Unable to connect over specific port to Compute Engine instance even after setting VPC Firewall rules

0
votes

I have a Compute Engine instance running Ubuntu 20.04 on the Google Cloud Platform.

I want to be able to connect to it over port 102. For this purpose, I opened this port by adding a rule in the 'Firewall' section under 'VPC Network'. The rules are shown below:

enter image description here

This VM instance is running an OpenVPN server with an IP address 10.8.0.1. I want to be able to connect to it from a Windows PC which acts as a VPN client (IP: 10.8.0.3).

I used the following command in Windows PowerShell to check if the port was accessible: Test-NetConnection 10.8.0.1 -Port 102 . The output is as shown below:

enter image description here

As you can see, it is able to ping but not connect via port 102.

I have checked and confirmed that the network rules set on the VPC applies to the VM instance in question, so that shouldn't be the problem. Also, the port 102 has been opened on the Client PC as well. This can be confirmed from the output of nmap -p 102 10.8.0.3 from the Virtual Machine Terminal:

enter image description here

So, why is the VM not reachable over port 102? Any help would be appreciated.

1
google-cloud-platformportgoogle-compute-engineopenvpngoogle-vpc
What service/process is listening on port 102? If you have enabled port 102 in the VPC Firewall and the Ubuntu Firewall, then look at the startup logs for the service/process. Note: the ping command is not useful for this type of problem. Ping uses the ICMP protocol which is not related to TCP/UDP port problems.John Hanley
Hi, thanks for the reply. There is no process actively listening on port 102. This is part of a bigger architecture where we have another client laptop (which is the ultimate destination). The Windows PC runs a software (Siemens Tia Portal) through which the connection is required. And it uses port 102 whenever we connect. As this was having issues, the Siemens support team asked to perform a port-checking. This is where I realised I wasn't able to reach the VM's IP over port 102. Any ideas?Ishwar Venugopal
A software/service is required to open the port before you can connect to that port.John Hanley
On your firewall rule “rfc1006-egress”, have you tried specifying the type as "egress"?... on your firewall rule screenshot, I noticed both rules with the same Ingress direction.Elba Lazo
@ElbaLazo - VPC firewall rules are smart rules. If an ingress port is allowed, the return traffic is automatically allowed. Specifying an egress port is not required.John Hanley

1 Answers

1
votes

I have followed GCP doc[1], tried replicating the situation by running iperf3 on my Linux machine on port 102 and noticed that the connection was successful. Seems like since there is no application/service listening inside your linux machine on port 102 seems to cause an issue. Try using iperf3 and test the connect on port 102 and see if the issue persists.

[1]https://cloud.google.com/community/tutorials/network-throughput