Port has been opened on router but is not actually open when portscan

[KEvinn]

I'm trying to install openvpn on a Freenas 9.10 stable train. I have been following this guide however once I'm finished with setting up the keys, client and server and ready to do the internal testing I'm getting an error that says:

TCP connection error ... connection refused

By my understanding this means that it hits the IP address but is not allowed to pass because the port its using is not open right?

So I made sure to go back on my router settings to make sure I've opened to port to the local IP of the OpenVNP jail:

--> 192.168.1.107 is OpenVPN jail ip



Now on other questions I've read that u can use portscans to see if its actual open, well when I did that on the .107 ip it came up with 0 open ports. So to make sure the program is working fine, I made it search ports on my Freenas ip and it came up with ports such ass 21&22 for FTP and SSH, which I've opened the same way on the router for the .107 Open VPN jail.

But closed when port scan-->

Code:

Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-10 09:14 CEST
Nmap scan report for 192.168.1.107
Host is up (0.00081s latency).
PORT     STATE  SERVICE
1194/tcp closed openvpn

So i was wondering is it possible that the port is OPEN on my router but "CLOSED" on my freenass ? Now i know that freenass doesn't block Ports as I've read, however to make for example SSH work on port 22, I have to go in the settings and make the freenass listen for SSH on port 22. Is this possible with jails? For the transmission jail for expamle I had to specify in the settings which port to listing to.

So how can i fix this port issue with the OpenVPN jail so it listens to the given port ?

 

[jgreco]

By my understanding this means that it hits the IP address but is not allowed to pass because the port its using is not open right?

That's a nightmare of conflicts.

A "connection refused" typically means that the target host refused the connection. This would be because nothing is listening. (However, sometimes firewalls return this as well. Just to make life interesting.)

"hits the IP address but is not allowed to pass because the port its using is not open" just makes no sense; if it "hits the IP address," then obviously it was "allowed to pass." If it wasn't allowed to pass, you wouldn't get a connection refused. It'd just hang.

Your issue suggests that OpenVPN isn't running, or that you haven't configured it correctly.

 

[KEvinn]

That's a nightmare of conflicts.

A "connection refused" typically means that the target host refused the connection. This would be because nothing is listening. (However, sometimes firewalls return this as well. Just to make life interesting.)

"hits the IP address but is not allowed to pass because the port its using is not open" just makes no sense; if it "hits the IP address," then obviously it was "allowed to pass." If it wasn't allowed to pass, you wouldn't get a connection refused. It'd just hang.

Your issue suggests that OpenVPN isn't running, or that you haven't configured it correctly.

Yes I have made an error and I've fixed the issues but couldn't find a way to delete this post however I have ran in another problem.
So basically everything is up and running but i have 2 issues/questions:

1. the local IP parameter i can replace that with a public ip and use a different ip then my actual home public ip to connect to the VPN right ?
2.If i connect with a device outside the VPN network ill get the public ip that the freenas has(my current home public ip), is there a way to change the public ip thats shown to websites of the freenas or VPN server? Maybe with proxy or something ? So that for example when i connect my phone to the VPN it shows that I'm in China for example and not mu true location. Or my true location bot with a different IP

 

[jgreco]

Location services typically gather information based on various data sources that might suggest where your IP is. At the highest level, the first octet of your IP address will usually map to a RIR which then makes subdelegations from that initial IANA delegation.

So, for example, if your IP address starts with 77.*, that block is allocated to RIPE, which then subdelegates to another entity such as an Internet Service Provider, which then may subdelegate that further. Your Internet Service Provider will typically provide some further information as to where that's located. However, this is supplemented by additional information such as addresses people appear to be at when they're using an IP address, so if you and a bunch of nearby-numberwise customers are ordering online or telling Google that you live in Amsterdam, this becomes a likely bet.

Of course, data flows freely on the Internet, and if you can get control of an IP address somewhere else, such as by using a VPN service, that might then make you appear to be elsewhere at first glance. There's nothing magic about a VPN service. People like to think it hides who/where you are, and it probably does hide it from random idiots like Jim Bob Moron, but it is actually fairly difficult to make it appear that you are somewhere else without either being obvious about it or without being traceable. Likewise, using a proxy doesn't necessarily hide your IP address, because in many cases the proxy passes that information along (X-Forwarded-For:, etc).