VPN port forwarding for Pi nodes?

Node Operators
,
21

Thanks for checking on that. I found another free option I was wondering if anyone had tested to see if it offered port forwarding. Ever heard of Bright VPN?

22

Unauthorized advertisement is against Code of Conduct. Please suggest what you have tried, not just Ad with referral code.
See Terms of Service | Storj and Community Standards - Storj Community Forum (official)

2 Likes
23

Sorry, that was a link copied from someone in a Reddit thread while I was researching this. I reached out to Bright support to see if they could explain if their VPN allows for TCP/UDP port forwarding.

1 Like
24

simpleproxy can work with UDP too? I thought only tcp

25

Hey all,

It’s been over a year since I last wrote about this, and my node has been sitting dormant because I couldn’t justify the cost of a VPS or VPN to operate a 2-terabyte node.

However, I freed up a 20-terabyte RAID array and that has renewed my interest in operating a node. I also now have some experience with ZeroTier and Tailscale from using their free tier for LAN tunneling some personal devices.

Has any form of a free option for getting around port blocks been discovered in the last year?

26

See: Did anybody tried oracle free tier as vpn? - #28 by JWvdV

27

This is really good info, and I conveniently just recently signed up for Oracle’s free tier. I’m testing between this and Portmap’s SSH option, but would using Wireguard/PiVPN force all of my Pi’s traffic to send through the Oracle VM or just the Storj node traffic? I have a couple other docker containers that ideally, shouldn’t go through that.

28

It’s up to you: Don’t set the default gateway to wireguard address and the outgoing traffic will be unaffected.

Upgrade your account to pay-as-you-go, to prevent Oracle from suspending your (almost idle, wireguard barely used any resources) instance for being idle.

29

As a general update, I’ve been trying to get this up and running again with Portmap over SSH as described in this tutorial: Tutorial: tunneling through CGNAT with portmap.io & ssh

I believe I have everything set up properly, but I get a dead page for my node dashboard when I go to my device’s IP:14002. I checked my config.yaml and it looked like none of my settings when I executed the docker command were added, so I manually tweaked that file.

Here is what I ran initially when starting the storagenode docker container:

docker run -d --restart always --stop-timeout 300
-p 28967:28967/tcp
-p 14002:14002/udp
-p 127.0.0.1:14002:14002
-e WALLET=“[REDACTED]”
-e EMAIL=“[REDACTED]”
-e ADDRESS=“[REDACTED].portmap.host:60692”
-e STORAGE=“18TB”
–memory=800m
–log-opt max-size=50m
–log-opt max-file=10
–mount type=bind,source=/mnt/storj/storagenode/identity,destination=/app/identity
–mount type=bind,source=/mnt/storj/storagenode,destination=/app/config
–name storagenode storjlabs/storagenode:latest

Oracle may be my next option to try if I can’t get this working, or if this is no longer feasible through Portmap.

30

I do also have a Mysterium node running on the instance and was thinking of even spinning up an internet radio station with it to increase the usage, but that’s a good idea to move to PAYG if it can help prevent suspension.

For default gateway, is that something I would need to intentionally configure to force all traffic through? Just wanting to make sure if that’s something I can avoid touching and everything would keep working. Thank you for the help too!

31

How do you mean? You’ve got at least four IPs, from inner to outer:

  • Docker bridge, normally an 172.17.x.x/16 address
  • Your local LAN IP, normally something like 192.168.x.x/16 or 10.0.x.x/16 range.
  • Your ISP IP (if CG-NAT, it’s also different from the webspace IP).
  • The IP of portmap.

Of these IP-addresses you should use [LOCAL LAN IP]:14002

32

Sorry for not clarifying, I meant the local LAN IP for my Raspberry Pi that was assigned by my router and I set as static. I also noticed on my router’s admin page that this device has two IP addresses, one for the ethernet connection and one for wifi I assume. And I can’t access the dashboard when I try either of the IPs in a browser from another computer.

I also have No-IP installed and running on this Pi, and the same DDNS bound to my router, but I don’t have it in play at all in the settings for my current docker container.

