Cumulus Support

Hey all,

I have a VPN I can utilise but discovered when that is switched on, my MX does not load to my FTP. As this is the first time I have used VPN and upload to a web site, what settings do I need to utilise, to run the VPN and upload to my Cumulus web page??

Jeff

So this is a commercial VPN, and I take it your FTP is also on some provider server, seeing that it worked before the VPN i guessing that they are blocking the VPN.
Turn on FTP logging that is in settings/program settings/Program general options You may have to restart cumulusMX for this to take effect. That should show what's going on

Sorry for the extended delay in replying. Have spoken with my web site provider and we have done some tests. The Cumulus ftp log was, as expected, showing it wanted to connect to my normal un vpn connection and not the private ip address generated by the vpn program. The web site admin couuld not see any issues at their end with anything blokcing the vpn. They asked to try filezilla to connect with vpn on and off. I connected to their site both times, nil issues.

So their has to be a setting in the MX ftp setting that will cover the use of a VPN//

No, there is no settings about vpn on cumulus. Basically every application running on windows uses network stack and windows default routing information regardless of connection type (vpn, wifi, ethernet, dialup, bluetooth etc).

But there are still some things to remember / check:

1) To avoid any issues, Cumulus shouldn’t be running at the time when you start or disconnect the vpn. This can be an issue if both are autostarting on boot. Establish vpn connection first, then start Cumulus.

2) When you tested the connection with Filezilla, did you have exactly the same connection settings as Cumulus? (Plaintext-ftp, active or passive, ftps over tls or sftp). Because with the exact same settings, there is basically no reason why Cumulus should not work if Filezilla works. (Unless there us a bug)

3) To further debug the issue, ftp logs and mxdiags would probably be needed.

This is the error coming up when the VPN is switched on;

# OpenActiveDataStream(PORT, "STOR /winddata.json", 0)
Command: PORT 100,127,255,253,226,109
Response: 500 I won't open a connection to 100.127.255.253 (only to 66.203.112.103)
Status: Disposing FtpSocketStream...

# CloseDataStream()
2021-07-27 19:39:03.106 FTP[Int]: Error uploading web\winddata.json to /winddata.json : I won't open a connection to 100.127.255.253 (only to 66.203.112.103)

2021-07-27 19:39:03.106 FTP[Int]: Uploading web\wdirdata.json to /wdirdata.json

100.127 .......... etc is the normal isp ip address. 66.203 ........ is the VPN private ip address for the current VPN connection.

I tried switching off Cumulus, activating VPN and starting Cumulus again, same result unfortunately, wouldn't upload to the web site whilst VPN running.

And with VPN switched off, no issues:

# OpenActiveDataStream(PORT, "STOR /alltempsumdata.json", 0)
Command: PORT 192,168,0,44,221,36
Response: 200 PORT command successful
Command: STOR /alltempsumdata.json
Response: 150 Connecting to port 56612
2021-07-27 19:45:04.273 FTP[Int]: Uploaded web\alltempsumdata.json
Status: Disposing FtpSocketStream...
Response: 226-File successfully transferred
Response: 226 0.194 seconds (measured here), 0.72 Mbytes per second
Status: Disposing FtpSocketStream...
2021-07-27 19:45:04.424 FTP[Int]: Done uploading daily graph data files
2021-07-27 19:45:04.424 FTP[Int]: Uploading Moon image file

2021-07-27 19:45:04.425 FTP[Int]: Uploading web\moon.png to /images/moon.png

# OpenWrite("/images/moon.png", Binary)

# GetFileSize("/images/moon.png")
Command: SIZE /images/moon.png
Response: 213 12849

Have you got the host name of the remote server in your Cumulus config? If so, it may be being resolved to the 100.* address. If that is the case then use the 66.* address in your config.

The 100.xxx.xxx.xxx is associate with CG-Nat, which may be part of the issue.

https://tailscale.com/kb/1015/100.x-addresses/

& more detailed,

https://networkengineering.stackexchang ... -64-0-0-10

Can't add a lot more than that, other than CG-NAT can alway bring out issues & it appears they may be using that address space for your VPN.

Surely if you're connecting via a VPN then you will be connecting to a non-routeable private IP address?

Don't really know how these advertised on TV VPN's work, but at a loose guess they sound a bit more like a proxy than a true VPN tunnel.

Edit:- It would be interesting to see a trace route to your website; VPN on & off.

