PIA claims port is open. Port is not open.

ThoughtCriminalThoughtCriminal
in Windows VPN Setup
I've been using PIA for a few years now and i'm generally satisfied with the product. Recently it has become necessary for me to have an open incoming port while connected. I am running Windows 8.1 with the latest PIA VPN software (v78), and Windows Firewall disabled. In the PIA client settings Advanced > Port Forwarding is enabled, and I am connecting to a gateway that supports port forwarding per latest list (CA Toronto). When I connect, PIA displays the CA Toronto IP address and port as hovertext for the PIA icon in the system tray. However, this port is not open.

I have tested this port both with Deluge v1.3.15 (latest) and with a number of scanning tools/sites (see attached image). All are in agreement that the port is not open. I've read dozens of forum posts on this topic trying to find a solution to no avail. I am at the point of giving up and shifting my business to a different VPN. Have I missed something or is this feature just broken?



Comments

  • piaabopiaabo
    Well it works for me, several posts here suggest there are temporary blips though, have you tried other regions?
    I can't help beyond a few obvious checks:
    Double check your software firewall, windows or otherwise to allow the port (you disabled it completely, ok for a quick test but not wise longterm)
    Most people connect through a router, have you forwarded the port in your router firewall or is upnp taking care of that?
    To see the port as open on those port-check sites there must be some software running (like deluge in your case) setup to listen on that port number.
  • ThoughtCriminalThoughtCriminal
    edited April 2018
    Thanks for your response piaabo. In answer to your questions...

    • I've tried many of the regions (2x Canada, Spain, Switzerland, etc.). All show a port (different ports) in the hovertext; none of those ports work.
    • I've tried with Windows Firewall explicitly allowing the port, allowing Deluge to configure ports, and disabled.
    • I am connecting through a router, but (unless I fundamentally misunderstand VPNs) port forwarding on the router should make no difference. My Win 8.1 laptop with PIA client installed is connecting to the PIA server (e.g. in Toronto) via one of the default ports (e.g. 443). So long as I allow outgoing connections on that port through any firewalls (software or hardware), then the VPN will work. The VPN client then provides a network interface which all of my local software uses in place of the wifi/ethernet interface it would otherwise use. The connection between my VPN client and the VPN server acts as a tunnel and nothing in between (including the router) can (meaningfully) see my traffic (it's encrypted/wrappered). I'm not certain if the packet headers of the underlying traffic are also encrypted, but either way my router shouldn't be filtering based on these. Similarly, any connection from the outside world to the Toronto PIA server on the dedicated port (e.g. 58834) should be routed back through that tunnel to the PIA interface on my laptop. Or, are you suggesting that PIA forwards these connections/packets out-of-band/unencrypted directly to my public IP address? Either way, I've tried port forwarding the same (PIA allocated) port on my router to my laptop, and it makes no difference.
    • As far as I can tell, Deluge is listening on the specified port. From netstat -na:
    TCP    0.0.0.0:58834          0.0.0.0:0              LISTENING

    Further, I've tried connecting to this port manually (from a second laptop) as follows:

    #TestDelugePortFromPIAOutcome
    1-ve Control: Deluge must be runningnot running58834LANnot runningtimeout
    2+ve Control: Works from LANrunning58834LANnot runningsuccess
    3-ve Control: Must connect to listening portrunning58835LANnot runningtimeout
    4+ve Control: Works from outside LANrunning58834internetnot runningsuccess
    5Experiment: With PIA runningrunning58834internetrunningtimeout

    For tests #4-5, port 58834 on my router was forwarded to port 58834 on my laptop. For test #4 I connected to my ISP-assigned IP address (***.***.***.***). For test #5 I connected to my PIA-assigned IP address (173.239.230.83).

    The only possibilities that I can see are:
    1. There is some configuration option I do not know about that I have to set (hence me asking).
    2. PIA doesn't work. They don't assign/open/forward the port for me. I have no idea how to test this, but I'm hoping staff can.
    3. PIA is reporting the wrong port (i.e. they open 34567 and report 58834 or similar). I'm again completely unsure of how to check this.
  • piaabopiaabo
    edited April 2018
    The port number is part of the ip address. If a firewall blocks data going to port xxxx it does not matter whether the data is encrypted or not. The data will in this case still come through the tunnel.
    Although your outgoing on 433, your incoming port for the vpn tunnel (NOT port forwarding) can be set in the pia advanced settings, otherwise it chooses for you which is generally fine.

    I see you have success without the tunnel so you have setup correctly, i don't have anything else to suggest....good luck.
Sign In or Register to comment.