VPN port forward to node on Docker Desktop Windows

mars_9t · March 20, 2023, 5:05pm

I am trying to prepare a contingency plan for my node in case of an ISP failure. I have a spare LTE connection that just stays unused most of the time. Would like to have it do something when a crisis arises.

The LTE has no public IP and no port forwarding, so I want to use VPN from portmap.io, but I’m having trouble making it work with docker. I’ve created a config on portmap.io to route a single TCP port. Clearly the node is not able to communicate using that port.

What’s working:

Node on docker with my regular internet, having public IP and port forwarding
portmap.io VPN, tested using netcat listen on the port specified (single TCP port)
Node as a service (“GUI install”) with VPN (status is online, quic misconfigured, but works)

What’s not working:

Node on docker with VPN (status offline, quic obviously misconfigured)

Setups I’ve tried (port changed to 12345 for extra obscurity):

[1] Regular docker run:
docker run -d --stop-timeout 300 -p 10.9.62.82:12345:28967/tcp -p 10.9.62.82:12345:28967/udp -p 127.0.0.1:14002:14002 -e WALLET="[REDACTED]" -e EMAIL="[REDACTED]" -e ADDRESS="[REDACTED].portmap.host:12345" -e STORAGE="500GB" --mount type=bind,source="F:\identity\",destination=/app/identity --mount type=bind,source="F:\config\",destination=/app/config --name storagenode storjlabs/storagenode:latest

Results in:

2023-03-20 17:55:42 2023-03-20T16:55:42.374Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "12tRQrMTWUWwzwGh18i7Fqs67kmdhH9t6aToeiwbo5mfS2rUmo"}
2023-03-20 17:55:42 2023-03-20T16:55:42.397Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "1wFTAgs9DP5RSnCqKV1eLf6N9wtk4EAtmN5DpSxcs8EjT69tGE"}
2023-03-20 17:55:42 2023-03-20T16:55:42.406Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6"}
2023-03-20 17:55:42 2023-03-20T16:55:42.421Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S"}
2023-03-20 17:55:42 2023-03-20T16:55:42.425Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs"}
2023-03-20 17:57:51 2023-03-20T16:57:51.715Z    ERROR   contact:service ping satellite failed   {"Process": "storagenode", "Satellite ID": "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S", "attempts": 1, "error": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out", "errorVerbose": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatelliteOnce:147\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatellite:101\n\tstorj.io/storj/storagenode/contact.(*Chore).updateCycles.func1:87\n\tstorj.io/common/sync2.(*Cycle).Run:99\n\tstorj.io/common/sync2.(*Cycle).Start.func1:77\n\tgolang.org/x/sync/errgroup.(*Group).Go.func1:75"}
2023-03-20 17:57:51 2023-03-20T16:57:51.764Z    ERROR   contact:service ping satellite failed   {"Process": "storagenode", "Satellite ID": "1wFTAgs9DP5RSnCqKV1eLf6N9wtk4EAtmN5DpSxcs8EjT69tGE", "attempts": 1, "error": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out", "errorVerbose": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatelliteOnce:147\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatellite:101\n\tstorj.io/storj/storagenode/contact.(*Chore).updateCycles.func1:87\n\tstorj.io/common/sync2.(*Cycle).Run:99\n\tstorj.io/common/sync2.(*Cycle).Start.func1:77\n\tgolang.org/x/sync/errgroup.(*Group).Go.func1:75"}
... continues for all sats ...

And:

[2] Use VPN’s assigned IP (mine in network, not server’s) in port mapping:
docker run -d --stop-timeout 300 -p 10.9.62.82:12345:28967/tcp -p 10.9.62.82:12345:28967/udp -p 127.0.0.1:14002:14002 -e WALLET="[REDACTED]" -e EMAIL="[REDACTED]" -e ADDRESS="[REDACTED].portmap.host:12345" -e STORAGE="500GB" --mount type=bind,source="F:\identity\",destination=/app/identity --mount type=bind,source="F:\config\",destination=/app/config --name storagenode storjlabs/storagenode:latest

Results in the same output:

