Peers Can't download from me. Port forwarding issue? (NordVPN)

nuentes commented 2 years ago

Is there a pinned issue for this?

[X] I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

[X] I have searched the existing issues
[X] I have searched the existing discussions

Is there any comment in the documentation for this?

[X] I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

[X] I have checked the provider repo for issues
[X] My issue is NOT related to a provider

Are you using the latest release?

[X] I am using the latest release

Have you tried using the dev branch latest?

[X] I have tried using dev branch

Docker run config used

relevent environment variables:

OPENVPN_PROVIDER=NORDVPN NORDVPN_COUNTRY=KR NORDVPN_CATEGORY=legacy_p2p NORDVPN_PROTOCOL=tcp

Current Behavior

I recently changed VPN providers from PIA to NordVPN. I have gotten Nord to connect successfully, however I'm having issues with seeding torrents. They appear as seeded, but peers are unable to download them from me. I believe this is because NordVPN does not offer port forwarding. PIA was working great with port forwarding.

I've seen this exact behavior when I was previously using PIA locally with Transmission with port forwarding off. I was able to download, but peers couldn't grab from me. I moved to this docker image in order to resolve that issue. And it was resolved until I changed providers.

What are my options?

Expected Behavior

peers would be able to download my torrents

How have you tried to solve the problem?

google mostly. I can see plenty of other people using Nord, however I can't find any solutions. I can only find a post that essentially says don't use Nord.

Log output

2022-03-09 17:03:29 Searching for technology: openvpn_tcp 2022-03-09 17:03:29 Best server : us9451.nordvpn.com 2022-03-09 17:03:29 Downloading config: default.ovpn 2022-03-09 17:03:29 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/us9451.nordvpn.com.tcp.ovpn 2022-03-09 17:03:29 Selecting the best server... 2022-03-09 17:03:29 Searching for country : KR (114) 2022-03-09 17:03:29 Searching for technology: openvpn_tcp 2022-03-09 17:03:29 Best server : kr40.nordvpn.com 2022-03-09 17:03:29 Downloading config: kr40.nordvpn.com.ovpn 2022-03-09 17:03:29 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/kr40.nordvpn.com.tcp.ovpn Starting OpenVPN using config kr40.nordvpn.com.ovpn Modifying /etc/openvpn/nordvpn/kr40.nordvpn.com.ovpn for best behaviour in this container Modification: Point auth-user-pass option to the username/password file Modification: Change ca certificate path Modification: Change ping options Modification: Update/set resolv-retry to 15 seconds Modification: Change tls-crypt keyfile path Modification: Set output verbosity to 3 Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop Setting OpenVPN credentials... adding route to local network 192.168.1.0/24 via 172.17.0.1 dev eth0 Wed Mar 9 17:03:32 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021 Wed Mar 9 17:03:32 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Wed Mar 9 17:03:32 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Wed Mar 9 17:03:32 2022 NOTE: --fast-io is disabled since we are not using UDP Wed Mar 9 17:03:32 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Wed Mar 9 17:03:32 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Wed Mar 9 17:03:32 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]172.107.194.171:443 Wed Mar 9 17:03:32 2022 Socket Buffers: R=[131072->131072] S=[16384->16384] Wed Mar 9 17:03:32 2022 Attempting to establish TCP connection with [AF_INET]172.107.194.171:443 [nonblock] Wed Mar 9 17:03:33 2022 TCP connection established with [AF_INET]172.107.194.171:443 Wed Mar 9 17:03:33 2022 TCP_CLIENT link local: (not bound) Wed Mar 9 17:03:33 2022 TCP_CLIENT link remote: [AF_INET]172.107.194.171:443 Wed Mar 9 17:03:33 2022 TLS: Initial packet from [AF_INET]172.107.194.171:443, sid=5f73f95b 45b918d1 Wed Mar 9 17:03:33 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed Mar 9 17:03:34 2022 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA Wed Mar 9 17:03:34 2022 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7 Wed Mar 9 17:03:34 2022 VERIFY KU OK Wed Mar 9 17:03:34 2022 Validating certificate extended key usage Wed Mar 9 17:03:34 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Mar 9 17:03:34 2022 VERIFY EKU OK Wed Mar 9 17:03:34 2022 VERIFY OK: depth=0, CN=kr40.nordvpn.com Wed Mar 9 17:03:35 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA Wed Mar 9 17:03:35 2022 [kr40.nordvpn.com] Peer Connection Initiated with [AF_INET]172.107.194.171:443 Wed Mar 9 17:03:36 2022 SENT CONTROL [kr40.nordvpn.com]: 'PUSH_REQUEST' (status=1) Wed Mar 9 17:03:36 2022 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.1.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: timers and/or timeouts modified Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: compression parms modified Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Wed Mar 9 17:03:36 2022 Socket Buffers: R=[131072->425984] S=[87040->425984] Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --ifconfig/up options modified Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: route options modified Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: route-related options modified Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: peer-id set Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: adjusting link_mtu to 1659 Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: data channel crypto options modified Wed Mar 9 17:03:36 2022 Data Channel: using negotiated cipher 'AES-256-GCM' Wed Mar 9 17:03:36 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Wed Mar 9 17:03:36 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Wed Mar 9 17:03:36 2022 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03 Wed Mar 9 17:03:36 2022 TUN/TAP device tun0 opened Wed Mar 9 17:03:36 2022 TUN/TAP TX queue length set to 100 Wed Mar 9 17:03:36 2022 /sbin/ip link set dev tun0 up mtu 1500 Wed Mar 9 17:03:36 2022 /sbin/ip addr add dev tun0 10.7.1.2/24 broadcast 10.7.1.255 Wed Mar 9 17:03:36 2022 /etc/openvpn/tunnelUp.sh tun0 1500 1587 10.7.1.2 255.255.255.0 init Up script executed with tun0 1500 1587 10.7.1.2 255.255.255.0 init Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.7.1.2 Updating Transmission settings.json with values from env variables Using existing settings.json for Transmission /config/settings.json Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.7.1.2 Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /mnt/2TB_1/Torrents Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /mnt/2TB_1/Torrents Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091 Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /mnt/2TB_1/Black Hole sed'ing True to true Enforcing ownership on transmission config directories Applying permissions to transmission config directories Setting owner for transmission paths to 1000:1000 Setting permissions for download and incomplete directories 2 Directories: 775 Files: 664 Setting permission for watch directory (775) and its files (664)

Transmission will run as

User name: abc User uid: 1000 User gid: 1000

STARTING TRANSMISSION Transmission startup script complete. Wed Mar 9 17:04:17 2022 /sbin/ip route add 172.107.194.171/32 via 172.17.0.1 Wed Mar 9 17:04:17 2022 /sbin/ip route add 0.0.0.0/1 via 10.7.1.1 Wed Mar 9 17:04:17 2022 /sbin/ip route add 128.0.0.0/1 via 10.7.1.1 Wed Mar 9 17:04:17 2022 Initialization Sequence Completed

HW/SW Environment

- OS: Ubuntu Mate
- Docker: not relevent in this case

Anything else?

No response

nuentes commented 2 years ago

I used this tool that NordVPN provides and found that the South Korea servers (what I was using) did not have any P2P server types. I have changed to BE (Belgium). I have not noticed any difference. So I believe I've ruled this out as the cause.

pkishino commented 2 years ago

Sorry, this is NOT a container issue but a provider issue, please read the carefully written explanations and not just tick the boxes…

haugene / vpn-configs-contrib