dndx / phantun

Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.
Apache License 2.0
1.71k stars 137 forks source link

Unable to connect (tcpdump result attached) #120

Closed terrytw closed 1 year ago

terrytw commented 1 year ago

Hi, thanks for this interesting project! Really appreciate the work!

I have been trying to set it up without any success. Here is my setup and some information:

Client listens on port 8081, and the network interface is ens18. Server listens on port 8080, network interface is eth0.

I tried tcpdump on server tcpdump tcp -i eth0 -t -s 0 and dst port 8080 There is no result at all.

I tried tcpdump and catch incoming traffic on client tcpdump tcp -i ens18 -t -s 0 and dst port 8081 Result is

IP Openwrt.lan.1090 > Debian.lan.8081: UDP, length 148
IP Openwrt.lan.1090 > Debian.lan.8081: UDP, length 148
IP Openwrt.lan.1090 > Debian.lan.8081: UDP, length 148
IP Openwrt.lan.1090 > Debian.lan.8081: UDP, length 148
IP Openwrt.lan.1090 > Debian.lan.8081: UDP, length 148

But tcpdump udp -i tun0 -t -s 0 and dst port 8081 shows nothing.

Then I tried to capture outgoing traffic on the client: tcpdump tcp -i tun0 -t -s 0 and dst port 8080 result:

IP 192.168.200.2.64520 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.64520 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.64520 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.64520 > *********.8080: Flags [R], seq 0, win 65535, length 0
IP 192.168.200.2.33010 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.33010 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.33010 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.33010 > *********.8080: Flags [R], seq 0, win 65535, length 0
IP 192.168.200.2.2823 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.2823 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.2823 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.2823 > *********.8080: Flags [R], seq 0, win 65535, length 0
IP 192.168.200.2.50248 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.50248 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.50248 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.50248 > *********.8080: Flags [R], seq 0, win 65535, length 0
IP 192.168.200.2.47279 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
IP 192.168.200.2.47279 > *********.8080: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0

But tcpdump tcp -i ens18 -t -s 0 and dst port 8080 shows nothing.

So in conclusion, the packet definitely does not reach the server. On the client, incoming packet only shows on ens18 while outgoing packets only show on tun0.

I am not super familiar with networking in general, can you please give me some hint as to how I can resolve this?

terrytw commented 1 year ago

It is routing and network issue. Fixed.

irocnX commented 1 year ago

@terrytw Hello, I have same issue, Could you tell what's cause about routing ?

terrytw commented 1 year ago

Check https://www.vinoca.org/openwrtpei-zhi-tou-ming-dai-li/

For me it was just client routing issue.

irocnX @.***> 于 2023年10月12日周四 21:07写道:

@terrytw https://github.com/terrytw Hello, I have same issue, Could you tell what's cause about routing ?

— Reply to this email directly, view it on GitHub https://github.com/dndx/phantun/issues/120#issuecomment-1759581183, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFY26LALLDEZMVDWUUYLOI3X67TSJANCNFSM6AAAAAAYZJL65I . You are receiving this because you were mentioned.Message ID: @.***>