Hello,
I am trying to setup a Tunnel Server and am having an issue.
I've registered a DNS (ki0eomesh.hopto.org) using NO-IP.
I have the account setup and I am running DUC v4.1.1 on one of my machines on my network.
I've got port forwarding setup on my router (ASUS RT-AC1900P) .
I am forwarding to the Bullets WAN ip.
When I use the "open port check tool" I get an error "connection refused".
I am not a port forwarding network guru by any means, but I can stumble my way through.
I have configured port forwarding for Echolink access for my repeaters...etc...etc.
I currently have a Bullet M2HP plugged into a Cisco 2950 switch.
The port is configured to trunk VLAN's 1, 2, 24.
I have several access ports configured for VLAN 24.
The machine that runs the DUC software is plugged into one of the VLAN 24 access ports.
When I check the status of DUC, it shows the client, update and IP statuses as OK.
Also, I have a WAN access port configured on the switch to access VLAN 1.
I've tried disabling the firewall on the ASUS router, but I still get the "connection refused" error.
My provider is Premier.
I've scoured this forum and am unable to come up with a solution.
Hopefully I haven't missed any of my details here, trying to keep this from being too long. :)
Thanks,
Don...KI0EO...
Just to add to this.
I just tried forwarding port 8080 and the "Open Port Check Tool" checks ok.
I changed the forward to port 80 and I get "connection refused".
Don...KI0EO...
What ports do you have forwarding on your internet router? When I try to connect to ki0eomesh.hopto.org:8080 from here, I get no reply.
I've not done tunneling with AREDN, but as far as I can tell you need to forward port 5525 to make this work, and I get no reply on this port either.
I hope this is helpful
--Dan Meyer / n0kfb
I should be forwarding port 5525.
I have now also setup forwarding on port 8080.
I can run the open port check tool and see 8080 but no luck with 5525.
FWIW, I'm forwarding to the WAN port on the Bullet. 192.168.1.xxx
Thanks,
Don...KI0EO...
I can now see your Bullet on port 8080.
I don't think I fully understand what my port scanner is doing, and I don't see any traffic leaving my computer on port 5525 when I monitor the port scanner with Wireshark.
I'll see what I can do later this evening with one of my nodes and see if I can tunnel to your network.
--Dan Meyer / n0kfb
Dan, if you like, I can set up a client for you.
Tom, I'll try from a friends house tomorrow or from work on Monday.
One thing to note.
When I don't have the port set up in the router, I get a "connection timed out" error.
When I do have the port set up in the router, I get a "connection refused" error.
Could that be the Bullet refusing the connection ?
Also, sorry for the delayed posts, I'm in and out of the house today.
We are having phenomenally warm weather for NW Iowa today.
We have to take advantage of it when we can. :)
Don...KI0EO...
Hi Don
No problem on not being right on top of this; I've been enjoying the nice weather in the Minneapolis - St Paul area myself!
I can connect to port 80; I can not connect on port 5525; interestingly something on your side see my connection attempt and reset the connection immediately. From here I can not tell what device is killing the connection. Are you port forwarding both TCP and UDP packets on port 5525 thru your router?
I have attached a screenshot from WIreshark. I hope it helps.
--Dan Meyer / n0kfb
Yes I have the router set to forward UDP and TCP.
I did set port forward to UDP only. At that point I get a "connection timeout" error.
When I set it to TCP only, I get a "connection refused" error.
So, I believe UDP is not forwarding through the router.
I'll set my router to port forward UDP only.
Thanks for your help !
Don...KI0EO...
I have emailed my ISP to inquire if port 5525 is blocked at their level.
Don...KI0EO...
I am going to guess that your ISP isn't blocking anything.
You say you are running a Cisco switch? If so, you can turn on port mirroring and watch all traffic to and from your Ubiquiti device using Wireshark pretty easily.
Let me know, and I can help you with this process.
--Dan Meyer / n0kfb
I will give that a try.
Don...KI0EO...
Below is a Wireshark capture when the "port check tool" was running a query.
FWIW, if I port forward the MESH WAN 8080 port, I can log into the Bullet from work and manipulate some of the pages.
To me this proves that I can forward port 8080.
Also I got a response from my ISP and they advised that they do not block port 5525.
I think my next test is to just deploy another Mesh node with the tunnel server set up and see if it works.
I think it's possible the port check tool is not working with port 5525.
Thanks,
Don...KI0EO...
You should also ensure that you have added a tunnel client entry on your server node and that entry is enabled. (It needs at least one enabled client entry in order for the tunnel server process to start).
I did not have a client entry enabled on my server node.
When I enabled it, I can now see the port is open, using the port check tool.
Apparently I hadn't searched hard enough to find this answer, Thanks again !
Don...KI0EO...