in Gluetun, to update their port. Deluge, transmission, qbittorent to name a few. |
|
Im using this via docker, is there a build I can help test with? Im really keen to get this up and running. |
|
This is looking very promising. Im getting this error using the suggested build and using these ports in my yaml and Transmission. ports: Log At least the containers health now. I hope this helps. |
I think this is expected as you should not set the port yourself, but rather use the one that is assigned by PrivateVPN. |
If so, then how does Gluten know what port to use? So far we have to specifiy the ports, is there a variable that gets the ports and adds it to Transmission? What am i missing here? |
I think that currently it doesn't add anyting to transmission. Proceed smth like this: Gluetun starts and gets the open port from pvpn and opens it in the firewall. Then, you get the port from gluetun control server (there is an edpoint to read forwarded port) manual. Add that port in transmission network settings (and see closed red turning to open green) |
|
I dont know what any of that means manual. It makes no refrence on how to connect to the container. The best I can do is connect via the Container console in Portainer. Any chnage the port can just be noted in the Log please? I think this would make sense to 99% of people reading this.
|
This is fixed now, can you please repull the image and check it works? |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Apologies for not testing this again before now. The IP-address used in the check now seems to be correct, but it still doesn't work. This is the relevant output (at least everything I think is relevant): If I run the following command manually (xxx.xxx.xxx.xxx being the tun0 IP): I assume there's something wrong in parsing the output since the error message includes the status from the output. |
You have to use the image from the PR where Port Forwarding for PrivateVPN is being worked on, not the latest release. In other words, instead of But as per my previous comment, Port Forwarding doesn't currently work. |
|
Thanks @NorseJedi - fixed in b692bdd to extract the port properly. It should work now I hope 😉 |
|
Great, getting closer :) The ipinfo.io error probably isn't relevant for this, but the second error is a bit confusing. I assume this is related to the |
I just want to say thanks so much for the effort here! Its really appricated! Sorry, I miss understood. I pulled the lastest version not gluetun:pr-2285. This now works, port open.
|
|
So, two things, is there any way the port can be static (as it comes from the VPN Provider I guess not)? If I reboot either Gluetun or Transmission it will change I guess (this is the case, just checked). So, these means manually checking and setting this port each time or update Transmission dynamically? |
Fixed in c35c3da - just an error wrap I thought would be nice (for all providers), but it turned out I forgot to check if there was no error (hence the ugly
See https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/port-forwarding.md you could use |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Merging this in the latest image, thanks for checking it works @NorseJedi @Silversurfer79 ! |
|
Closed issues are NOT monitored, so commenting here is likely to be not seen. This is an automated comment setup because @qdm12 is the sole maintainer of this project |
|
@Silversurfer79 please can you share your docker compose ? |
You must use this Image: image: qmcgaw/gluetun:pr-2285 version: "3" |
Not anymore :) It was added to the latest release yesterday, so using |
|
Thanks @Silversurfer79 , It works... now there's only one problem left to solve. |
If you run them both in Docker, you can use this script and run it at intervals through cron (I run it every 30 minutes). It's not a very sophisticated script, but it gets the job done. All it does is run the port-test in Transmission and update the port if it's not open. #!/bin/bash
GT_CONTAINER=gluetun # Gluetun container name
TR_CONTAINER=transmission # Transmission container name
TR_PORT=9091 # Transmission RPC-port
TR_AUTH=username:password # Transmission RPC username and password
PORT_OPEN=$(docker exec $TR_CONTAINER transmission-remote localhost:$TR_PORT -n $TR_AUTH -pt)
PORT_OPEN=${PORT_OPEN##* }
if [[ $PORT_OPEN != "Yes" ]]; then
CURRENT_PORT=$(docker exec $GT_CONTAINER cat /tmp/gluetun/forwarded_port)
docker exec $TR_CONTAINER transmission-remote localhost:$TR_PORT -n $TR_AUTH -p $CURRENT_PORT
fiNote that this is only tested with the official gluetun image and the |
|
I'll try it right away. Thank you! |
|
It works! Thanks |
Im glad this is woirking for you. Dont forget to use the advise
|
|
Maybe there's still an issue. Every time I start the container, I get these errors I would like to highlight the following errors in particular: |
|
@teopost post ur compose file, your email address is also in the log. I dont get that error. |
|
the compose is this: I've done several tests, and it seems the problem isn't consistent. It occurs when I recreate the container using: I've also noticed that some errors change when the value of SERVER_COUNTRIES is changed. PS: The email address in the log file is a fake |
|
Id suggest removting these and trying again, neither are needed and may cause issues. The server list is pulled from the web from the last update and the health check is done from what I have seen auomatically at times anyway.
|
I am sorry for my english level, maybe i cant express what i mean accurately.
I hope that the app can be support native port forwarding for PrivateVPN.
For this, I got the port forwarding API method and found out it by sending emails to official support team.
Some openvpn config:
https://ovpnstorage.privatevpn.com/
Port forwarding api:
https://connect.pvdatanet.com/v3/Api/port?ip[]=<vpn_local_ip_here>
that will return a json format result
When connecting to a Dedicated IP server it will be port forwarded to all the ports, else it will provide a port randomly.
The text was updated successfully, but these errors were encountered: