Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for NAT-PMP #327

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for NAT-PMP #327

wants to merge 1 commit into from

Conversation

samvv
Copy link

@samvv samvv commented Feb 23, 2025

This pull request continues the conversation in #142 and adds support for NAT-PMP.

Some remarks:

  • The ports are written to /config/protonvpn-port-tcp.txt and /config/protonvpn-port-udp.txt inside the Docker container
  • Nothing has been documented in the README
  • Before starting the natpmpc update loop, I manually try to connect one time with TCP and UDP and only signal connection successful if these commands succeed.

I tested this using Docker and it works. Example Docker config:

protonwire:
  container_name: protonwire
  # Use semver tags or sha256 hashes of manifests.
  # using latest tag can lead to issues when used with
  # automatic image updaters like watchtower/podman.
  image: ghcr.io/tprasadtp/protonwire:dev
  init: true
  environment:
    # Quote this value as server name can contain '#'.
    PROTONVPN_SERVER: "NL#12"
    # Set this to 1 to show debug logs for issue forms.
    DEBUG: "1"
    # Set this to 0 to disable kill-switch.
    KILL_SWITCH: "1"
    # Enable port forwarding
    NATPMP: "1"
  # NET_ADMIN capability is mandatory!
  cap_add:
  - NET_ADMIN
  # sysctl net.ipv4.conf.all.rp_filter is mandatory!
  # net.ipv6.conf.all.disable_ipv6 disables IPv6 as protonVPN does not support IPv6.
  # 'net.*' sysctls are not required on application containers,
  # as they share network stack with protonwire container.
  sysctls:
    net.ipv4.conf.all.rp_filter: 2
    net.ipv6.conf.all.disable_ipv6: 1
  volumes:
    - type: tmpfs
      target: /tmp
    - type: bind
      source: protonvpn.key
      target: /etc/protonwire/protonvpn-private-key
      read_only: true
    - type: bind
      source: protonvpn-port-tcp.txt
      target: /config/protonvpn-port-tcp.txt
    - type: bind
      source: protonvpn-port-udp.txt
      target: /config/protonvpn-port-udp.txt

Important

Make sure to touch protonvpn-port-tcp.txt and protonvpn-port-udp.txt before starting the containeer or Docker will make it a directory and it wont work.

Let me know what you think!

@samvv samvv mentioned this pull request Feb 23, 2025
Open
2 tasks
@samvv
Copy link
Author

samvv commented Feb 23, 2025
edited
Loading

I've just noticed that NAT-PMP should work out of the box but that I have some issue in my setup. Closing this pull request for now.

Edit: I'm actually not sure about this. Will re-open if I know more.

@samvv samvv closed this Feb 23, 2025
@samvv
Copy link
Author

samvv commented Feb 24, 2025

Ok so from what I can understand libtorrent fails to execute its built-in NAT-PMP because there's no default route for 10.2.0.2. Adding the route manually only made things worse.

Therefore this pull request actually serves as a workaround until arvidn/libtorrent#7890 is accepted.

@samvv samvv reopened this Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@samvv