Log In     Register    

Help and Support
Ask a question, report a problem, request a feature...
<<  Back To Forum

Change Tixati's port to the vpn's forwarded port dynamically

by krystal on 2024/08/01 12:16:57 AM    
Dynamically change Tixati's port to be the same as the vpn's forwarded port when it is modified.

The point is to solve a problem encountered with the vpn port being forwarded, which can change when the vpn reconnecting.

Install : Arch linux Manjaro xfce + PIA client
Settings :
- PIA Wireguard connection
- PIA client with kill switch (to prevent leaks)
- Open the port used by Tixati, on the firewall or by adding rules directly to the INPUT table (which seems to work best for me).

#example 1

$IFACE=wgpia0
$VPN_LOCAL_IP=$(ip address show $IFACE | grep "inet " | sed 's/^ *//' | cut -d " " -f 2 | sed 's/\/.*//')
$VPN_FORWD_PORT=$(piactl get portforward)
#$TIXATI_PORT=$VPN_FORWD_PORT

# example of rules to open Tixati port useful for seed
iptables -I INPUT -i $IFACE -p udp -m state --state NEW -d $VPN_LOCAL_IP --dport $VPN_FORWD_PORT -j ACCEPT
iptables -I INPUT -i $IFACE -p tcp -m state --state NEW -d $VPN_LOCAL_IP --dport $VPN_FORWD_PORT -j ACCEPT


This configuration works very well, however PIA can change the redirection port during a reconnection and it is necessary to change the port on Tixati manually.
This causes a configuration lifetime problem.

To overcome this, I tried redirecting the port in the routing table.

# exemple 2 

$IFACE=wgpia0
$VPN_LOCAL_IP=$(ip address show $IFACE | grep "inet " | sed 's/^ *//' | cut -d " " -f 2 | sed 's/\/.*//')
$VPN_FORWD_PORT=$(piactl get portforward)
$TIXATI_PORT=12345

# example of rules redirecting the vpn's forwarded port to the desired port for Tixati
iptables -t nat -I PREROUTING -i $IFACE -p tcp -m tcp -d $VPN_LOCAL_IP --dport $VPN_FORWD_PORT -j REDIRECT --to-port $TIXATI_PORT
iptables -t nat -I PREROUTING -i $IFACE -p udp -m udp -d $VPN_LOCAL_IP --dport $VPN_FORWD_PORT -j REDIRECT --to-port $TIXATI_PORT

# example of rules to open Tixati port useful for seed
iptables -I INPUT -i $IFACE -p udp -m state --state NEW -d $VPN_LOCAL_IP --dport $TIXATI_PORT -j ACCEPT
iptables -I INPUT -i $IFACE -p tcp -m state --state NEW -d $VPN_LOCAL_IP --dport $TIXATI_PORT -j ACCEPT


Although some of the packets reached their destination, the redirection didn't seem to work perfectly.
After a number of hours looking for a solution, I've finally accepted defeat.

So I've come to ask if it's possible to change the port used by tixati on the fly (or not).
Via the web interface (http post), command line (tixati -p 12345) or configuration file (~/.config/tixati/settings2.dat?).
I searched but couldn't find it.

Otherwise, of course, you can change the port manually...
Settings > Incoming Ports > TCP/UDP....

Does anyone have a solution yet?
Or is it possible to bring this functionality one day?

Best regards,
Krystal
by krystal on 2024/08/01 03:13:25 PM    
EDIT: add ' -m state --state NEW ' to redirection rules to redirect incoming connections only

# exemple 2.1

$IFACE=wgpia0
$VPN_LOCAL_IP=$(ip address show $IFACE | grep "inet " | sed 's/^ *//' | cut -d " " -f 2 | sed 's/\/.*//')
$VPN_FORWD_PORT=$(piactl get portforward)
$TIXATI_PORT=12345

# example of rules redirecting the vpn's forwarded port to the desired port for Tixati
iptables -t nat -I PREROUTING -i $IFACE -p tcp -m state --state NEW -d $VPN_LOCAL_IP --dport $VPN_FORWD_PORT -j REDIRECT --to-port $TIXATI_PORT
iptables -t nat -I PREROUTING -i $IFACE -p udp -m state --state NEW -d $VPN_LOCAL_IP --dport $VPN_FORWD_PORT -j REDIRECT --to-port $TIXATI_PORT

# example of rules to open Tixati port useful for seed
iptables -I INPUT -i $IFACE -p udp -m state --state NEW -d $VPN_LOCAL_IP --dport $TIXATI_PORT -j ACCEPT
iptables -I INPUT -i $IFACE -p tcp -m state --state NEW -d $VPN_LOCAL_IP --dport $TIXATI_PORT -j ACCEPT





This web site is powered by Super Simple Server