search

M0dEx / quincy

QUIC-based VPN
MIT License
102 stars 10 forks source link

Two clients in the same nat cannot communicate with each other #56

Closed xmh0511 closed 6 months ago

xmh0511 commented 6 months ago 
     Server
       |
       NAT 
     /     \
    /       \
  A           B

In this network structure, A and B may have the same public IP and different ports, and A cannot successfully send packets to B nor vice versa since the NAT does not support NAT_hairpinning. We may need to make A directly send packets to B via the local network IP addresses?

M0dEx commented 6 months ago

This technically should not be needed, as the traffic will be routed through the server. Since the clients only share the IP, not the socket, the traffic should pass just fine.

However, routing traffic between clients does not work as of now, which seems to be a bug in the server-side implementation: #41.

M0dEx commented 6 months ago

@xmh0511 Could you test this with the client-isolation branch?

cargo install quincy --git https://github.com/M0dEx/quincy.git --branch 'client-isolation'

When you set isolate_clients in the server config to false, you should be able to send traffic between the two clients through the Quincy connection.

xmh0511 commented 6 months ago

@xmh0511 Could you test this with the client-isolation branch?

cargo install quincy --git https://github.com/M0dEx/quincy.git --branch 'client-isolation'

When you set isolate_clients in the server config to false, you should be able to send traffic between the two clients through the Quincy connection.

Running two clients, one is on my macOS, and another is on Windows in my vmware. The windows client can successfully ping the one on macOS, but not vice versa.

windows

截屏2024-03-19 15 51 17 截屏2024-03-19 15 51 25

macOS

截屏2024-03-19 15 50 53 截屏2024-03-19 15 51 51
M0dEx commented 6 months ago

What does the routing table look like on Windows and on MacOS?

Windows: route print -4 MacOS: netstat -nr -f inet

xmh0511 commented 6 months ago

What does the routing table look like on Windows and on MacOS?

Windows: route print -4 MacOS: netstat -nr -f inet

windows

截屏2024-03-20 09 38 10

macOS

截屏2024-03-20 09 38 52

Windows ping macOS -> Successfully

ping 10.0.2.3

macOS ping Windows -> fail

ping 10.0.2.2

M0dEx commented 6 months ago

Fortunately, I have the acces to a Windows and a MacOS system, so I will attempt to reproduce this locally and come up with a fix.

M0dEx commented 6 months ago

Seems this is not an issue with Quincy. Inbound ICMP is dropped by default on Windows. You have to enable the Core Networking Diagnostics - ICMP Echo Request (ICMPv4-In) rule for the ping from MacOS to work.

xmh0511 commented 6 months ago

Seems this is not an issue with Quincy. Inbound ICMP is dropped by default on Windows. You have to enable the Core Networking Diagnostics - ICMP Echo Request (ICMPv4-In) rule for the ping from MacOS to work.

That's the actual reason here. I ran the command

netsh firewall set icmpsetting 8

on my Windows, and it works now. Seems this issue has been fixed.