search

TelegramMessenger / MTProxy

5.01k stars 831 forks source link

Discussion: Resolving external IP via STUN for servers behind NAT #85

Open savely-krasovsky opened 6 years ago

savely-krasovsky commented 6 years ago

There are many providers that provides VPS behind NAT (Scaleway, Azure, etc.). We have --nat-info param to solve this problem, but I think it will better to try resolve external IP via STUN at first and poll it time by time, in case it changed.

So here is small goals list:

What do you think about this, is it worth enough to implement?

themiron commented 6 years ago

what if to get proxy's external ip directly from the upstream server, since proxy is connecting to it anyway from it's external address. in such cases no deps on external stun servers is required.

dshcherb commented 6 years ago

Another use-case is destination-based policy routing so that telegram-specific traffic gets routed through VPN:

client -> rtr (NAT) -> mtproxy target servers <- rtr (VPN) <- mtproxy

This is also achievable with kernel-level VRFs if you have one VRF for incoming traffic reception and response and another one for sending data to the upstream proxy or destination telegram servers (a non-vpn and a vpn interface would be enslaved to different VRFs). This will work provided that mtproto-proxy binds a listening socket to an address on a non-vpn interface and a sending socket to a vpn interface.

Unless you own a remote endpoint you can't reliably know which address will be assigned to you so some form of an outside service is needed which STUN can be used for.

You could always do something like below with a restful service and periodically update this option and reload a daemon but it needs to be better than that.

# rfc5737
curl ipinfo.io/ip
203.0.113.100

nslookup ipinfo.io        

Server:     127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:   ipinfo.io
Address: 216.239.32.21
Name:   ipinfo.io
Address: 216.239.34.21
Name:   ipinfo.io
Address: 216.239.36.21
Name:   ipinfo.io
Address: 216.239.38.21

ip rule add from all to 216.239.32.21 lookup vpntable111
ip rule add from all to 216.239.34.21 lookup vpntable111
ip rule add from all to 216.239.36.21 lookup vpntable111
ip rule add from all to 216.239.38.21 lookup vpntable111

curl ipinfo.io/ip
192.0.2.10

# set nat-info to <your-private-address-behind-nat>:192.0.2.10