Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

虚拟机使用 NAT 网卡时存在连接后断线的问题,请用桥接模式.(unstable on NAT mode virutal machine,stick to bridged mode plz) #8

Closed
oing9179 opened this issue Aug 12, 2017 · 7 comments
Closed

虚拟机使用 NAT 网卡时存在连接后断线的问题,请用桥接模式.(unstable on NAT mode virutal machine,stick to bridged mode plz) #8

oing9179 opened this issue Aug 12, 2017 · 7 comments
Labels
solved

Comments

@oing9179
Copy link

基本信息

  • 宿主机系统: Ubuntu 16.04
  • 虚拟机宿主软件: VirtualBox 5.1.26
  • 虚拟机内操作系统: Ubuntu 16.04 Server
  • 虚拟机网卡模式: NAT
  • udp2raw 版本: 20170809.0
  • 宿主机防火墙: 关闭
  • 虚拟机防火墙:
    执行 ufw status verbose 的输出: 
    Status: active
Logging: on(low)
Default: allow (incoming), allow (outgoing), deny (routed)
...

问题描述

在宿主机内运行 udp2raw 并将某软件设定为把 UDP 流量发送到 udp2raw 后,可以正常使用。
使用了如下命令行参数:

  • 客户端: sudo ./udp2raw_amd64 -c -l 127.0.0.1:12345 -r <server_ip>:<server_port> -a -k "密钥" --raw-mode faketcp
  • 服务器端: sudo ./udp2raw_amd64 -s -l <server_ip>:<server_port> -r 127.0.0.1:12345 -a -k "密钥" --raw-mode faketcp

在虚拟机内使用上面相同的命令行参数,会导致: 大多数情况下 TCP 握手成功后没多久就会重新回到 idle 状态然后又重新开始握手,就这样循环。下面是日志。

客户端日志

root@ubuntu-vm:~# /usr/bin/v2ray/udp2raw_amd64 -c -l 127.0.0.1:12345 -r <server_ip>:<server_port> -a -k "密钥" --raw-mode faketcp
[2017-08-12 18:04:35][INFO]argc=11 /usr/bin/v2ray/udp2raw_amd64 -c -l 127.0.0.1:12345 -r <server_ip>:<server_port> -a -k 密钥 --raw-mode faketcp                                                                     
[2017-08-12 18:04:35][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=aes128cbc auth_mode=crc32 key=密钥 local_ip=127.0.0.1 local_port=12345 remote_ip=<server_ip> remote_port=<server_port> source_ip=0.0.0.0 source_port=0 socket_buf_size=1048576                                                      
[2017-08-12 18:04:35][INFO]const_id:9714f62                                                                  
[2017-08-12 18:04:35][WARN]auto added iptables rule by:  iptables -I INPUT -s <server_ip>/32 -p tcp -m tcp --sport <server_port> -j DROP -m comment --comment udp2raw_dWRwMnJhdw_9714f62_2017-08-12-18:04:35                     
[2017-08-12 18:04:35][INFO]get_src_adress called
[2017-08-12 18:04:35][INFO]source ip = 10.0.2.15                                                             
[2017-08-12 18:04:35][INFO]using port 26485                                                                  
[2017-08-12 18:04:35][INFO]state changed from client_idle to client_tcp_handshake                            
[2017-08-12 18:04:35][INFO](re)sent tcp syn                                                                  
[2017-08-12 18:04:35][INFO]state changed from client_tcp_handshake to client_handshake1
[2017-08-12 18:04:35][INFO](re)sent handshake1
[2017-08-12 18:04:35][INFO]changed state from to client_handshake1 to client_handshake2,my_id is 1fbaddb9,oppsite id is d24e337c
[2017-08-12 18:04:35][INFO](re)sent handshake2
[2017-08-12 18:04:36][INFO]changed state from to client_handshake2 to client_ready
// 从这里开始, 某软件开始向 udp2raw 发送 UDP 包
[2017-08-12 18:04:36][INFO]new packet from 127.0.0.1:46811,conv_id=64985eee
[2017-08-12 18:04:38][INFO]new packet from 127.0.0.1:57660,conv_id=e42401b2
[2017-08-12 18:04:44][INFO]new packet from 127.0.0.1:42744,conv_id=e1f83deb
[2017-08-12 18:04:44][INFO]new packet from 127.0.0.1:32847,conv_id=2c10165
[2017-08-12 18:04:46][INFO]new packet from 127.0.0.1:46727,conv_id=3b823eb8
[2017-08-12 18:04:54][INFO]new packet from 127.0.0.1:52044,conv_id=b41c1778
[2017-08-12 18:04:54][INFO]new packet from 127.0.0.1:41828,conv_id=30405002
[2017-08-12 18:04:54][INFO]new packet from 127.0.0.1:47710,conv_id=3f6ae6a0
[2017-08-12 18:04:56][INFO]state back to client_idle from  client_ready bc of send-direction timeout
[2017-08-12 18:04:56][INFO]using port 28558
[2017-08-12 18:04:56][INFO]state changed from client_idle to client_tcp_handshake
[2017-08-12 18:04:56][INFO](re)sent tcp syn
[2017-08-12 18:04:56][INFO]state changed from client_tcp_handshake to client_handshake1
[2017-08-12 18:04:56][INFO](re)sent handshake1
[2017-08-12 18:04:57][INFO]changed state from to client_handshake1 to client_handshake2,my_id is 4f25bcd3,oppsite id is 21242b51
[2017-08-12 18:04:57][INFO](re)sent handshake2
[2017-08-12 18:04:57][INFO]changed state from to client_handshake2 to client_ready
^C[2017-08-12 18:05:02][INFO]epoll interrupted by signal

