YaCy VPN Problem: Cannot be reached from outside

YaCy works with peers nicely, but only if no VPN is used to connect to the internet.
What is likely the problem and how can this be diagnosed or remedied? (Other than by not using a VPN!)

Perhaps somebody could solve this problem by creating a YaCy instance which worked perfectly until it connected using a VPN, and then managed to diagnose the issue.

Peers need to reach your yacy instance through an open port on your public IP if you want to work as a senior node, otherwise it’s not possible. Commercially available VPNs shares one or more IPs with lots of users at the same time and they not allow users to open ports and route back.

Cloud servers is a solution, but may be expensive on storage if you want by example to crawl lots of sites. Another solution is to rent a tiny one with public IP tunnelled(VPN) to your home instance of yacy.

1 Like

Think of it in terms of INCOMING and OUTGOING traffic…
(Just as port-opening a.k.a port-forwarding in a router is needed to host a server or for to have a “high-id” using any torrent/emule client.)

I’m no expert, but here goes… :smiley: :

Troughout a (VPN) network (and/or via using a Proxy), any INCOMING traffic would in all cases need to be correctly routed back to your instance, it’s IP, and the specific port yacy is serving.

And as is the designed nature of most VPN services, all peers attempting to do INCOMING traffic to you; All they will naturally see and know, is your VPN exit point and it’s IP (and OUTGOING ports.) And any INCOMING traffic to your VPN exit point would need to be lead to the INCOMING port of your YaCy to be a connection.

Someyhing which I’m guessing very few VPN service providers offer, As @iasee said. At least not without additional service costs, since there is only 65535 ports available at any IP.

Your VPN exit point could in many ways be thought of much in the same as a home-router and/or internet gateway. Without it having been set to route a specific port to a port on a LAN IP somewhere, no INCOMING will will be let trough successfully. And a commercial VPN service can have many steps internally, all of which would need to be set to do correct traffic routing in coherent manner, from VPN exit point and back to your instance’s IP and it’s YaCy port.

Though, it is certainly possible to achieve in many situation. perhaps trough using a Tor Hidden/Onion Services (though this would require any connecting peers of also accessing yours trough Tor) setup. And/or a VPN you yourself control more fully; Perhaps check out SoftEther and/or OpenVPN ? … PS: SoftEther kicks ass and does both openvpn and l2tp compatility!! :smiley:

Free software capable of acting as reverse-proxy such as NGINX , HAProxy or Træfik may perhaps also be an option. And the best and easiest one IMO. I’ve previously used NGINX to do ‘load-balance’ between 3-4 small YaCy instances. And it’s rel. easy to setup.
(There’s also services like CloudFlare, but that would just be very silly and waste of money on a personal YaCy instance :rofl: )

Besides those options, a so called Mesh-Networking such as B.A.T.M.A.N + OpenMesh could perhaps be used. But that would relies on a coherent and agreed-upon setup between multiple participants. And would likely be quite unstable, an unimaginable pain to coordinate, and messy to maintain. TLS certificates couldn’t work on it AFAIK… And in any case one or more participants would need be willing to serving as “gateway” regardless.

1 Like