2023-03-20 17:09:26 2023-03-20T16:09:26.478Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "1wFTAgs9DP5RSnCqKV1eLf6N9wtk4EAtmN5DpSxcs8EjT69tGE"}
2023-03-20 17:09:26 2023-03-20T16:09:26.490Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S"}
2023-03-20 17:09:26 2023-03-20T16:09:26.499Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6"}
2023-03-20 17:09:26 2023-03-20T16:09:26.518Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs"}
2023-03-20 17:09:26 2023-03-20T16:09:26.521Z    INFO    pieces:trash    emptying trash started  {"Process": "storagenode", "Satellite ID": "12tRQrMTWUWwzwGh18i7Fqs67kmdhH9t6aToeiwbo5mfS2rUmo"}
2023-03-20 17:09:46 2023-03-20T16:09:46.822Z    INFO    orders.12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S      sending {"Process": "storagenode", "count": 3}
2023-03-20 17:09:47 2023-03-20T16:09:47.396Z    INFO    orders.12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S      finished        {"Process": "storagenode"}
2023-03-20 17:11:35 2023-03-20T16:11:35.363Z    ERROR   contact:service ping satellite failed   {"Process": "storagenode", "Satellite ID": "12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs", "attempts": 1, "error": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out", "errorVerbose": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatelliteOnce:147\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatellite:101\n\tstorj.io/storj/storagenode/contact.(*Chore).updateCycles.func1:87\n\tstorj.io/common/sync2.(*Cycle).Run:99\n\tstorj.io/common/sync2.(*Cycle).Start.func1:77\n\tgolang.org/x/sync/errgroup.(*Group).Go.func1:75"}
2023-03-20 17:11:36 2023-03-20T16:11:36.078Z    ERROR   contact:service ping satellite failed   {"Process": "storagenode", "Satellite ID": "1wFTAgs9DP5RSnCqKV1eLf6N9wtk4EAtmN5DpSxcs8EjT69tGE", "attempts": 1, "error": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out", "errorVerbose": "ping satellite: failed to ping storage node, your node indicated error code: 0, rpc: tcp connector failed: rpc: dial tcp 193.161.193.99:12345: connect: connection timed out\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatelliteOnce:147\n\tstorj.io/storj/storagenode/contact.(*Service).pingSatellite:101\n\tstorj.io/storj/storagenode/contact.(*Chore).updateCycles.func1:87\n\tstorj.io/common/sync2.(*Cycle).Run:99\n\tstorj.io/common/sync2.(*Cycle).Start.func1:77\n\tgolang.org/x/sync/errgroup.(*Group).Go.func1:75"}
... continues for all sats ...

and

No other ERRORS prior to ones shown, though in case [1] it previously showed something else, but now it’s ping satellite failed for both.

What can be done to make it work?

Using OpenVPN Connect application
Windows 10 Home 22H2 (I know, Home sucks, but it doesn’t work on Pro either)
Docker Desktop 4.17.0 (99724) with WSL 2 engine

Knowledge · March 20, 2023, 7:03pm

I don’t think you need the IP in front of the UDP and TCP lines. Just the port number forwarding.

I’m assuming the VPN is sitting on the host OS. I know someone was trying to get a VPN container to talk to a Storj container, but that didn’t seem to work.

mars_9t · March 20, 2023, 7:21pm

Saw it done in some places so I gave it a try.

Yes, OpenVPN is running on a host (Windows).

Container to container - seems a bit unnecessary complication to already “why it just doesn’t work”. If anything, modifying the storagenode image to have VPN running there could be a solution

And host to container should be as easy as general port forwarding is :V

Knowledge · March 20, 2023, 8:29pm

We do have a guide for PIA VPN configuration with Docker - https://support.storj.io/hc/en-us/articles/360026892971-Running-a-V3-Storage-Node-with-PIA-VPN-

I think your run command looks right. Are you able to load the dashboard at all?

mars_9t · March 20, 2023, 8:48pm

Saw it, checked it - everything besides specifics of PIA/DUC/DDNS seems to be the same.

Yes. As stated in first post, it just shows the node is offline

Knowledge · March 20, 2023, 8:48pm

Did you try yougetsignal to see if the ports are open?

mars_9t · March 20, 2023, 8:53pm

Yes. It shows that port is closed when node is in the above state.

To rule out other settings preventing it, I’ve listened with ncat -l 12345, checked port on the site - it showed it’s open. So I guess the host is ready. It’s “just” a matter of routing that into docker.

Knowledge · March 20, 2023, 8:54pm

I mean, I’m assuming you saw Buddhist’s post about this…

He also mentions that portmap.io kicked him for using it with Storj.

mars_9t · March 20, 2023, 8:56pm

I saw it. But:

This is new portmap account, so I assume it would work at least for some time before being banned
It works with GUI install (Online, Misconfigured)

Alexey · March 21, 2023, 4:09am

Please try to remove IP from the Port mapping in your docker run command. But it could not work too.
However, since docker on Windows uses a Linux VM in wsl2, you likely need to run OpenVPN client in the wsl2, not on your host.

mars_9t · March 21, 2023, 2:41pm

I’ve tried both versions already

I was near that conclusion based on what I’ve found before going to sleep. Now I checked it and it seems that docker-desktop distro is a castrate - running BusyBox and doesn’t have any general things you might expect. No apt, yum, make, gcc, nothing. Adding anything to it would be a real PITA (at least for someone with my knowledge).

But… I found that I could just install new distro into the WSL and register it with Docker Desktop. So I grabbed Ubuntu, registered, entered shell, installed openvpn, ran it, started storagenode container and it works :V