VPN port forwarding for Pi nodes?

MarkFeuer · September 21, 2022, 12:29am

Thanks for checking on that. I found another free option I was wondering if anyone had tested to see if it offered port forwarding. Ever heard of Bright VPN?

Alexey · September 21, 2022, 6:13am

Unauthorized advertisement is against Code of Conduct. Please suggest what you have tried, not just Ad with referral code.
See Terms of Service | Storj and Community Standards - Storj Community Forum (official)

MarkFeuer · September 21, 2022, 4:13pm

Sorry, that was a link copied from someone in a Reddit thread while I was researching this. I reached out to Bright support to see if they could explain if their VPN allows for TCP/UDP port forwarding.

agente · October 25, 2022, 12:38pm

simpleproxy can work with UDP too? I thought only tcp

MarkFeuer · January 24, 2024, 2:54pm

Hey all,

It’s been over a year since I last wrote about this, and my node has been sitting dormant because I couldn’t justify the cost of a VPS or VPN to operate a 2-terabyte node.

However, I freed up a 20-terabyte RAID array and that has renewed my interest in operating a node. I also now have some experience with ZeroTier and Tailscale from using their free tier for LAN tunneling some personal devices.

Has any form of a free option for getting around port blocks been discovered in the last year?

JWvdV · January 24, 2024, 7:04pm

See: Did anybody tried oracle free tier as vpn? - #28 by JWvdV

MarkFeuer · February 21, 2024, 5:52pm

This is really good info, and I conveniently just recently signed up for Oracle’s free tier. I’m testing between this and Portmap’s SSH option, but would using Wireguard/PiVPN force all of my Pi’s traffic to send through the Oracle VM or just the Storj node traffic? I have a couple other docker containers that ideally, shouldn’t go through that.

arrogantrabbit · February 21, 2024, 6:22pm

It’s up to you: Don’t set the default gateway to wireguard address and the outgoing traffic will be unaffected.

Upgrade your account to pay-as-you-go, to prevent Oracle from suspending your (almost idle, wireguard barely used any resources) instance for being idle.

MarkFeuer · February 21, 2024, 6:22pm

As a general update, I’ve been trying to get this up and running again with Portmap over SSH as described in this tutorial: Tutorial: tunneling through CGNAT with portmap.io & ssh

I believe I have everything set up properly, but I get a dead page for my node dashboard when I go to my device’s IP:14002. I checked my config.yaml and it looked like none of my settings when I executed the docker command were added, so I manually tweaked that file.

Here is what I ran initially when starting the storagenode docker container:

docker run -d --restart always --stop-timeout 300
-p 28967:28967/tcp
-p 14002:14002/udp
-p 127.0.0.1:14002:14002
-e WALLET=“[REDACTED]”
-e EMAIL=“[REDACTED]”
-e ADDRESS=“[REDACTED].portmap.host:60692”
-e STORAGE=“18TB”
–memory=800m
–log-opt max-size=50m
–log-opt max-file=10
–mount type=bind,source=/mnt/storj/storagenode/identity,destination=/app/identity
–mount type=bind,source=/mnt/storj/storagenode,destination=/app/config
–name storagenode storjlabs/storagenode:latest

Oracle may be my next option to try if I can’t get this working, or if this is no longer feasible through Portmap.

MarkFeuer · February 21, 2024, 6:26pm

I do also have a Mysterium node running on the instance and was thinking of even spinning up an internet radio station with it to increase the usage, but that’s a good idea to move to PAYG if it can help prevent suspension.

For default gateway, is that something I would need to intentionally configure to force all traffic through? Just wanting to make sure if that’s something I can avoid touching and everything would keep working. Thank you for the help too!

JWvdV · February 21, 2024, 6:49pm

How do you mean? You’ve got at least four IPs, from inner to outer:

Docker bridge, normally an 172.17.x.x/16 address
Your local LAN IP, normally something like 192.168.x.x/16 or 10.0.x.x/16 range.
Your ISP IP (if CG-NAT, it’s also different from the webspace IP).
The IP of portmap.

Of these IP-addresses you should use [LOCAL LAN IP]:14002

MarkFeuer · February 21, 2024, 8:49pm

Sorry for not clarifying, I meant the local LAN IP for my Raspberry Pi that was assigned by my router and I set as static. I also noticed on my router’s admin page that this device has two IP addresses, one for the ethernet connection and one for wifi I assume. And I can’t access the dashboard when I try either of the IPs in a browser from another computer.

I also have No-IP installed and running on this Pi, and the same DDNS bound to my router, but I don’t have it in play at all in the settings for my current docker container.

Roxor · February 21, 2024, 11:29pm

That 127.0.0.1 prefix only exposes 14002 to the local system (loopback). If you want to connect from anywhere else on your LAN, remove the “127.0.0.1:”. As long as you’re not also port-forwarding to that port from the Internet nobody else will be looking at your node stats

MarkFeuer · February 22, 2024, 1:18am

Thank you for catching that! Stopped and removed the docker command, then re-ran with this alteration, but I am still only getting a dead page:

docker run -d --restart always --stop-timeout 300
-p 28967:28967/tcp
-p 14002:14002/udp
-p 14002:14002
-e WALLET=“[REDACTED]”
-e EMAIL=“[REDACTED]”
-e ADDRESS=“tcp://[REDACTED].portmap.host:60692”
-e STORAGE=“18TB”
–memory=800m
–log-opt max-size=50m
–log-opt max-file=10
–mount type=bind,source=/mnt/storj/storagenode/identity,destination=/app/identity
–mount type=bind,source=/mnt/storj/storagenode,destination=/app/config
–name storagenode storjlabs/storagenode:latest

Would I also need to remove 127.0.0.1: or another detail from one of these entries in config.yaml?

server address of the api gateway and frontend app

console.address: 0.0.0.0:14002

OR

private address to listen on

server.private-address: 127.0.0.1:7778

I also have this entry that may need changed:

the public address of the node, useful for nodes behind NAT

contact.external-address: “tcp://[REDACTED].portmap.host:60692”

Beddhist · February 22, 2024, 1:43am

You did read about the update in the first post, I hope? If you get this working portmap will probably ban you.

There is another free tunneling service from CloudFlare that you can investigate.

Portmap caused me to lose my node and all earnings, so I’m out and back to mining Signum.

MarkFeuer · February 22, 2024, 2:07am

Yep, I saw that there was a potential for a ban and I was eyeing Oracle as a fallback option. The Cloudflare tunnel is a good idea, I am worried I am not experienced enough to pioneer it though. Is this what you’re referring to? Cloudflare Tunnel · Cloudflare Zero Trust docs

I do want to see if I can even get this node running with Portmap, but it’s not looking likely. I still can’t access the dashboard.

snorkel · February 22, 2024, 6:20am

First pair correct.
Second pair should be like the first one, with UDP.
Third pair correct.
If you set something in run comm., it will “overwrite” the setting in config.
No need to set it in both places. And from my expirience with Docker, is better to set everything in run comm., and never touch config.
Check my settings and put all ports in run comm.
I will update it with some new parameters, but those are ok too.
https://forum.storj.io/t/my-docker-run-commands-for-multinodes-on-synology-nas/22034

As a little sugestion, instead of trying and maybe paying all the VPN/VPS providers out there, maybe you can ask your friends/employer to let you use a part of their internet connection, through Wireguard.
Offer to buy them a new router (a model that supports Wireguard server), set a Wireguard server there without access to internal network, just to let them know you can’t access their LAN machines, and you are good to go. Don’t forget to set port forward of course, and reserve yourself a fixed LAN IP.