You are here

NO-IP Port Check Tool

17 posts / 0 new
Last post
KI0EO
NO-IP Port Check Tool

Hello,
 I am trying to setup a Tunnel Server and am having an issue.
I've registered a DNS (ki0eomesh.hopto.org) using NO-IP.
I have the account setup and I am running DUC v4.1.1 on one of my machines on my network.
I've got port forwarding setup on my router (ASUS RT-AC1900P) .
I am forwarding to the Bullets WAN ip.

When I use the "open port check tool" I get an error "connection refused".

I am not a port forwarding network guru by any means, but I can stumble my way through.
I have configured port forwarding for Echolink access for my repeaters...etc...etc.

I currently have a Bullet M2HP plugged into a Cisco 2950 switch.
The port is configured to trunk VLAN's 1, 2, 24.
I have several access ports configured for VLAN 24.
The machine that runs the DUC software is plugged into one of the VLAN 24 access ports.
When I check the status of DUC, it shows the client, update and IP statuses as OK.
Also, I have a WAN access port configured on the switch to access VLAN 1.

I've tried disabling the firewall on the ASUS router, but I still get the "connection refused" error.
My provider is Premier.
I've scoured this forum and am unable to come up with a solution.
Hopefully I haven't missed any of my details here, trying to keep this from being too long. :)

Thanks,
Don...KI0EO...


 

KI0EO
Port 8080

Just to add to this.
I just tried forwarding port 8080 and the "Open Port Check Tool" checks ok.
I changed the forward to port 80 and I get "connection refused".

Don...KI0EO...

n0kfb
n0kfb's picture
Hello Don
Hello Don

What ports do you have forwarding on your internet router? When I try to connect to ki0eomesh.hopto.org:8080 from here, I get no reply.

I've not done tunneling with AREDN, but as far as I can tell you need to forward port 5525 to make this work, and I get no reply on this port either.

I hope this is helpful

--Dan Meyer / n0kfb
KI0EO
Hi Dan,
Hi Dan,

I should be forwarding port 5525.
I have now also setup forwarding on port 8080.

I can run the open port check tool and see 8080 but no luck with 5525.
FWIW, I'm forwarding to the WAN port on the Bullet. 192.168.1.xxx

Thanks,
Don...KI0EO...
n0kfb
n0kfb's picture
Hi Don
Hi Don

I can now see your Bullet on port 8080.

I don't think I fully understand what my port scanner is doing, and I don't see any traffic leaving my computer on port 5525 when I monitor the port scanner with Wireshark.

I'll see what I can do later this evening with one of my nodes and see if I can tunnel to your network.

--Dan Meyer / n0kfb
k1ky
k1ky's picture
You can telnet as a test
You should be able to telnet to the addy:5525 and the VTUN server will answer back when you have it setup correctly as a test.  Can't test from your own domain - must try from the outside.
 
KI0EO
Thanks Dan and Tom.
Thanks Dan and Tom.

Dan, if you like, I can set up a client for you.
Tom, I'll try from a friends house tomorrow or from work on Monday.

One thing to note.
When I don't have the port set up in the router, I get a "connection timed out" error.
When I do have the port set up in the router, I get a "connection refused" error.

Could that be the Bullet refusing the connection ?

Also, sorry for the delayed posts, I'm in and out of the house today.
We are having phenomenally warm weather for NW Iowa today.
We have to take advantage of it when we can. :)

Don...KI0EO...
n0kfb
n0kfb's picture
Hi Don

Hi Don

No problem on not being right on top of this; I've been enjoying the nice weather in the Minneapolis - St Paul area myself!

I can connect to port 80; I can not connect on port 5525; interestingly something on your side see my connection attempt and reset the connection immediately. From here I can not tell what device is killing the connection. Are you port forwarding both TCP and UDP packets on port 5525 thru your router?

I have attached a screenshot from WIreshark. I hope it helps.

--Dan Meyer / n0kfb

Image Attachments: 
KI0EO
Dan,
Dan,

Yes I have the router set to forward UDP and TCP.
I did set port forward to UDP only. At that point I get a "connection timeout" error.
When I set it to TCP only, I get a "connection refused" error.
So, I believe UDP is not forwarding through the router.

I'll set my router to port forward UDP only.

Thanks for your help !
Don...KI0EO...
KI0EO
Update,
Update,

I have emailed my ISP to inquire if port 5525 is blocked at their level.

Don...KI0EO...
 
n0kfb
n0kfb's picture
Hi Don
Hi Don

I am going to guess that your ISP isn't blocking anything.

You say you are running a Cisco switch? If so, you can turn on port mirroring and watch all traffic to and from your Ubiquiti device using Wireshark pretty easily.

Let me know, and I can help you with this process.

--Dan Meyer / n0kfb
KI0EO
Thanks Dan,
Thanks Dan,

I will give that a try.

Don...KI0EO...
KI0EO
Capture

Below is a Wireshark capture when the "port check tool" was running a query.

FWIW, if I port forward the MESH WAN 8080 port, I can log into the Bullet from work and manipulate some of the pages.
To me this proves that I can forward port 8080.
Also I got a response from my ISP and they advised that they do not block port 5525.

I think my next test is to just deploy another Mesh node with the tunnel server set up and see if it works.
I think it's possible the port check tool is not working with port 5525.

Thanks,
Don...KI0EO...


 

K5DLQ
K5DLQ's picture
the easiest way to check that
the easiest way to check that your external router is configured to port forward 5525 (and your ISP is not blocking it) is to ssh (putty) to your DDNS address using port 5525.   If you see a response like "VTUN 3.x", then it is configured properly.

You should also ensure that you have added a tunnel client entry on your server node and that entry is enabled.  (It needs at least one enabled client entry in order for the tunnel server process to start).
 
KI0EO
Thanks Darryl !

I did not have a client entry enabled on my server node.
When I enabled it, I can now see the port is open, using the port check tool.

Apparently I hadn't searched hard enough to find this answer, Thanks again !

Don...KI0EO...

K5DLQ
K5DLQ's picture
hooray!  :-)
hooray!  :-)
w6bi
w6bi's picture
Hostname length?
There is a length restriction on the hostname when tunneling.   I recall it being somewhere around 22 characters.   Could that be your issue?

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer