search

dndx / phantun

Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.
Apache License 2.0
1.58k stars 128 forks source link

WireGuard, Phantun, and iptables NAT Comprehensive Test Results and Conclusions: #145

Closed maojianyou closed 5 months ago

maojianyou commented 8 months ago

1、It was observed that without going through the tunnel, there was an 8% packet loss. Upon routing through the wg0 tunnel, the packet loss increased significantly to 35%, indicating a severe packet loss issue. 8513ee3ab91ce89e9d7ec8cbec8f5a9b 5bb948ca4e6a417ad3ed8f3a2d1964be

2、Regarding the configuration, understanding the logic of --tun-local and --tun-peer in conjunction with NAT was initially challenging. After some investigation, it became clear that NAT must be applied to the peer's tun address for proper functionality. image

3、Packet analysis revealed that most of the dropped packets were acknowledgment (ACK) packets. This could potentially raise concerns when using this setup for both domestic and international communication, as anomalous packet behavior may be easily detected. image

Jimmy-Z commented 8 months ago

In my (not very comprehensive) test, the drop rate is around 0.5% vs 0.1% with udp2raw, not saying this is related, but the amplifying factor (5x) is actually not far from yours (35/8).

I've switched back to udp2raw for a while.