[2017-08-12 18:05:02][WARN]iptables rule cleared by: iptables -D INPUT -s <server_ip>/32 -p tcp -m tcp --sport <server_port> -j DROP -m comment --comment udp2raw_dWRwMnJhdw_9714f62_2017-08-12-18:04:35

服务器端日志

root@ubuntu-remote-server:~# /usr/bin/udp2raw-tunnel/udp2raw_amd64 -s -l <server_ip>:<server_port> -r 127.0.0.1:12345 -a -k "密钥" --raw-mode faketcp
[2017-08-12 10:04:33][INFO]argc=11 /usr/bin/udp2raw-tunnel/udp2raw_amd64 -s -l <server_ip>:<server_port> -r 127.0.0.1:12345 -a -k 密钥 --raw-mode faketcp 
[2017-08-12 10:04:33][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=aes128cbc auth_mode=crc32 key=密钥 local_ip=<server_ip> local_port=<server_port> remote_ip=127.0.0.1 remote_port=12345 source_ip=0.0.0.0 source_port=0 socket_buf_size=1048576 
[2017-08-12 10:04:33][INFO]const_id:db10ea89
[2017-08-12 10:04:33][WARN]auto added iptables rule by:  iptables -I INPUT -p tcp -m tcp --dport <server_port> -j DROP -m comment --comment udp2raw_dWRwMnJhdw_db10ea89_2017-08-12-10:04:33
[2017-08-12 10:04:35][INFO][ISP的IP:ISP的端口]received syn,sent syn ack back
[2017-08-12 10:04:35][INFO][ISP的IP:ISP的端口]got packet from a new ip
[2017-08-12 10:04:35][INFO][ISP的IP:ISP的端口]created new conn,state: server_handshake1,my_id is d24e337c
[2017-08-12 10:04:35][INFO][ISP的IP:ISP的端口]changed state to server_handshake1,my_id is d24e337c
[2017-08-12 10:04:36][INFO][ISP的IP:ISP的端口]received handshake oppsite_id:1fbaddb9  my_id:d24e337c
[2017-08-12 10:04:36][INFO][ISP的IP:ISP的端口]oppsite const_id:9714f62 
[2017-08-12 10:04:36][INFO][ISP的IP:ISP的端口]changed state to server_ready
[2017-08-12 10:04:56][INFO][ISP的IP:ISP的端口 新的]received syn,sent syn ack back
[2017-08-12 10:04:57][INFO][ISP的IP:ISP的端口 新的]got packet from a new ip
[2017-08-12 10:04:57][INFO][ISP的IP:ISP的端口 新的]created new conn,state: server_handshake1,my_id is 21242b51
[2017-08-12 10:04:57][INFO][ISP的IP:ISP的端口 新的]changed state to server_handshake1,my_id is 21242b51
[2017-08-12 10:04:57][INFO][ISP的IP:ISP的端口 新的]received handshake oppsite_id:4f25bcd3  my_id:21242b51
[2017-08-12 10:04:57][INFO][ISP的IP:ISP的端口 新的]oppsite const_id:9714f62 
[2017-08-12 10:04:57][INFO][ISP的IP:ISP的端口 新的]grabbed a connection
[2017-08-12 10:04:57][INFO][ISP的IP:ISP的端口 新的]inactive conn cleared 
^C[2017-08-12 10:05:06][INFO]epoll interrupted by signal

