Jump to content
TorGuard

icsy7788

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

1 Neutral

About icsy7788

  • Rank
    Member

Recent Profile Visitors

297 profile views
  1. icsy7788

    Anyone else having trouble?

    I am having issues on multiple machines, multiple networks and I cannot get anything to work correctly. My main issue seems to be: Authenticate/Decrypt packet error: cipher final failed I have tried using 160bit Blowfish and AES 256 bit ciphers. I have also tried using the torguard client, a standard openvpn client (using .ovpn provided by torguard), and even a CLI on freebsd. Anyone else having similar problems? *EDIT* So I have continued messing around with IP addresses and different ones kept failing, but I noticed that the torguard android app seemed to connect without issue. I snagged the IP address that the app used, tossed this into my .ovpn files, and all my devices have successfully connected... for the time being.
  2. You can also try: http://www.canyouseeme.org/ from inside your network and see if the correct ports are open. Your ports are opened and forwarded to the camera's IP address right? Can you access it internally from your network? If you cant see it on your own internal network it definitely wont work externally!
  3. icsy7788

    Open VPN router setup client or Server?

    I don't quite understand the question. What are you trying to do? Clients connect to servers, servers allow clients to connect to them. So on your computer when you activate the VPN and connect to torguard, you are a client and torguard is the server. Client mode in your router: You will use this to connect to Torguard and mask your traffic or change your location Server mode in your router: This will allow you to be away from home, connect through openvpn to your router and give you access to things at home. For example, if you want to RDP to a computer inside of your home network, or access an internal NAS or a plex server or something. If you are using TorGuard's service, you will need to be in client mode.
  4. icsy7788

    Enter to win a Free Netgear R7000 Nighthawk VPN Router

    Guys, I believe this thread ended over a month ago...
  5. icsy7788

    Another port forwarding questions...

    I would try it with the "Compatibility" issue anyways. Sometimes those things just pop up. Is your windows 7 box on a 64 bit system? I would try running it anyways.
  6. icsy7788

    Another port forwarding questions...

    Ohh did you copy the ca.crt, from the .zip, to the directory as well? And did you run the openvpn software as admin? If you open the .ovpn file in notepad, do you have this line? remote-cert-tls server Or does it say something else?
  7. icsy7788

    Another port forwarding questions...

    It really shouldnt matter. Most of the tap drivers are identical I believe. I would just get: openvpn-2.0.9-gui-1.0.3-install.exe Which would have all the files you would need. The TorGuard lite program should still work if you decide to go back. (If not just uninstall the openvpn client, but you really should not have any issues)
  8. icsy7788

    Another port forwarding questions...

    That may be your problem... When they give you a port, they send you a dedicated IP to connect to. If you extract the port.zip file it is just a .OVPN file. Nothing special about it. I believe they want you to use the viscosity program because it has an easy import function. And if it makes any more sense... I use the ovpn information in my router where you cannot import files. I just copy the relevant information and tell it to connect. Try this, http://openvpn.se/download.html This is a great OpenVPN client, you should not be required to use their software for an openvpn connection. Simply install the program, drop the .ovpn file in port.zip (After decompressing) into the C:\Program Files (x86)\OpenVPN\config. Depending on the version and what client you install, it may be in C:\Program Files\OpenVPN\config as well (Without the 86). After this is done, launch the openvpn program by "Shift right clicking it" and hitting run as administrator. You can also go into the properties of a shortcut and tell it to always run as administrator. I found this image on google images... Keep in mind that your icon may be different. After this simply right click on the icon in your tray and hit connect. It may look similar to this (Also found this on google images) \ There is a reason you need to use the file in the .ovpn config file to connect. From what I can tell they have a specific server that they use for port forwarding. So you need to tell your openvpn connection to connect to that server. SO when they have packets hit that server using a custom port (Lets call it 50042), they make a route that says "Packets that have port # 50042 need to go to this server/IP address. BUT they put this into a specific server and if you dont connect to it it wont have the correct rule.
  9. I actually posted a similar thing in the tutorial section! I would not if I saw this here! http://torguard.net/forums/index.php?/topic/499-dd-wrttomatoopenwrtpadavan-route-specific-traffic-around-the-vpn/ Basically you can just plop the script into your router. Preferably one that runs after VPN connects, assign the IP address you want to use the VPN, and ports you don't want to use the VPN. You can even make it so web pages, such as netflix, hulu, etc, bypass your VPN if you want it to load at full speeds! Also, as a note, you must have IPROUTE2 installed on your router. I believe most custom firmwares would have this. I am on Padavan's firmware on my asus router. ALSO: (nvram get wan_iface) Also this may not be correct on other firmwares. If you SSH into your router you can run "nvram show" or "nvram show | grep wan" and find out what your interface is. Mine was wan0_iface.
  10. icsy7788

