Bitcoin Forum
October 16, 2018, 07:18:31 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Full node through VPN  (Read 52 times)
mvan128
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
February 07, 2018, 12:59:19 AM
 #1

Sorry for not being closely bitcoind related issue, but any help is appreciated:

1. I successfuly setup my bitcoin full node based on bitcoind 0.15.1 running on odroid hc1 with ubuntu and ssd disk connected through hc1 sata. I really like the compact setup. It has synced today in less then 2 days
2. I run it in my home network, connected to internet via cable to home router. I don't have public IP, as my ISP does not provide it, exposes one shared outside IP
3. I have unlimited data plan so I am trying to achieve that my node is reachable by other nodes so I
    - setup OpenVPN server on small ubuntu VPS with public IP I have, seems to work correctly
    - setup OpenVPN client on my odroid, seems to work
    - setup tunneling of traffic through OpenVPN server (https://linode.com/docs/networking/vpn/tunnel-your-internet-traffic-through-an-openvpn-server/)
4. After setup, my odroid annouces IP address of VPN server (wget -qO- http://ipecho.net/plain ; echo), and keeps multiple connections to other nodes

However when I try to reach my node through Bitnodes or other port checker I get port 8333 (and actually all other common ports except 22) closed.

I am using iptables-persistent with rules advised in linode docs, where I added rules for bitcoin mainnet / testnet / lightning ports. I have ufw firewall rules (but ports does not work with ufw disabled anyway). I have net.ipv4.ip_forward=1 enabled in /etc/sysctl.d/99-sysctl.conf and openvpn server.conf setup accordingly on my VPS.

Here are mine /etc/iptables/rules.v4, once again any help appreciated

Code:
                                        File: /etc/iptables/rules.v4

# Generated by iptables-save v1.6.0 on Wed Feb  7 00:59:06 2018
*nat
:PREROUTING ACCEPT [3:185]
:INPUT ACCEPT [2:88]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.89.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.89.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Feb  7 00:59:06 2018
# Generated by iptables-save v1.6.0 on Wed Feb  7 00:59:06 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 8333 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 18333 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 9735 -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state NEW,ESTABLISHED -m udp --dport 1194 -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state ESTABLISHED -m udp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 443 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_INPUT_denied: "
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -s 10.89.0.0/24 -i tun0 -o eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "iptables_FORWARD_denied: "
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 8333 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 18333 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED -m tcp --sport 9735 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state ESTABLISHED -m udp --sport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state NEW,ESTABLISHED -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_OUTPUT_denied: "
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT

1539674311
Hero Member
*
Offline Offline

Posts: 1539674311

View Profile Personal Message (Offline)

Ignore
1539674311
Reply with quote  #2

1539674311
Report to moderator
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539674311
Hero Member
*
Offline Offline

Posts: 1539674311

View Profile Personal Message (Offline)

Ignore
1539674311
Reply with quote  #2

1539674311
Report to moderator
aleksej996
Sr. Member
****
Offline Offline

Activity: 420
Merit: 311


Do not trust the government


View Profile WWW
February 07, 2018, 07:02:30 PM
 #2

Have you used bind argument for bitcoind (you can add it to bitcoin.conf file) with the IP of your VPS that you are trying to connect on?

Btw, you can use Tor if you like to setup a hidden service so you can get inbound connections through your hidden service address.
This is quite easy with Bitcoin Core as the support for it is very well integrated. You can even set it up automatically with an argument for bitcoind.

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE !

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!