Gargoyle Forum

Hello,
I have TP-Link TL-WR741ND v4 router.
I've installed Gargoyle on it.
When I'm within my intranet I can ssh/vpn to my Ubuntu server.
Yet when I'm outside my network (lets say at work) I can't access it at all.
I have place 2 rules for my Ubuntu server in the router, under
Individual Port Forwarding:
Protocol | From Port | To IP | To Port |Enabled
Both | 23 | 192.168.1.55 | 22 | marked true
Both | 1194 | 192.168.1.55 | 1194 |marked true
much more clear in the attached pic..

please advice.
again from within the network I can access my ssh server + vpn server.
from outside my network I can't access any of them.

What am I doing wrong?

When I'm within my intranet I can ssh/vpn to my Ubuntu server

you need to specfic VPN type

e.g. openvpn, ppptp............

I suspect "General Routing Encapsulation (GRE)" port problem. search this forum for "GRE"

Assuming port forwarding is working in this build (I wouldn't be surprised if it wasn't), you are attempting to forward port 23 to port 22... So you are trying to forward the standard telnet port to a ssh port. This will work as long as you know what you are doing and account for this with your ssh client. You are also trying to forward the openvpn port straight through, which is fine. Can you prove that your internet service provider isn't blocking any of these ports, and that your workplace isn't blocking outbound traffic to them either? Try running the "All Service Port" scan from GRC.

https://www.grc.com/x/ne.dll?bh0bkyd2

If ports 23 and 1194 are reported as open, things should be working fine and I would expect your workplace is the problem. Any port that is detected as being stealth is in fact being blocked by your ISP, because by default (and I am again assuming you haven't change this) Gargoyle sets closed ports to report back as closed, and does not drop the packet (which is what stealth means). If port 23 or 1194 is reported as closed, I would expect the problem is the port forwarding functionality of the router.

If you want to be really sure and prove whether port forwarding is working, you could also try forwarding a port outside of the service port range to port 22 on your ubuntu server and try to ssh to that port instead. I suppose there is always a chance that Gargoyle is intercepting ports 22, 23 and 1194 because it is capable itself (and may be currently running) telnet, ssh and OpenVPN. Using some other ports would get around a weird issue like this.

Thank you for the replays.
I have changed my home setup to test the issue, 2 wr742nd the server is behind the gargoyle (port forward 23 to port 22 and port 2222 to port 22) while it's WAN is connected on the LAN port of the other router (lets call it mainRouter).
Another computer is on the LAN of mainRouter and it try to ssh to the ubuntu server (ssh /vpn) - it fails.

I've scanned the gargoyle with nmap:
$nmap 96.1.0.101 -PN

Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-26 01:27 IST
Nmap scan report for 101_0_1_96-MIP_POOL_WEST_1x.telusmobility.com (96.1.0.101)
Host is up (0.00060s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
23/tcp filtered telnet
2222/tcp filtered unknown

I'm using openvpn , which is on the ubuntu since in the gargoyle docs openvpn isn't supported by my router..

I have tried with the described setup to see if the data even passes the router so on the Ubuntu I've installed wireshark.
It's log shows that the packet arrives but I don't know enough to dig from that the data for "why the ssh/vpn doesn't responds"

Attached 2 short logs of wireshark:
192.168.1.55 is my ubuntu server.
192.168.1.1 is my wr741nd gargoyle router.
This part showing ssh arrives yet not handled [is there a configuration flag preventing ssh from different subnet in the default sshd ??] ssh from within the same network ssh worked
Any ideas?