    Another port forwarding questions...

    Sometimes after turning off those service it may take a little while for it to "activate" depending on the software. Are you using the new file that torguard support should have sent you with the new ovpn file? It is actually fairly normal for packets to be able to come in without any issue, but when they try to leave via your open port they get confused without a port open to go to. Also if you are using torguard directly on a machine (I.E not in your router via DD-WRT or something similar) it really should just work, and since your traffic is being tunneled through Torguard's VPN servers, opening a port in your router would do no good, because all of your traffic travels through port 443 initially. And opening a port on your router isn't that dangerous, only if there is something listening on the local side that someone can exploit. A "port" is just a number inside a packet.
  11. icsy7788

    Another port forwarding questions...

    I think it was just how utorrent does things. I actually just switched to deluge and I actually like it quite a bit better now that I am getting use to it. Now, firstly I would take away the proxy layer and get utorrent working without it first. I would then use something like http://www.yougetsignal.com/tools/open-ports/ T test for your open port. Utorrent may have different results as I believe most utorrent traffic are UDP packets, and not TCP packets. So I use https://pentest-tools.com/discovery-probing/udp-port-scanner-online-nmap Just to be sure. Using the port i opened via torguard support, I get "Open" ports in both tests. Although my setup is a little bit different because I have torguard connected via a client in my router. So I have to do some magic iptable rules to get it to go to a specific computer... but it is the same concept. If you are running the VPN client directly onto your computer, then you would not need to actually forward any ports. Are you using windows? Is your Windows firewall on? (Control Panel -> Windows Firewall) I would turn it off to test. There are certain A/V products that also include certain networking and firewall filtering utilities as well which may cause the issues you are seeing.
  12. I found the need to route specific machines and ports around the VPN. Since I run the VPN client in my router, all my traffic by default goes through the VPN. but if you have FTP, trackers that dont allow VPN/Proxy, RDP, SSH or other ports that you would like to go through your ISP's IP address there is a way to do this! I found the answer on a another VPN forum. I can post the link but I am unsure if that will be breaking TorGuards rules. In a nutshell... what this script does is it makes all of your IP address bypass the VPN, and then it adds rules using ip_addrs_lst="192.168.1.1-192.168.1.50" That makes them use the VPN. So in this example, IP address 192.168.1.1-50 will go through the VPN. Also, I could not get the specific port section to work at first, but once I added an --sport line it worked great. You can also add specific websites. If you want netflix to load at the same speeds and go through your ISP you can achieve this as well. A quick note though: nvram get wan0_gateway may be router specific. When I found this script it was "nvram get wan_gateway". If you SSH into your router and run: nvram show | grep wan You should be able to find the correct name. Just make sure you do and change the line below! And as an additional little nugget, if you run the VPN in your router, and you get TorGuard to open a port for you, you will need to do some port forwarding. Your Router will receive packets through port XXXXX, but it wont know what to do with them. While normal port forwarding tells your WAN where to send specific packets to your LAN, you need a line to tell your router where to send packets from tun0 (Tun0 may change depending on your router!) ########################### VPN Port Forwarding ########################### iptables -t nat -A PREROUTING -p tcp -i tun0 --dport 50005 -j DNAT --to 17.181.30.100:50005 iptables -t nat -A PREROUTING -p udp -i tun0 --dport 50005 -j DNAT --to 17.181.30.100:50005 Now here is the actual script! ## CUSTOMIZE YOUR SCRIPT VARIABLES # ## Uncomment and set value(s) as needed to customize your rules # # IP