Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hole punching fails #46

Closed
fireapp opened this issue Nov 25, 2019 · 4 comments
Closed

hole punching fails #46

fireapp opened this issue Nov 25, 2019 · 4 comments

Comments

@fireapp
Copy link

fireapp commented Nov 25, 2019
edited
Loading

one lighthouse ip : 192.168.111.1
two local nodes are behind a difficult nat, ip : 192.168.111.2 and 192.168.111.4
two local nodes can not connect each other

here is node 192.168.111.2 logs

 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.1.13:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.122.1:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="172.17.0.1:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.1.13:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.122.1:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="172.17.0.1:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.1.13:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.122.1:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="172.17.0.1:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="219.142.145.143:33902" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.1.13:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.122.1:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="172.17.0.1:46888" vpnIp=192.168.111.4
@rawdigits
Copy link
Collaborator

Are 192.168.111.2 and 192.168.111.4 on the same local network? It seems surprising that the local packets are also failing, if so. IE:

 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.1.13:46888" vpnIp=192.168.111.4
 level=info msg="Handshake message sent" handshake="map[stage:1 style:ix_psk0]" initiatorIndex=1352070048 remoteIndex=0 udpAddr="192.168.122.1:46888" vpnIp=192.168.111.4

which appears to show handshake attempts to 192.168.1.13 and 192.168.122.1. (I'm guessing 192.168.122.1 indicates libvirt is in use?)

@fireapp
Copy link
Author

fireapp commented Nov 25, 2019

yes, 192.168.122.1 is interface virbr0

nodes 192.168.111.2 and 192.168.111.4 are on different routers, but has same ip segment 192.168.1.1/24
When I restarted many times nebula, it can work ok

@jocull
Copy link

jocull commented Dec 8, 2019
edited
Loading

Not out to necro this issue too much, but I also tried to set this up with a public lighthouse and a single node behind NAT tonight. I was unable to ping the lighthouse until I opened a node firewall port for 4242, even with reverse punching enabled. Wasn’t able to determine exactly why, but just wanted to mention it

@admun
Copy link

admun commented Feb 1, 2020

I seem to be seeing a similar issue. One lighthouse in digital ocean, and a node behind NAT at home. ping seems to be sent to lighthouse, inbound/outbound ACL set to all tcp/udp, yet ping blackhole'd.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jocull @admun @rawdigits @fireapp