Missing instructions for determing what port has been fowarded

[pops64]

I have been looking through the wiki as I was thinking of migrating to proton for my VPN service provider. I plan on using Wiregraud. And I understand the instructions on how to set up the connection. But there seems to be no steps on how to determine what port has been forwarded to gluetun by Proton. As the instructions provided by proton state that you have to request a port and this is when it is determined. Is it printed in the logs? Is there some command I can run to retrieve it short of using grep on the logs? I saw the HTTP control server will print it out for openvpn, but I am using wiregraud would this also work or would it be a differnt get request?

I need this information for my torrent client. Or does enabling UPnP on my torrent client automatically fetch the correct port that is forwarded, I would still prefer to manual configure it?

[invertedEcho]

@pops64 You can find the port from the logs of gluetun, e.g.

docker logs dockers-gluetun-1 | grep "port forwarded is" | awk '{print $NF}'

Will return you the port number assigned for forwarding (assuming you get the same output as me)

If you want to do this automatically, for example because your vpn provider changes the port, you could look into programmatically changing the port in your Torrent Client.
As an example, for qbittorrent, you could use their API
https://github.com/qbittorrent/qBittorrent/wiki/WebUI-API-(qBittorrent-4.1)

[cohenchris]

I would love for this to be included in the Wireguard API, like it is here in the OpenVPN section: https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#openvpn

[kainzilla]

I would love for this to be included in the Wireguard API, like it is here in the OpenVPN section: https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#openvpn

Just as a heads up, this actually already works - even though the URL says openvpn, it populates with the port for the current Wireguard connection

[cohenchris]

I would love for this to be included in the Wireguard API, like it is here in the OpenVPN section: https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#openvpn

Just as a heads up, this actually already works - even though the URL says openvpn, it populates with the port for the current Wireguard connection

This is not the case for my setup

[clemfernandez]

Here is a working configuration for ProtonVPN:

    volumes:
      - /tmp/gluetun:/tmp/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn

Then the forwarded port is available either on your Docker host /tmp/forwarded-port or through the control server via GET /v1/openvpn/portforwarded, as @kainzilla mentionned.

[pentago]

Does this ProtonVPN forwarded port stay up for a user forever or does it change occasionally?
If it changes, how often and in which situations?

I wonder if I need to reconfigure my torrent client each time I restart my docker compose project.

[pops64]

It changes. Not sure on the schedule. I have had some where it changes on a gluetun server restart and other where I have had it going for a long time. Defiantly would suggest automating this into your torrent client. Would be a nice feature request of gluetun not to sure how feasible due to the sheer amount of clients out there

[kainzilla]

Does this ProtonVPN forwarded port stay up for a user forever or does it change occasionally? If it changes, how often and in which situations?

Here's what I have observed about the port forwarding behavior:

• The port has to be re-requested regularly to keep it open; Gluetun currently does this for you - it times out in approximately 60s if renewal requests don't regularly come through.
• After the 60s window passes, if your client requests a port again (example: the VPN client restarted or the system you were running it on restarted and took over a minute) within an unknown-but-short period of time (think 5-10mins), your client will actually get the same port again.
• After not having requested ports for more than this unknown period of time, the next time you request a port forward again, the port being forwarded will likely be different; it's randomly selected on Proton's end when you make the request.
• The above only applies when you are connecting to the same VPN server on Proton's end, if you connect to a different server, you would get a completely different port (which makes sense, different servers aren't going to know what your port was on a prior server).

[pentago]

Thanks for the explanation! In that case, I'd rather just use other service as this way too much guesswork to deal with, I need something more reliable just didn't find such provider yet. Seems lately forwarded ports became real scarcity for some reason.

[qdm12]

Please subscribe to qdm12/gluetun#1751 there has been quite some discussion on how to do it. I'm working on a built-in solution, ideally to solve it for qbitorrnet, transmission and deluge, since this is rather popular and it has been itching me for years to do it 😄 I'll close this issue in favor of 1751.

Now regarding:

I would love for this to be included in the Wireguard API, like it is here in the OpenVPN section

It is. I've also updated the documentation yesterday I think, to reflect some routes work for both openvpn and wireguard. It's a bit horrible naming due to historical reasons, when wireguard wasn't supported.
It's also available in the file /tmp/forwarded-port which you could watch for changes.

@kainzilla awesome final write-up, thanks 💯

@pentago AFAIK

• ProtonVPN basically removes your port when you disconnect (and you can keep it within the unknown period)
• Private Internet access keeps the same port across all servers, but it has a fixed expiration, usually 60 days
• perfectprivacy removes your port when you disconnect (wip Feature request: port forwarding for Perfect Privacy gluetun#2368)
• privatevpn removes your port when you disconnect (wip feat(perfectprivacy): port forwarding support gluetun#2378)

There are also other providers (for exmaple I think Torguard) supporting port forwarding without custom code to obtain and maintain the port, but I have no clue when/if it expires.

[github-actions]

Closed issues are NOT monitored, so commenting here will NOT be seen by the maintainer.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor closed issues for additional comments.