Understanding VPN and common issues

Technical Support How-To
1

Users usually need to connect to their DAppNode to do any kind of thing; such as download a DApp, update the system, create a new device, configure telegram, etc.

Ways to connect to your DAppNode

Currently, there are three ways to connect to your DAppNode:

  1. WIFI hotspot (friendly UI): DAppNode devices can create wifi hotspots, so users can connect to their DAppNode via wifi, using their corresponding credentials. Users must be in the same network as the DAppNode.

  2. VPN (friendly UI): for those users who want to connect to their DAppNode being in a different network, they can use VPN. There are some peculiarities with the VPN service that will be covered in this post. VPN connects to the DAppNode UI provided by your DAppNode. More info in the docs.

  3. SSH (not-friendly UI): the ssh method is something that only advanced users may use. SSH is usually used to fix problems in the host machine. It gives you a terminal to interact with your DAppNode.

VPN Requirements

To be able to use VPN there are a few requirements that must be set:

  • UPnP enabled: UPnP is a network protocol most router has available. If you do not know how to enable it, check this guide.
  • Ports opened: UPnP shoul have opened the following ports
    • 8092 TCP: port used to correctly download the OVPN file.
    • 1194 UDP: default port to connect via OpenVPN.
  • One device per VPN credentials: Only one device can access your DAppNode for each VPN credentials created

Double-check UPnP is enabled

VPN setup

Having DAppNode installed, you can connect to your DAppNode following this guide.

As a brief summary, the steps can be summarized into:

  1. Install open VPN client
  2. Get QR code/URL: from this link you can download the VPN file for your device
    2.1 DAppNode startup: DAppNode displays the link to download just after installation.
    2.2 dappnode_connect: this command generates a new link to download the VPN file.
    2.3 In the UI: go to devices > Add device > Get link
  3. Connect to your DAppNode using the VPN file downloaded.

VPN common problems

The most common issues to connect to your DAppNode VPN are related to port forwarding or issues with your specific internet provider and router configuration. We have documented known cases in the DAppNodeDocs/troubleshooting.

Note that your particular network configuration could be new to the community and your error unique. Please be mindful that your error might not be documented and if so, please document it so future users can share your solution.

My problem is not documented

  1. Check if your router supports UPnP
  2. Access router config
    1.1 Verify UPnP enabled
    1.2 Verify ports 8092 and 1194 are opened
  3. Make sure your DAppNode is running properly
  4. Create a new VPN link and try again
  5. Try to connect from another network if possible

Still having issues? reach us in our community platforms: discord and forum

VPN, how does it work?

VPN utilities:

  • secure eth traffic
  • secure connectiviy

VPN setup

In the following picture is described the process of how DAppNode VPN is configured: router route table and DynDNS registration.

  1. DAppNode first setup: having a DAppNode connected to a router with UPnP enabled, will generate a routing table in the router. This route table will point from specifics ports (such as 1194, 8092) to the local IP of your DAppNode.
    If the local IP of your DAppNode changes, it may take up to one hour for the routing table to be updated

  2. DAppNode ID registration: Then your DAppNode will attempt to reach the DynDNS server (orange arrow) provided by DAppNode with:

  • DAppNode ID: 45dgh34
  • Public IP: 83.44.121.123
  1. DAppNode registration: the DynDNS will register your DAppNode ID as well as the public IP in a database (blue arrow). Whenever the public IP of your DAppNode changes, the public IP in the database will be refreshed.

setup-VPN
setup-VPN791×787 66.4 KB

Connect to DAppNode

In the following picture is described the connection process via VPN.

Resolve-domain
Resolve-domain822×787 68.1 KB

  1. Reach public IP: having a user the VPN file (which is like an instructions map), the user would be able to connect to his/her DAppNode from everywhere. First by reaching the public IP of the network where the DAppNode is hosted (red arrow).
  2. Reach DAppNode local IP: once the public IP has been reached, the router will use the routing table (relation between ports and local IPs) to redirect to the DAppNode in the local network.
1 Like
2

Hello,
if i run “docker ps” i can see the port 8545 is not published !
that mean this port is only accessible inside the docker container using the vpn solution provided ?
what if i want to use my own vpn solution ?

3

If you run docker ps -a you will see that ports 30303 and 30304 are exposed. These ports are mapped to your router and used by the ETH traffic.

Port 8545 is the RPC port of your locally running Ethereum node software. This endpoint is used by the dappmanager to interact with geth.

The VPN package was developed specifically for DAppNode, So I recommend you to use it, anyway you could try to develop a custom VPN solution.

4

this port does not bind to the host right ? how can i change this ? i need to understand your network structure ! like what is the port of the dashboard ! it’s not convenient for me to switch to different vpn solution to just resolve .eth for the rpc and dappnode dashboard ! thanks

5

ok i figured it out for the geth package ! we can map the port 8545 to the docker ! no worry i will use a firewall to allow only my vpn virtual ip !

Capture d’écran 2021-01-18 à 23.47.30
Capture d’écran 2021-01-18 à 23.47.302426×770 43 KB

but what about the dashboard ? should i add this package ? i can see it got port 8090 mapped to the docker !

Capture d’écran 2021-01-18 à 23.53.28
Capture d’écran 2021-01-18 à 23.53.281722×1050 100 KB

6

In the upcoming releases, there will be added more security layers: an auth method and HTTPS implemented.

DAppNode dashboard (UI) is exposed by default in port 80. Anyway you would not be able to connect without the VPN (it is configured in that way)

If you want to create your own VPN solution check our package DNP_VPN and see how it works, you may need technical knowledge about programming and networking.

Lastly, the Admin package is deprecated so do not add it.

7

" In the upcoming releases, there will be added more security layers: an auth method and HTTPS implemented ."
ok that great but i do not plan to open my dappnode publicly even with an auth method !

“DAppNode dashboard (UI) is exposed by default in port 80”
so which docker container should i open port 80 on ? :slight_smile:
thanks

8

DAppNodeCore-dappmanager.dnp.dappnode.eth

9

so i can safely go to “/usr/src/dappnode/DNCORE” add the port 80 in the “docker-compose-dappmanager.yml” file and run the command “docker-compose -f docker-compose-dappmanager.yml down” then “docker-compose -f docker-compose-dappmanager.yml up -d” ?

10

Yes, you could try it

11

:sweat_smile: what should i do now ?

Capture d’écran 2021-01-21 à 19.45.48
Capture d’écran 2021-01-21 à 19.45.481406×746 59.9 KB

12

Could you move your question to a new post in the forum? such as “Addin my own VPN solution”