33

That 127.0.0.1 prefix only exposes 14002 to the local system (loopback). If you want to connect from anywhere else on your LAN, remove the “127.0.0.1:”. As long as you’re not also port-forwarding to that port from the Internet nobody else will be looking at your node stats :slight_smile:

2 Likes
34

Thank you for catching that! Stopped and removed the docker command, then re-ran with this alteration, but I am still only getting a dead page:

docker run -d --restart always --stop-timeout 300
-p 28967:28967/tcp
-p 14002:14002/udp
-p 14002:14002
-e WALLET=“[REDACTED]”
-e EMAIL=“[REDACTED]”
-e ADDRESS=“tcp://[REDACTED].portmap.host:60692”
-e STORAGE=“18TB”
–memory=800m
–log-opt max-size=50m
–log-opt max-file=10
–mount type=bind,source=/mnt/storj/storagenode/identity,destination=/app/identity
–mount type=bind,source=/mnt/storj/storagenode,destination=/app/config
–name storagenode storjlabs/storagenode:latest

Would I also need to remove 127.0.0.1: or another detail from one of these entries in config.yaml?

server address of the api gateway and frontend app

console.address: 0.0.0.0:14002

OR

private address to listen on

server.private-address: 127.0.0.1:7778

I also have this entry that may need changed:

the public address of the node, useful for nodes behind NAT

contact.external-address: “tcp://[REDACTED].portmap.host:60692”

35

You did read about the update in the first post, I hope? If you get this working portmap will probably ban you.

There is another free tunneling service from CloudFlare that you can investigate.

Portmap caused me to lose my node and all earnings, so I’m out and back to mining Signum.

36

Yep, I saw that there was a potential for a ban and I was eyeing Oracle as a fallback option. The Cloudflare tunnel is a good idea, I am worried I am not experienced enough to pioneer it though. Is this what you’re referring to? Cloudflare Tunnel · Cloudflare Zero Trust docs

I do want to see if I can even get this node running with Portmap, but it’s not looking likely. I still can’t access the dashboard.

37

First pair correct.
Second pair should be like the first one, with UDP.
Third pair correct.
If you set something in run comm., it will “overwrite” the setting in config.
No need to set it in both places. And from my expirience with Docker, is better to set everything in run comm., and never touch config.
Check my settings and put all ports in run comm.
I will update it with some new parameters, but those are ok too.
https://forum.storj.io/t/my-docker-run-commands-for-multinodes-on-synology-nas/22034

As a little sugestion, instead of trying and maybe paying all the VPN/VPS providers out there, maybe you can ask your friends/employer to let you use a part of their internet connection, through Wireguard.
Offer to buy them a new router (a model that supports Wireguard server), set a Wireguard server there without access to internal network, just to let them know you can’t access their LAN machines, and you are good to go. Don’t forget to set port forward of course, and reserve yourself a fixed LAN IP.

1 Like
38

Thank you for your help with this. Speaking of that Wireguard idea, I actually gave up on Portmap and decided to go the Oracle route. I have a Wireguard server set up on a free instance in a PAYG account, but now I’m running into issues getting the Pi Storj node to actually connect to the Oracle server. I have my ingress rules on the Oracle instance configured properly, and I also copied @JWvdV 's .conf interface rules and swapped in my respective port. But when I use the client to ping the server with ping -c 3 10.66.66.1 none of the packets go through.

I followed the guide here like @JWvdV suggested, and used this script for the initial server and client install. I believe I have the client and server .conf files set up properly, but I think what’s tripping me up is the public IP config for Wireguard, or in config.yaml. Do I need to use the public IP visible on the Oracle website for the instance for contact.external-address in config.yaml?

My storagenode docker container keeps restarting every 10 seconds or so, so I can’t get into the web interface on the Pi node’s local IP. But when I run docker exec -it storagenode /app/dashboard.sh I get this string of errors:

2024-07-02T16:13:43Z INFO Configuration loaded {“Process”: “storagenode”, “Location”: “/app/config/config.yaml”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “healthcheck.enabled”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “operator.email”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “version.server-address”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “storage.allocated-disk-space”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “server.private-address”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “storage.allocated-bandwidth”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “console.address”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “operator.wallet-features”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “contact.external-address”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “healthcheck.details”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “operator.wallet”}
2024-07-02T16:13:43Z INFO Invalid configuration file key {“Process”: “storagenode”, “Key”: “server.address”}
{Node ID loaded}
Error: rpc: dial tcp 127.0.0.1:7778: connect: connection refused

39

Maybe this is needed:

https://github.com/ugurrdemirel/wireguard-oracle-cloud-install

40

Well, I updated the iptables on my Oracle instance to allow the port I set for Wireguard, to see if I was missing that. Now that I rebooted, I can’t SSH or RDP into the instance at all. I think the Myst node I already had on it is still running, but not sure why I can’t get in.