IPFS Node and vpn providers

Hi, I would like to run an IPFS node, while my machine is connected through a vpn provider. So the public/external IP is the one provided by the VPN provider, and there is port forwarding,: Locally I have the standard port for the swarm which is 4001, but the port forwarding means that “externally” there is a different port which is forwarded to my internal port 4001. Is there anything I have to change in my node configuration in such a situation?

If your VPN provider gives you a forwarded port, you can change the swarm port in your IPFS config (.ipfs/config) to the forwarded port before you start your daemon.

Change 4001 in this part of your config to the port your VPN provider forwards for you:

  "Addresses": {
    "Swarm": [
      "/ip4/0.0.0.0/tcp/4001",

I added the port in the “Swarm” list, but kept the original entry with 4001. What confuses me a bit: If a call “ipfs id” now it shows me that the node is “swarming” on the new port, but the IP it uses is not the public id that I got from my VPN provider.

Which IP is ipfs id showing? And what IP did you specify in the config?

So your VPN is using a NAT? If your VPN supports UPnP (or something like that), IPFS will automatically try to set up port forwarding for you.

If you’ve explicitly configured port-forwarding, your node should eventually (after connecting to a few external nodes) discover your external address. However, you can manually configure it by setting Addresses.Announce:

Yes, there might be some sort of NAT involved on the side of the VPN provider.

Anyway, if you use the mobile connection provided by your mobile provider (i.e. using a “personal WIFI hotspot” provided by your phone) you normally cannot directly configure port forwarding. So in such a case, a VPN + port forwarding is the only way that I know to get an IPFS node running. Any other possibilities?

Yet another remark about port forwarding: There seems to be another restriction at my home (no VPN), and it must be related to the provider. I can configure port forwarding, and then IPFS swarming seems to work. However swarming seems to be somehow different to exposing an own webserver for example. My public IP seems to be unreachable from the outside, even with port forwarding enabled. I think it is because of the combination of DSL and DHCP that the internet provider uses for my internet connection. So IPFS-Swarming works, but exposing the node as an IPFS gateway or exposing the API seems not to work in my home!

So IPFS-Swarming works, but exposing the node as an IPFS gateway or exposing the API seems not to work in my home!

If you can receive inbound ipfs connections but not API/Gateway connections, that’s probably IPFS’s automatic port-forwarding taking affect. IPFS won’t automatically port-forward for the API/Gateway.

Any other possibilities?

At the moment, the only alternative is to enable AutoRelay (documented in the config document above). All inbound traffic will then be relayed through a public relay. We’re working on a feature that will use this relayed connection to bootstrap a direct connection, punching through the NAT. Unfortunately, that’s still in the early stages.

Not sure if my problem at home is related to NAT. I just have no public iP address that can be accessed from the outside. I am somehow “crippled” by the provider. There must be many private people with similar restrictions, but they might just be unaware of the fact that they are being restricted.

1 Like