Can't get external sites to see an open port

[waveform]

EDIT
Sorry, this is not an ISP GCNAT issue as I originally thought. My apologies.

The original message pertained to me not being able to see my open port at port testing websites, but this was from the VPN. However, there was a strange (100.64.100.x) IP showing in netstat on the same line as my port I had opened for qBit, which I'm assuming was the server IP of the VPN's shared IP. I'm not sure though. This strange IP was in addition to the public VPN server IP was also getting in my router at the same time.

 

[notgoingtologinagain]

Is the 100.64.X.X address as a result of a VPN? I would expect that to be on the Asus, not your PC with the netstat command.

 

[beers]

Classic CGNAT. You can tunnel out of it to an anchor VPS or something but it also adds latency.

If you can leverage the IPv6 stack you can usually accept connections via that transport protocol instead.

 

[notgoingtologinagain]

Classic CGNAT. You can tunnel out of it to an anchor VPS or something but it also adds latency.

If you can leverage the IPv6 stack you can usually accept connections via that transport protocol instead.

You sure about this? He says he gets a regular IP address on his router. The 100.64.X.X address is a result of netstat. Sounds like his computer has this as an IP address as opposed to his router which is where the CGNAT address would be.

 

[beers]

You sure about this? He says he gets a regular IP address on his router. The 100.64.X.X address is a result of netstat. Sounds like his computer has this as an IP address as opposed to his router which is where the CGNAT address would be.

100.64 is cgnat space, his internal network is 192.168 space per the screenshot. You’re just working off of a description.

 

[notgoingtologinagain]

100.64 is cgnat space, his internal network is 192.168 space per the screenshot. You’re just working off of a description.

Since he doesn't provide anything useful more than a description, it is all I can work off of. The CGNAT running from netstat would seem to be from his PC (this is my assumption, most people can't run this from a router). His PC shouldn't really see 100.64.X.X even if it was CGNAT. You would see your private IP from the router and the public IP you are communicating with.

 

[waveform]

Firstly, My apologizes for the delay getting back.
I came in again to correct a HUGE mistake on my part. Well kind of, I'll explain. Also please see the original port I modified it.

@notgoingtologinagain
yes, the mistake is that it was a result of running my VPN. If I run without the VPN, then I can forward the port no problem. I was not aware that forwarding though a VPN such as ExpressVPN was not going to show open ports from Port-Checker websites. However, what's strange is that I was getting a 100.64.100.x address while running the VPN BUT, I was also getting the IP address of the VPN server which was good. But I was not sure why netstat and the log window in qBittorrent was showing me this 100.64.100.x address on the same line as the port I had opened in addition to the strange IP. Is this normal? I would have to guess this strange IP was showing because ExpressVPN is using a sheared IP?

So I ended up asking for a refund on ExpressVPN, and went with Proton Unlimited for the forwarding feature. The only thing is, I kind of liked that ExpressVPN had converted all their servers to ram drives. But I went with Proton for the forwarding. I really didn't want to get into seedboxes.

@ [B]beers[/B]
Is it possible that this CGNAT looking IP was a shard IP that the VPN was using? Although this would not make sense to me why I was getting a normal looking IP from the server at the same time as a 100.64.100.x type address. It really depended on where I was looking. If I looked in my router interface, I was seeing the public IP from the VPN server. But if I ran netstat while the torrent client was running, I was getting the strange IP on the same line as the port I had created a rule for. This was all evident using TCPview also.

 

[beers]

The VPN would give you its own IP for within the tunnel, it happens to be the space they were using. Other solutions like Zscaler also use similar space, which is also popularly used by internal ISPs for CGNAT. If your VPN doesn't provide you a dedicated address then it would be functioning exactly the same way as you egress out to the Internet.

 

[waveform]

When you say "it's own IP", are you referring to the first interface IP I'm connecting to in qBittorrent settings? (That Proton one in Network settings on Windows?)

In qBit’s execution log, I have successfully listening on IP. IP: "10.2.0.2". which is the common IP of the first NAT interface, and then my Port: "UDP/x x x x x number"
Do I need to also open and forward this 1st NAT interface IP and port in my hardware router? I’m not worried about the windows firewall because there are incoming rules of Allow-All for qBit by default. But how does this 10.2.0.2 address get past the NAT on my hardware router if I don't open a port for it?


According to their website, “Proton VPN’s implementation of the protocol uses double NAT to dynamically provision sessions. This means when your app connects to one of our VPN servers via WireGuard, the first NAT will rewrite the 10.2.0.2 IP address to a random but unique internal IP address that is assigned to your session. “

 

[notgoingtologinagain]

Firstly, My apologizes for the delay getting back.
I came in again to correct a HUGE mistake on my part. Well kind of, I'll explain. Also please see the original port I modified it.

