Feature request: port forwarding for Perfect Privacy

[jagaimoworks]

What's the feature 🧐

As far as I can tell, Gluetun currently expects forwarded ports to be known at startup which doesn´t work for PP (Perfect Privacy) which bases their forwarded ports on the internal IP of the created tunnel, meaning that the forwarded ports are only known while the tunnel is up.

PP dynamically chooeses their forwarded ports based on their port calculation logic which they provide in their faq as such:

#!/bin/bash
[[ "$#" -eq 1 ]] || exit 1

IPv4_ADDR=${1}
IFS='.' read -ra ADDR <<< "$IPv4_ADDR"
function d2b() {
    printf "%08d" $(echo "obase=2;$1"|bc)
}
port_bin="$(d2b ${ADDR[2]})$(d2b ${ADDR[3]})"
port_dec=$(printf "%04d" $(echo "ibase=2;${port_bin:4}"|bc))
for i in 1 2 3; do
    echo "$i$port_dec"
done

With this said, native support would be greatly appreciated.

Extra information and references

No response

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[qdm12]

With this said, native support would be greatly appreciated.

Sure! That also seems like the easiest solution to this problem.

Can you try the image qmcgaw/gluetun:pr-2378 with VPN_PORT_FORWARDING=on to check if it works? Corresponding code is at #2378 and it basically finds your VPN assigned IP address and then computes the 3 ports as Perfect privacy describes.

Quick question, is port forwarding enabled on all their servers??

[jagaimoworks]

I can confirm port forwarding working with the aforementioned image. Great work!

Would it be possible to get the option to specify the number of ports Gluetun should open? I think most cases only require one and you generally do not want to keep ports open that you don´t use.

Regarding your question, as far as I can tell all of Perfect Privacy's servers allow for port forwarding.

[qdm12]

I can confirm port forwarding working with the aforementioned image. Great work!

Great, merged in the master branch 💯

Would it be possible to get the option to specify the number of ports Gluetun should open? I think most cases only require one and you generally do not want to keep ports open that you don´t use.

That's rather unneeded in this case, since the 3 ports are computed from the assigned IP. Nothing is requested through an API etc. so these ports are always forwarded whatever Gluetun does. On the other hand, yes the Gluetun firewall allows traffic on all 3 ports, but if nothing listens on your end, that should be fine. Anyway, since you cannot predict these 3 ports numbers, there is no point security-wise restricting allowing 3 random ports down to 1 random port in the firewall I would say. In both cases, you would need to adapt your other applications listening ports. Having said that, I'll re-consider doing it when doing #2381 😉

Regarding your question, as far as I can tell all of Perfect Privacy's servers allow for port forwarding.

👍

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

[olvier]

long story short: What do i have to do, to get an open port?

I checked the internal IP from the logs, and pasted into the port-calculator from PP.
Then i checked for open ports with portchecker.co and portchecker.de, but all three ports are still closed.
Any suggestion, where to start for failure analysis?

I stopped my NAS with working tunnel, moved to another location, started gluetun again with "re-create" in portainer (and pull of new image), and now it doesn't work as supposed :(

Last image pull was from 2024-04-08, so i tried again with v3.38 (from but still no luck.

Any help highly appreciated

[jagaimoworks]

@olvier as this probably isn´t the right place to answer your questions, I replied to your discussion (#1182) instead.