You may want to do this if you can’t get your node online, open port checker tells you your port is closed AND the IP address shown is not the same as what your router’s WAN page says it is. Your ISP is using Carrier Grade NAT
Before you attempt to set up a tunnel you may want to try to get your ISP to turn off CGNAT. When you contact them, esp. on the phone, they will not understand what you need. Tell them you want to access a security camera from the outside. This worked for us twice, but then they refused, saying we must change to a business a/c with fixed IP at 3 times the cost.
I believe that if you use a tunnel you do not need to set up any port forwarding and dynamic IP, as SSH establishes the connection from the inside.
The following instructions are for Linux, but adapting them to Windows or MAC should not be too difficult.
- Create an account with portmap.io.
Follow the instructions for creating a configuration file for OpenVPN or SSH key using the ‘Generate’ button on ‘Create new configuration’ form. I chose SSH because the client is already installed on my server. Save the key as instructed, in /root/.ssh/ .
Change the file’s permissions:
sudo chmod /root/.ssh/yourfilenamehere
Create a mapping rule by specifying configuration created, remote and local ports. Leave blank the host header and IP allowed to access.
Copy the ssh command line in red using the little blue icon at the end. Paste into your favourite text editor.
- In the text editor add the following two options:
-o ExitOnForwardFailure=yes -o ServerAliveInterval=15
Your editor should now look similar to this:
ssh -i ~/.ssh/Beddhist.first.pem Beddhist.email@example.com -o ExitOnForwardFailure=yes -o ServerAliveInterval=15 -N -R XXXX:localhost:YY
/root . Verify that this is the correct path to the key file you have saved.
Beddhist.first corresponds to your userid on portmap.io, XXXX is the port that they assigned you and YY is the port number you have configured on your node, usually 28968 or close to that.
- Testing your tunnel
Open two terminal windows on your server. Position one window so that the bottom few lines remain visible at all times.
Run this command:
tail -f /var/log/syslog
[Noob info: you will monitor your system log with this. It’s normal to see a few lines appearing here from time to time.]
In the second window become root with:
Type your password at the prompt.
Start your node.
Copy the entire line starting with
ssh -i … from your editor window, paste it into the terminal and press Enter. If you get any error message here you need to fix this first. You will be asked whether to accept the host key. Answer yes (naturally…). You will not get your prompt back at this time, as you are running the ssh command interactively.
If you were successful you should not see any ssh error messages in your log window and the open port checker must show the port as open. If it doesn’t you need to find out why and fix it, before proceeding further here.
- Automating it
Back in the root terminal press Ctrl-C to kill ssh.
Create the systemd unit file:
(Note the ‘1’ at the end of the file name. I foresee running a 2nd node on my server soon.)
Paste this into the file:
[Unit] Description=SSH tunnel to portmap.io for storjnode1 After=network.target [Service] ExecStart= # Restart every >2 seconds to avoid StartLimitInterval failure RestartSec=5 Restart=always [Install] WantedBy=multi-user.target
Copy the ssh command line from your editor and paste it after
ExecStart= . There should be no space after the ‘=’.
Save and quit. [Noobs: Ctrl-O, Y, Ctrl-X]
Start the new service:
systemd start sshtunnel1
Your log window should show:
systemd: Started SSH tunnel to portmap.io for storjnode1.
Check to make sure your node is online.
Last, enable to start at boot time:
systemd enable sshtunnel1