Port forwarding and VPN

https://airvpn.org/topic/15226-accessing-transmission-web-interface-through-airvpn/

Before we get into AirVPN port forwarding, let's consider this example to better understand how port forwarding works in general:

your router has an internal IP 192.168.1.1 (internal means it's only reachable from within in your LAN)
your router has an external IP 234.123.111.222 (assigned by your ISP. external means it's reachable from the internet)
your PC has an internal IP 192.168.1.43
there's an application running on your PC, it's listening on port 27364, on all available IPs (192.168.1.43)

If you want to access this application from the internet:

your router will have to accept incoming connections on port 27364 on its external IP
your router will have to forward those connections to internal IP 192.168.1.43, port 27364
your PC will have to accept incoming connections on port 27364 on its internal IP

If these conditions are met, you can access 234.123.111.222:27364 from anywhere in the world and be forwarded to your PC at port 27364.

Now let's try to do that through AirVPN:

the AirVPN server has an external IP 123.234.123.123 (reachable from the internet)
your PC has an internal IP 192.168.1.43 (only reachable from within in your LAN)
your PC has an internal VPN IP 10.x.x.x (only reachable from within the VPN, or more specifically, by you and by the AirVPN server)
there's an application running on your PC, it's listening on port 27364, on all available IPs (both 192.168.1.43 and 10.x.x.x)

If you want to access this application from the internet:

AirVPN's server will have to accept incoming connections on port 27364 on its external IP
AirVPN's server will have to forward those connections to your internal VPN IP 10.x.x.x, port 27364
your PC will have to accept incoming connections on that IP/port

Step 3 is taken care by configuring your PC's firewall accordingly, whereas both step 1 and step 2 are taken care by using AirVPN's forwarding in the client area.

It's very important to keep in mind: Do not ever open/forward any ports on your router if you're forwarding through AirVPN. It's not at all necessary and might potentially leak your IP through correlation attacks.

Many, MANY super thanks, Mangy Dog!

I needed to look for it a bit furhter ^^"

I mean, if the VPN takes on the role of the router, provided I have a LAN, then it's between my router and the VPN that the port forwarding should also occur.

In that case, I fail to understand the last warning.
Or the usefulness of a router. it's either/or, I get that.
But what if I need both?

Anyway, that's not an immediate problem I have to face, but it's interesting.

Thanks again!

EDIT:
It's simple actually: if I don't use a VPN, I forward the desired on the router. If I use one, I must strictly do in on the VPN's client interface.
Anyway, port is open. No need for firewall configuration since it's taken care of in the VPN: https://airvpn.org/faq/prevent_leaks/

But this is confusing again:
https://airvpn.org/faq/routers/
That mean I can connect a router to the VPN, but I can't open the same port on both? What's the point?

The instructions that say not to forward ports on your router are for when you are using a client on a computer. If you are running VPN from your router then you do need to forward ports on the router

If you forward a port for a p2p torrent client, do NOT remap it to a different local port and make sure that the torrent client port matches the remotely forwarded port number, otherwise your client will communicate to trackers (if you use them) the wrong port: torrent clients will communicate to trackers the port number you have configured in them. As a result, you will get no incoming packets from the swarm and the torrent client network status token will remain yellow

https://airvpn.org/faq/p2p/

You'll find usefull info on this thread
https://airvpn.org/topic/12065-port-forwarding-on-linux-mint-17/

and more general info here

https://en.wikipedia.org/wiki/Port_forwarding
http://www.tunngle.net/wiki/Port_Forward
https://askubuntu.com/questions/37412/how-can-i-ensure-transmission-traffic-uses-a-vpn
https://askubuntu.com/questions/583679/transmission-daemon-over-openvpn
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
https://wiki.archlinux.org/index.php/OpenVPN
https://bbs.archlinux.org/viewtopic.php?id=176880
https://trac.transmissionbt.com/wiki/PortForwardingGuide
https://askubuntu.com/questions/592331/route-only-traffic-on-specific-port-through-vpn
https://askubuntu.com/questions/227369/how-can-i-set-my-linux-box-as-a-router-to-forward-ip-packets
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/

I stopped reading at the last link (though it seems like an interesting feature), and I've already checked the AirVPN faq.

My port is now opened, and I don't need a firewall thanks to the embedded feature in the client.

But I totally didn't know I could install anything on a router, besides the config software. I suppose it's the best method with a LAN?
Well it seems so:

There are many reasons to install VPN on your home router. First, running VPN on your home router provides a layer of protection to all devices on your network so you don’t need to set up VPN on each device. Second, Apple TV, Fire TV and other media players generally don’t allow you to install VPN on them, so running VPN on your router is often the best option to access restricted content. Finally, most VPN providers allow only three concurrent connections. By installing VPN on your router instead of each device you bypass this limitation.

https://vpntips.com/vpn-router-install/

I'll totally do that at some point, this is nice!

Muchas Mercis again Mangy Dog!

On a regular install, with gnome-shell added, transmission has opened ports now, but nothing changed on that computer (besides downloading apparmor templates and relaunching apparmor). Then ports even change on startup and are all open.

Well, it's cool that it works, but it's better if I know why...

Also, I wondered about having both VPN clients on a router and on a laptop. Would it be possible to leave the one on the computer always off, but turning it on when away from home? I need to check the AirVPN forums.