search

angelnu / pod-gateway

Container image used to set a pod gateway
Apache License 2.0
56 stars 29 forks source link

Nat port with Qbitorrent #30

Closed samos667 closed 11 months ago

samos667 commented 1 year ago

Details

Qbitorrent + port redirect VPN

I'm trying to seeding a torrent from a private tracker for test my bandwidth and check if seeding work as expected. So i start to download with my phone with mobile data for get out of my network. The upload and speed is slow. image And I didn't see my my phone as peer i see the GW is it normal ?

My cni is cilium 1.13.3 with native routing.

samos667 commented 1 year ago

Also here image But this is not my smartphone, upload is really slow

antoncuranz commented 1 year ago

Hi @samos667,

I experienced the same problem as you and did some investigation. As I understood, seeing the Gateway's IP address instead of the incoming peer's public IP is the expected behavior when using Masquerading as outbound NAT, which is how the gateway is configured.

However, I also had the feeling that the performance/connectibility was limited, so I looked for ways around this.

One solution is to use SNAT instead of Masquerading. SNAT requires you to configure a static outbound gateway IP, which is probably the reason why Masquerading is currently used. I guess this can be set to the "internal" VPN IP (e.g. the Address value of a Wireguard config), which should be static depending on the VPN provider.

I added an option to configure an _SNATIP and thus use SNAT instead of Masquerading in this PR: #41 With this configuration, I have the impression that the performance is better, although I cannot explain why that is the case.

samos667 commented 11 months ago

Hi @samos667,

I experienced the same problem as you and did some investigation. As I understood, seeing the Gateway's IP address instead of the incoming peer's public IP is the expected behavior when using Masquerading as outbound NAT, which is how the gateway is configured.

However, I also had the feeling that the performance/connectibility was limited, so I looked for ways around this.

One solution is to use SNAT instead of Masquerading. SNAT requires you to configure a static outbound gateway IP, which is probably the reason why Masquerading is currently used. I guess this can be set to the "internal" VPN IP (e.g. the Address value of a Wireguard config), which should be static depending on the VPN provider.

I added an option to configure an _SNATIP and thus use SNAT instead of Masquerading in this PR: #41 With this configuration, I have the impression that the performance is better, although I cannot explain why that is the case.

Sorry I didn't see your comment. I got a huge improvement in my ratio with fixing my MTU mismatch. You will get more info about this here