Bitcoin Forum
September 23, 2018, 03:52:58 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Full node through VPN  (Read 52 times)
mvan128
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
February 07, 2018, 12:59:19 AM
 #1

Sorry for not being closely bitcoind related issue, but any help is appreciated:

1. I successfuly setup my bitcoin full node based on bitcoind 0.15.1 running on odroid hc1 with ubuntu and ssd disk connected through hc1 sata. I really like the compact setup. It has synced today in less then 2 days
2. I run it in my home network, connected to internet via cable to home router. I don't have public IP, as my ISP does not provide it, exposes one shared outside IP
3. I have unlimited data plan so I am trying to achieve that my node is reachable by other nodes so I
    - setup OpenVPN server on small ubuntu VPS with public IP I have, seems to work correctly
    - setup OpenVPN client on my odroid, seems to work
    - setup tunneling of traffic through OpenVPN server (https://linode.com/docs/networking/vpn/tunnel-your-internet-traffic-through-an-openvpn-server/)
4. After setup, my odroid annouces IP address of VPN server (wget -qO- http://ipecho.net/plain ; echo), and keeps multiple connections to other nodes

However when I try to reach my node through Bitnodes or other port checker I get port 8333 (and actually all other common ports except 22) closed.

I am using iptables-persistent with rules advised in linode docs, where I added rules for bitcoin mainnet / testnet / lightning ports. I have ufw firewall rules (but ports does not work with ufw disabled anyway). I have net.ipv4.ip_forward=1 enabled in /etc/sysctl.d/99-sysctl.conf and openvpn server.conf setup accordingly on my VPS.

Here are mine /etc/iptables/rules.v4, once again any help appreciated

Code:
                                        File: /etc/iptables/rules.v4

# Generated by iptables-save v1.6.0 on Wed Feb  7 00:59:06 2018
*nat
:PREROUTING ACCEPT [3:185]
:INPUT ACCEPT [2:88]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.89.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.89.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Feb  7 00:59:06 2018
# Generated by iptables-save v1.6.0 on Wed Feb  7 00:59:06 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 8333 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 18333 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 9735 -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state NEW,ESTABLISHED -m udp --dport 1194 -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state ESTABLISHED -m udp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 443 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_INPUT_denied: "
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -s 10.89.0.0/24 -i tun0 -o eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "iptables_FORWARD_denied: "
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 8333 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 18333 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 9735 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state ESTABLISHED -m udp --sport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state NEW,ESTABLISHED -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_OUTPUT_denied: "
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT

Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
aleksej996
Sr. Member
****
Offline Offline

Activity: 406
Merit: 301


Do not trust the government


View Profile WWW
February 07, 2018, 07:02:30 PM
 #2

Have you used bind argument for bitcoind (you can add it to bitcoin.conf file) with the IP of your VPS that you are trying to connect on?

Btw, you can use Tor if you like to setup a hidden service so you can get inbound connections through your hidden service address.
This is quite easy with Bitcoin Core as the support for it is very well integrated. You can even set it up automatically with an argument for bitcoind.

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE !

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!