suyuan168
commented
2 years ago v2ray does not support port ranges
Closed Network-Traditions closed 2 years ago
suyuan168
commented
2 years ago v2ray does not support port ranges
Network-Traditions
commented
2 years ago @suyuan168 Thank you for the quick answer. I suspected v2ray did not support port ranges and to a lesser degree thought my configuration syntax was incorrect. I started an investigation into v2ray with a google search and determined the answer would take some digging. I also considered the possibility that the answer for v2ray deployments for anything other than OpenMPTCProuter may not be consistent so I posted my question here. Thanks again for your help. This allowed me to move on in configuring a production test environment anchored with 5G and StarLink connectivity to service a typical small business server deployment. Currently we have successfully deployed a full service Zimbra Collaboration server, FreePBX VOIP server, NGINX web server (NextCloud, WordPress, etc), ConnectWise On-Premise server, Site to Site IPsec/OpenVPN connectivity through pfSense with no outbound NAT connected to the OpenMPTCProuter. While I have some reliability issues with MODEMMANAGER's connection to our Telit modem and some limited issues with the Intel I225v3 NICs of our hardware platform, the system is working quite well. We have tried to deploy this configuration on the v5.15 version of OpenMPTCProuter, but the I225v3s have dependency issues and the configuration completely breaks the MPTCP support on both the StarLink and Tmobile 5G connections in addition to a number of other issues. I will try the beta 6 or latter versions at a later date to see how things pan out as I'm looking forward to stabilizing the configuration. I continue to look forward to providing valuable feedback to enhance the project!
Llorx
commented
1 year ago What if openmptcprouter opens a single tunnel for each port in the port range instead of letting v2ray handle the range (which is not possible)? That will make the configuration less tedious. I have a server that needs to open ports with ranges in the hundreds and is going to be really painful to do so.
Network-Traditions
commented
1 year ago Today, our system is working far more reliably. Our configuration utilizes a series of V2Ray port forwards for our direct media VOIP communications. Utilizing the shadowsocks VPN instead of V2Ray resulted in failed outbound audio. The call would connect and the called party's audio was present at the originating handset, but the originator's audio could not be heard at the called party's handset. For inbound calls, all worked appropriately with audio present at the called and originating party's handsets.
Despite BLEST and ECF TCP schedulers combined with BBR2 congestion control with and without SQM autorate providing greater bandwidth test results with synthetic benchmarks, the actual connectivity experience, especially with our VOIP communications was problematic. We've switched to the default scheduler with cubic congestion control without SQM and found our real world connectivity is far superior. Occasionally, we still experience some jitter with our VOIP, but it is reasonable and we plan on implementing traffic shaping of some nature to address this issue (either at our pfSense router or OMR). The nature of Starlink and T-Mobile 5G at our location, makes traffic shaping difficult at best, event with SQM autorate.
The last piece of our puzzle has been finding a new VPS service in our local area. Our original provider IONOS, which was in the central US added about 30ms to our OMR latency. Combined with the fact that Starlink and T-Mobile ingress to the internet is often not very local as well results in an average latency of about 100ms. Combined with the aggravations of IONOS never ending service problems, moving to a VPS service in the southwest US where we are located significantly improved our connectivity at the user experience level since we have a great deal of local internet traffic. Oracle also has a data center local to our location, however we have found their x86 VPS offerings lacking in network/latency performance even with unjustifiably over spec'd multi vCPU/RAM configurations. That being said, we currently launched a VPN server on their "Ampere" platform with 4vCPUs, 4Gbit Bandwidth using Oracle 9 and OpenVPN v2.6 with Data Channel Offload. It's performance has been amazing. Synthetic bandwidth testing was virtually equal to the raw bandwidth of the client. Our actual traffic consists of multiple video streaming connections, often in 4K, working flawlessly. Subsequently we will continue our efforts to deploy OMR on top of a Debian based "Ampere" utilizing an upstream MPTCP version in hopes of achieving the same high level of performance at a price that can't be beat (FREE).
From: "Jorge Fuentes" @.> To: "Ysurac/openmptcprouter" @.> Cc: "Network Traditions LLC" @.>, "State change" @.> Sent: Sunday, April 2, 2023 3:21:34 AM Subject: Re: [Ysurac/openmptcprouter] Can a UDP port range be forwarded using V2Ray? (Issue #2392)
What if openmptcprouter opens a single tunnel for each port in the port range? That will make the configuration less tedious. I have a server that needs to open ports with ranges in the hundreds and is going to be really painful to do so.
— Reply to this email directly, [ https://github.com/Ysurac/openmptcprouter/issues/2392#issuecomment-1493289926 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AZJRPVBGJNU56EHYH3ICLTLW7FHK5ANCNFSM5ZAVTLIQ | unsubscribe ] . You are receiving this because you modified the open/close state. Message ID: @.***>
Llorx
commented
1 year ago That's really insightful @Network-Traditions. I'm really grateful for all your comments in this repository issues. They all are very detailed.
Goal: Support RTP "Direct Media" for Asterisk pjSIP VOIP application Context: Public SIP Trunk Provider: Flowroute.com configured for pjSIP protocol --- Tmobile --- Flowroute - VPS-| |-OpenMPTCProuter-pfsense-Asterisk --- Starlink ---
OpenMPTCProuter: (See Configuration at the end) pfSense: v2.6.0 configured with outbound NAT disabled and static routing Asterisk: FreePBX (v15.0.23)
Currently working using port v2ray port forwarding for SIP TCP/UDP and VPN port forwarding for RTP UDP "Direct Media" port range (entered as: "#####-#####").
What doesn't see to work, using port v2ray port forwarding for SIP TCP/UDP and RTP UDP "Direct Media" port range (entered as: "#####-#####").
Can a UDP port range be forwarded using OpenMPTCProuter's V2Ray port forwarding? If so, would v2ray be superior to VPN for the "Direct Media" RTP/UDP traffic given proper hardware resources?
OpenMPTCProuter: v0.59beta6-5.4 OpenMPTCProuter VPS version: 0.1026 Virtualization: vmware Operating System: Debian GNU/Linux 10 (buster) Kernel: Linux 5.4.100-mptcp Architecture: x86-64 OpenMPTCProuter VPS provider: IONOS.com 2 vCore 2GB RAM "Type M VPS" OpenMPTCProuter platform: x86_64 (HUNSN FNR-RS34G https://www.hunsn.com/item/network-security-firewall/pfsense-mini-pc) Telit FN980 5G Modem (HWv1.0 https://www.telit.com/devices/fn980-and-fn980m-data-cards-support-5g/) USB3.0 M.2 Key B Modem Adapter Enclosure (https://thewirelesshaven.com/shop/mini-pcie-m2-adapters/modem-enclosure/usb3-0-to-ngff-m-2-key-b-4g-5g-modem-adapter-enclosure-with-sim-card-slot-new-style/)
ISPs:
T-Mobile 5G Business Internet with static IP (Currently weak LTE only signal) StarLink version 2 configured as Ethernet bridge connected to I225V3 eth0 (200Mbps Down/40Mbps Up MAX)