Phil,

Trace route to the relevant host address of my ftp server. First trace, VPN off. 2nd trace VPN on:

VPN off
C:\Windows\system32>tracert s9.cpcloud.com.au

Tracing route to s9.cpcloud.com.au [103.18.109.182]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms mymodem.modem [192.168.0.1]
2 9 ms 10 ms 9 ms gateway.nb11.sydney.asp.telstra.net [58.162.26.75]
3 34 ms 10 ms 10 ms ae10.ken-ice301.sydney.telstra.net [203.50.61.81]
4 10 ms 10 ms 12 ms bundle-ether25.ken-core10.sydney.telstra.net [203.50.61.80]
5 10 ms 10 ms 10 ms bundle-ether1.ken-edge902.sydney.telstra.net [203.50.11.97]
6 10 ms 10 ms 10 ms ape2469218.lnk.telstra.net [120.151.79.66]
7 10 ms 10 ms 10 ms hundredgige0-0-1-3.bdr01-ipt-4edenpar-syd.au.superloop.net.co [103.200.13.98]
8 10 ms 11 ms 10 ms 116-255-21-127.ip4.superloop.com [116.255.21.127]
9 11 ms 10 ms 10 ms s9.cpcloud.com.au [103.18.109.182]

Trace complete.

VPN on

C:\Windows\system32>tracert s9.cpcloud.com.au

Tracing route to s9.cpcloud.com.au [100.96.116.99]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 104 ms 104 ms 107 ms s9.cpcloud.com.au [100.96.116.99]

Trace complete.

Strange when vpn off its going to s9.cpcloud.com.au [103.18.109.182] and the on s9.cpcloud.com.au [100.96.116.99] i did a look up on the domain and it showed 103.18.109.182 ( im across the water and in the north) Now all the timeouts is the routers not replying typical for vpn. now the ip [100.96.116.99] is most likely your vpn all i got was its in Sweeden.
Kinda sounds as if the vpn is doing all the rerouting maybe running a proxy or caching the sites on their server to render and rebroadcast it to you (probably to put adds in?)
so kinda looking like that vpn will not work for you or as phil said could be running under a NAT and probably wont work

jlmr731 wrote: ↑Wed 28 Jul 2021 1:32 am Strange when vpn off its going to s9.cpcloud.com.au [103.18.109.182] and the on s9.cpcloud.com.au [100.96.116.99] i did a look up on the domain and it showed 103.18.109.182 ( im across the water and in the north) Now all the timeouts is the routers not replying typical for vpn. now the ip [100.96.116.99] is most likely your vpn all i got was its in Sweeden.
Kinda sounds as if the vpn is doing all the rerouting maybe running a proxy or caching the sites on their server to render and rebroadcast it to you (probably to put adds in?)
so kinda looking like that vpn will not work for you or as phil said could be running under a NAT and probably wont work

Basically I would say, that this shows, that VPN in this case is not really only a VPN in a traditional sense, but instead it does something "extra" to the traffic. Usually VPN connection is simply an encrypted tunnel between client and gateway. If it is a full tunnel, all traffic is routed via the tunnel, or when speaking of split tunnel, there are rules about what goes into the tunnel, and what goes straight to internet without any knowledge that a vpn tunnel ever existed. On traceroute it only would show, that your traffic is routed via your vpn provider's server instead of your normal isp. Normally the vpn connection should not affect the name resolution like shown above.

Since the 103.18.109.182 seems to be the real public address of s9.cpcloud.com.au, first thing I would do is try to configure CumulusMX to use that ip address as ftp server. Or at least try to do a traceroute to that ip address when vpn is enabled.

orion_jb2001 wrote: ↑Tue 27 Jul 2021 9:55 am This is the error coming up when the VPN is switched on;

# OpenActiveDataStream(PORT, "STOR /winddata.json", 0)
Command: PORT 100,127,255,253,226,109
Response: 500 I won't open a connection to 100.127.255.253 (only to 66.203.112.103)
Status: Disposing FtpSocketStream...

# CloseDataStream()
2021-07-27 19:39:03.106 FTP[Int]: Error uploading web\winddata.json to /winddata.json : I won't open a connection to 100.127.255.253 (only to 66.203.112.103)

2021-07-27 19:39:03.106 FTP[Int]: Uploading web\wdirdata.json to /wdirdata.json

100.127 .......... etc is the normal isp ip address. 66.203 ........ is the VPN private ip address for the current VPN connection.

I tried switching off Cumulus, activating VPN and starting Cumulus again, same result unfortunately, wouldn't upload to the web site whilst VPN running.

This looks like your ftp server does not want to play when there is NAT or some kind of transparent proxying involved, like it seems to be the case in your vpn connection. Basically the ftp server sees that your connection is initiated from 66.203... -address, and yet the tcp traffic shows that the connection came from 100.127... -address, and therefore refuses to continue. This is one kind of a security feature, trying to prevent man-in-the-middle -attacks etc.

If your ftp site supports, you probably could go around this issue by using SFTP-protocol instead of the FTP or FTPS. If changing to sftp is not possible, you probably could also try to disable EPSV-mode from CumulusMX:s settings (internet settings -> web/ftp site -> advanced settings).