search

NICMx / Jool

SIIT and NAT64 for Linux
GNU General Public License v2.0
320 stars 66 forks source link

Nat64: webrtc/ICE issues #377

Closed tiagogaspar8 closed 2 years ago

tiagogaspar8 commented 2 years ago

Hi,

I've been having some issues connecting discord voice chat behind a nat64 jool instance.

I read in the nat64 RFC that ice should work so I don't get why it gets stuck in ICE checking.

Thanks for the help!

ydahhrk commented 2 years ago

Did you try disabling GRO? Maybe it's the same bug as #366 and #375

tiagogaspar8 commented 2 years ago

yeahhh, that doesn't work 😞

tiagogaspar8 commented 2 years ago

Alo, a curiosity, I can't access truenas.com behind nat64....

asdfjkluiop commented 2 years ago

Discord voice I believe uses v4 literals for its web RTC, I don't believe this is a bug with jool last I investigated it.

ydahhrk commented 2 years ago

@asdfjkluiop Thanks. Hopefully that'll settle that; this will turn out to be extremely painful otherwise.

@tiagogaspar8 With truenas.com, try enabling debug logging (sudo jool global update logging-debug true) and posting the relevant output.

Sample output block (after running dmesg):

Jool NAT64/a61e2780/default: ===============================================
Jool NAT64/a61e2780/default: Packet: 2001:db8::8->64:ff9b::c0a8:165
Jool NAT64/a61e2780/default: TCP 46650->80
Jool NAT64/a61e2780/default: Step 1: Determining the Incoming Tuple
Jool NAT64/a61e2780/default: Tuple: 2001:db8::8#46650 -> 64:ff9b::c0a8:165#80 (TCP)
Jool NAT64/a61e2780/default: Done step 1.
Jool NAT64/a61e2780/default: Step 2: Filtering and Updating
Jool NAT64/a61e2780/default: Routing: 0.0.0.0->192.168.1.101
Jool NAT64/a61e2780/default: Packet routed via device 'enp0s3'.
Jool NAT64/a61e2780/default: BIB entry: 2001:db8::8#46650 - 10.0.2.15#62305 (TCP)
Jool NAT64/a61e2780/default: Session entry: 2001:db8::8#46650 - 64:ff9b::c0a8:165#80 | 10.0.2.15#62305 - 192.168.1.101#80 (TCP)
Jool NAT64/a61e2780/default: Done: Step 2.
Jool NAT64/a61e2780/default: Step 3: Computing the Outgoing Tuple
Jool NAT64/a61e2780/default: Tuple: 10.0.2.15#62305 -> 192.168.1.101#80 (TCP)
Jool NAT64/a61e2780/default: Done step 3.
Jool NAT64/a61e2780/default: Step 4: Translating the Packet
Jool NAT64/a61e2780/default: Done step 4.
Jool NAT64/a61e2780/default: Sending packet.
Jool NAT64/a61e2780/default: Success.
Jool NAT64/a61e2780/default: ===============================================

If truenas.com's address can be found anywhere in the block, the block is relevant.

Although, I haven't tried to reproduce this yet. If it turns out I can, we're golden.

Alternatively, try this commit. I'm still hoping it might be the same bug.

asdfjkluiop commented 2 years ago

@ydahhrk I just did some poking with the ff dev console and it does indeed use v4 literals, there's nothing jool can do for discord voice. Now back to troubleshooting my own issue.

tiagogaspar8 commented 2 years ago

Hi @ydahhrk

Sorry for the delay in answering, I don't know if you have managed to reproduce this issue. I'm attaching here a output of the syslog when accessing the website. The IP's are 64:ff9b::266d:caeb and/or 38.109.202.235. If needed I can also provide a packet capture.

Thanks!

truenas.com.txt

ydahhrk commented 2 years ago

Sorry for taking so long to start this.

I was not able to reproduce the issue. For the most part, truenas.com loads fine for me. (Except for a seemingly inoffensive popup I'm not getting in the plain IPv4 version.) And, except for a level of concurrency I have never seen before, your output seems completely fine. Every relevant output block ends with label "Success".

Also, dig truenas.com also returns 38.109.202.235 for me. We're querying the same server...

I suspect something else is messing with the traffic in your environment.

The only thing I found strange is that truenas.com always forces HTTPS on me, and yet your output always employs port 80. (Except in unrelated traffic.)

  1. Try forcing HTTPS, by prefixing "https://" to the URL. What happens?
  2. Yes, it looks like I'm going to need those captures. Can you disable GRO, GSO, TSO and LRO, and send me captures for the NAT64's IPv6 interface, as well as the IPv6 client's interface?
tiagogaspar8 commented 2 years ago

Sorry for the delay in a reply, life's been crazy.

So, you made me aware of a new thing, truenas.com is now available over over IPv6! yay! I'm proud 😄 On another note, the issue was really with the IPv4 version of the website, but since it has moved to IPv6 I have no way to test it, and since there is IPv6 available I believe it's not a priority. Also I believed they changed hosting so I believe I could not reproduce the issue even if I wanted. Thank you for the help! I believe this can now be closed unless you believe we need something else.