Port forwarding still closed?
Posted: Thu Sep 24, 2020 6:46 am
Hi there,
I've got an issue with the port forwarding function on a Gargoyle-equipped router. I manually forwarded a few ports in the firewall for different servers that need it.
Now, the setup is a bit more complex than I intended it to be. I simplified it to the relevant parts here.
Modem makes WAN IP available through DHCP -> Gargoyle 1.12 runs on old WesternDigital MyNet N600. Gargoyle firewall specifically allows ports 9091, 9093, and 5006 (non-privileged ports). It acts as the DHCP server for all LAN devices. No extra plugins are enabled. -> a Linux-based NAS runs an OpenVPN client. The server software then uses the tunnel to reach the Internet. -> a second NAS listens on port 5006.
Why not use the router as a client?
Well, first, I have a slow bandwidth of 30/10, but a comparatively large number of devices. Even without saturating the bandwidth or the connections, the single-core CPU inside the N600 routinely gets past 1.00 load during video conference calls / about 300 connections. The CPU doesn't seem powerful enough.
And second, the OpenVPN client configuration page in Gargoyle is really confusing. It doesn't direclty take the parameters the way VPN providers are giving them them (config file ending in .ovpn [not ZIP] + username + password), instead asks for obscure ones such as CA certificate, client certificate, TLS-auth-key, etc. Nowhere to enter username / password. On the other hand, the NAS command line allows to use a .ovpn file, then asks for a username, then a password, then proceeds to establish the connection. I have yet to find a way to daemonize it, but closing the terminal window does it. A bit crude, but at least it doesn't ask for nonsense.
So, when testing the first 2 ports with a web-based ports-checking tool against the WAN IP given by the VPN provider, I find these ports closed. Same goes for port 5006: il always appears as closed.
Why are the ports still closed? Where's my configuration faulty?
I've got an issue with the port forwarding function on a Gargoyle-equipped router. I manually forwarded a few ports in the firewall for different servers that need it.
Now, the setup is a bit more complex than I intended it to be. I simplified it to the relevant parts here.
Modem makes WAN IP available through DHCP -> Gargoyle 1.12 runs on old WesternDigital MyNet N600. Gargoyle firewall specifically allows ports 9091, 9093, and 5006 (non-privileged ports). It acts as the DHCP server for all LAN devices. No extra plugins are enabled. -> a Linux-based NAS runs an OpenVPN client. The server software then uses the tunnel to reach the Internet. -> a second NAS listens on port 5006.
Why not use the router as a client?
Well, first, I have a slow bandwidth of 30/10, but a comparatively large number of devices. Even without saturating the bandwidth or the connections, the single-core CPU inside the N600 routinely gets past 1.00 load during video conference calls / about 300 connections. The CPU doesn't seem powerful enough.
And second, the OpenVPN client configuration page in Gargoyle is really confusing. It doesn't direclty take the parameters the way VPN providers are giving them them (config file ending in .ovpn [not ZIP] + username + password), instead asks for obscure ones such as CA certificate, client certificate, TLS-auth-key, etc. Nowhere to enter username / password. On the other hand, the NAS command line allows to use a .ovpn file, then asks for a username, then a password, then proceeds to establish the connection. I have yet to find a way to daemonize it, but closing the terminal window does it. A bit crude, but at least it doesn't ask for nonsense.
So, when testing the first 2 ports with a web-based ports-checking tool against the WAN IP given by the VPN provider, I find these ports closed. Same goes for port 5006: il always appears as closed.
Why are the ports still closed? Where's my configuration faulty?