addresses, contiguous range AND/OR individual. # ip_addrs_lst="192.168.1.1-192.168.1.50" ##Server ports to bypass VPN server_ports="3389,27,23045" # # Specific destination websites ip range - Spotify , Netflix... # #web_range_lst="72.44.32.1-72.44.63.254 #67.202.0.1-67.202.63.254 #207.223.0.1-207.223.15.254 #98.207.0.1-98.207.255.254 #208.85.40.1-208.85.47.254 #78.31.8.1-78.31.15.254 #193.182.8.1-193.182.15.254" ######################################## # NO NEED TO CHANGE BELOW THIS LINE # ######################################## # SHELL COMMANDS FOR MAINTENANCE. # DO NOT UNCOMMENT, THESE ARE INTENDED TO BE USED IN A SHELL COMMAND LINE # # List Contents by line number # iptables -L PREROUTING -t mangle -n --line-numbers # # Delete rules from mangle by line number # iptables -D PREROUTING type-line-number-here -t mangle # # To list the current rules on the router, issue the command: # iptables -t mangle -L PREROUTING # # Flush/reset all the rules to default by issuing the command: # iptables -t mangle -F PREROUTING sleep 1 # # First it is necessary to disable Reverse Path Filtering on all # current and future network interfaces: # for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 0 > $i done # # Delete table 100 and flush any existing rules if they exist. # ip route flush table 100 ip route del default table 100 ip rule del fwmark 1 table 100 ip route flush cache iptables -t mangle -F PREROUTING # # Let's find out the tunnel interface # iface_lst=`route | awk ' {print $8}'` for tun_if in $iface_lst; do if [ $tun_if == "tun11" ] || [ $tun_if == "tun12" ] || [ $tun_if == "ppp0" ]; then break fi done # # Copy all non-default and non-VPN related routes from the main table into table 100. # Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1" # ip route show table main | grep -Ev ^default | grep -Ev $tun_if \ | while read ROUTE ; do ip route add table 100 $ROUTE done ip route add default table 100 via $(nvram get wan0_gateway) ip rule add fwmark 1 table 100 ip route flush cache # EXAMPLES: # # All LAN traffic will bypass the VPN (Useful to put this rule first, # so all traffic bypasses the VPN and you can configure exceptions afterwards) # iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1 # # Ports 80 and 443 will bypass the VPN # iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 1 # # All traffic from a particular computer on the LAN will use the VPN # iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2 -j MARK --set-mark 0 # # All traffic to a specific Internet IP address will use the VPN # iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 0 # # All UDP and ICMP traffic will bypass the VPN # iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 1 # iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 1 # Default behavior: MARK = 1 all traffic bypasses VPN, MARK = 0 all traffic goes VPN iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1 # IP_ADDRESSES - RANGE(S) AND/OR INDIVIDUAL(S) for ip_addrs in $ip_addrs_lst ; do iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_addrs -j MARK --set-mark 0 done ###### Ports that bypass VPN ###### ###### Normal portforwarding will ###### ###### need to be applied ###### iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport $server_ports -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --sport $server_ports -j MARK --set-mark 1 # WEBSITES_IP_RANGES - for web_dst_range in $web_range_lst ; do iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range $web_dst_range -j MARK --set-mark 0 done
  13. Ok, so I connect to torguard and I have a port opened via a support ticket. Now since I run this in my router, I had to do some fancy port forwarding to get the packets from the opened port to my specific machine. If I go to a port checker website I can see that UDP and TCP ports report as open. Oddly enough when I use utorrents built in port checker it tells me: "Neither NAT-PMP nor UPnP is enabled" Now if I enable these in my router and Utorrent of course it reports fine but I dont want to enable these in my router obviously. So as another test I downloaded deluge, changed the port information and it came back with a green orb immediately (I am assume the correct thing it should do!). So I would assume this is just utorrent being utorrent. But I was curious if anyone had any quick suggestions!
×