@notgoingtologinagain
yes, the mistake is that it was a result of running my VPN. If I run without the VPN, then I can forward the port no problem. I was not aware that forwarding though a VPN such as ExpressVPN was not going to show open ports from Port-Checker websites. However, what's strange is that I was getting a 100.64.100.x address while running the VPN BUT, I was also getting the IP address of the VPN server which was good. But I was not sure why netstat and the log window in qBittorrent was showing me this 100.64.100.x address on the same line as the port I had opened in addition to the strange IP. Is this normal? I would have to guess this strange IP was showing because ExpressVPN is using a sheared IP?

So I ended up asking for a refund on ExpressVPN, and went with Proton Unlimited for the forwarding feature. The only thing is, I kind of liked that ExpressVPN had converted all their servers to ram drives. But I went with Proton for the forwarding. I really didn't want to get into seedboxes.

The IP address the VPN provider was giving you was the 100.64.X.X address. You only get this on your PC because that is where the software VPN was installed. It would also show the IP of the VPN server in netstat because you are connecting to it. Netstat is going to show you all of your connections (depending on how you filter the results) from the PC to all IPs with active connections and IP addresses/Ports you are listening on. This is why your software thought you had a 100.64.X.X address because that is the IP the VPN server gave you. Kind of like if you aren't running the VPN server, you would get the 192.168.X.X address (or whatever subnet range) from your router.

Hopefully that helps. Glad you could fix your issue.

 

[waveform]

Yes that makes sense. And I can see this 100.46.x.x in the network settings under adapter properties. Now that I've switched to Proton, I've got a a similar address. But I see what you mean now. Thanks

EDIT
Regarding my question below. I guess you don't need to forward it on the hardware router as the VPN is handling it locally. That might be another story if I was running OpenVPN on the router directly.

But regarding this post.
In qBit’s execution log, I have successfully listening on IP. IP: "10.2.0.2". which is the common IP of the first NAT interface as you mentioned notgoingtologinagain, and then my Port: "UDP/x x x x x number"
But, do I need to also open and forward this 1st NAT interface IP and port in my hardware router? I’m not worried about the windows firewall because there are incoming rules of Allow-All for qBit by default. But how does this 10.2.0.2 address get past the NAT on my hardware router if I don't open a port for it?

I'm just wondering all this because I added a huge list of trackers from 2024 and 90% of them are coming up as Not working. But I have got a few uploads on a few of my files

 

[notgoingtologinagain]

But regarding this post.
In qBit’s execution log, I have successfully listening on IP. IP: "10.2.0.2". which is the common IP of the first NAT interface as you mentioned notgoingtologinagain, and then my Port: "UDP/x x x x x number"
But, do I need to also open and forward this 1st NAT interface IP and port in my hardware router? I’m not worried about the windows firewall because there are incoming rules of Allow-All for qBit by default. But how does this 10.2.0.2 address get past the NAT on my hardware router if I don't open a port for it?

I'm just wondering all this because I added a huge list of trackers from 2024 and 90% of them are coming up as Not working. But I have got a few uploads on a few of my files

You do not need to add this into your hardware router. Your router doesn't see 10.2.0.2. It knows nothing of that. That is tunneled to your PC through the VPN. Your router just sees the connection between your PC and the VPN server. It doesn't know what the traffic is inside of that, which is where the 10.2.0.2 address lies.

EDIT:
I think your larger question is, how do I make this work? Trying to port forward through a VPN may not be possible since the IP addresses you are getting are all private. The VPN server is likely overloading all of the IP Address/Port Mappings and may only listen on a port when a new connection is added. You will likely need to find a VPN provider that does support port forwarding and then would allow you to configure that on their side.

 

[waveform]

Regrading the port forwarding. That's why I switched to Proton VPN, they have a port forwarding setting that goes though the VPN tunnel but not for the free version. Basically. when you turn on port forwarding, every time you connect to the VPN, you get a new random port. So you have to update the port in your torrent client each time. Not a big deal though, it only takes 3 seconds to paste it in there and Proton even lets you copy the port number when you click on the port display on the main screen. I also ran a DNS leak check, All the servers came up as Proton servers. From what I was told from ExpressVPN, they are working on a similar service with their desktop client.

 

[notgoingtologinagain]

Regrading the port forwarding. That's why I switched to Proton VPN, they have a port forwarding setting that goes though the VPN tunnel but not for the free version. Basically. when you turn on port forwarding, every time you connect to the VPN, you get a new random port. So you have to update the port in your torrent client each time. Not a big deal though, it only takes 3 seconds to paste it in there and Proton even lets you copy the port number when you click on the port display on the main screen. I also ran a DNS leak check, All the servers came up as Proton servers. From what I was told from ExpressVPN, they are working on a similar service with their desktop client.

That sounds like it will solve the problem for you. Glad you were able to resolve it.