[2017-08-12 10:05:06][WARN]iptables rule cleared by: iptables -D INPUT -p tcp -m tcp --dport <server_port> -j DROP -m comment --comment udp2raw_dWRwMnJhdw_db10ea89_2017-08-12-10:04:33

烦请开发者分析该问题的原因以及解决办法。
@wangyu-
Copy link
Owner

wangyu- commented Aug 12, 2017
edited

虚拟机的的udp2raw不用特殊设置。

我觉得可能是虚拟机的NAT实现跟虚拟机内的内核有交互(为了高效),因为udp2raw是绕过内核发包的,可能导致虚拟机过早得回收了NAT PIPE,建议换用桥接模式测试一下。

我刚才也复现了类似问题,我先把readme里对NAT模式的虚拟机的支持注释掉了

@oing9179 oing9179 changed the title 虚拟机内udp2raw是否需要特别的一些设定? 虚拟机使用 NAT 网卡时, 可能因 NAT PIPE 被过早的回收而导致与服务器的连接被 NAT 网卡单方面切断. Aug 12, 2017
@oing9179
Copy link
Author

@wangyu- Reply #2

改成桥接模式后能正常使用。

@wangyu-
Copy link
Owner

wangyu- commented Aug 12, 2017

多谢反馈问题。这个是虚拟机本身nat机制的问题了,在udp2raw这个层面估计无法fix,所以我先close了。

解决方案就是我把readme里的nat支持描述删了,暂时只用bride模式。

====
It maybe buggy to use udp2raw due to (possible) special implementation of NAT mode virutal machine.So plz stick to brideged mode at the moment.

@wangyu- wangyu- closed this as completed Aug 12, 2017
@wangyu- wangyu- changed the title 虚拟机使用 NAT 网卡时, 可能因 NAT PIPE 被过早的回收而导致与服务器的连接被 NAT 网卡单方面切断. 虚拟机使用 NAT 网卡时存在连接后断线的问题,请用桥接模式.(unstable on NAT mode virutal machine,stick to bridged mode plz) Aug 12, 2017
@wangyu- wangyu- added solved and removed solved labels Aug 13, 2017
@wangluyichen
Copy link

[2017-12-08 04:38:40][INFO]using port 64088
[2017-12-08 04:38:40][INFO]state changed from client_idle to client_tcp_handshake
[2017-12-08 04:38:40]INFOsent tcp syn
[2017-12-08 04:38:42]INFOsent tcp syn
[2017-12-08 04:38:43]INFOsent tcp syn
[2017-12-08 04:38:44]INFOsent tcp syn
[2017-12-08 04:38:45]INFOsent tcp syn
客户端提示这个,环境是 虚拟机(vitual box),桥接模式
用的是你发的固件

@wangluyichen
Copy link

[2017-12-08 04:41:50][INFO]state back to client_idle from client_tcp_handshake
[2017-12-08 04:41:51][INFO]using port 60173
[2017-12-08 04:41:51][INFO]state changed from client_idle to client_tcp_handshake
[2017-12-08 04:41:51]INFOsent tcp syn
[2017-12-08 04:41:52]INFOsent tcp syn
[2017-12-08 04:41:53]INFOsent tcp syn
[2017-12-08 04:41:54]INFOsent tcp syn
[2017-12-08 04:41:55]INFOsent tcp syn
[2017-12-08 04:41:56][INFO]state back to client_idle from client_tcp_handshake
[2017-12-08 04:41:56][INFO]using port 30800
[2017-12-08 04:41:56][INFO]state changed from client_idle to client_tcp_handshake
[2017-12-08 04:41:56]INFOsent tcp syn
[2017-12-08 04:41:57]INFOsent tcp syn
[2017-12-08 04:41:59]INFOsent tcp syn

@oing9179
Copy link
Author

oing9179 commented Dec 8, 2017
edited

@wangluyichen Reply #5

如果您对 udp2raw 有问题请开新的 issue 并提供详细的问题描述(参考这里),而不是写在这个已经解决了的 issue 里。

@wangluyichen
Copy link

@oing9179 好的,明白了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
solved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@oing9179 @wangyu- @wangluyichen