search

dndx / phantun

Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.
Apache License 2.0
1.58k stars 128 forks source link

server sending TCP RST / reset by peer #160

Open seek2222 opened 2 months ago

seek2222 commented 2 months ago

HI all,

I have a problem that the server is sending TCP RST toward the client. I have gone through the logs and I couldn't find the root cause of sending the RST.

tshark/tcpdump from server: 36 31.420796365 SERVER_IP → CLIENT_IP TCP 54 443 → 53520 [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0 37 31.663715425 CLIENT_IP → SERVER_IP TCP 78 53530 → 443 [SYN] Seq=0 Win=42340 Len=0 MSS=1460 SACK_PERM TSval=717831679 TSecr=0 WS=2048 TFO=R

server: RUST_LOG=info /root/phantun/target/release/server --local 443 --remote 127.0.0.1:51822 &> /var/log/phantun_server.log &

~# tail -f /var/log/phantun_server.log INFO server > Remote address is: 127.0.0.1:51822 INFO server > 1 cores available INFO server > Created TUN device tun0 INFO server > Listening on 443

client: RUST_LOG=info /root/phantun/target/release/client --local 127.0.0.1:1234 --remote SERVER_IP:443 &> /var/log/phantun_client.log &

INFO client > New UDP client from 127.0.0.1:46180 INFO fake_tcp > Sent SYN to server INFO fake_tcp > Connection to SERVER_IP:443 established INFO fake_tcp > Connection (Fake TCP connection from 192.168.200.2:27979 to SERVER_IP:443) reset by peer INFO fake_tcp > Fake TCP connection to (Fake TCP connection from 192.168.200.2:27979 to SERVER_IP:443) closed

server iptables: iptables -t filter -nvL Chain INPUT (policy ACCEPT 530K packets, 197M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
562 22480 ACCEPT 0 -- tun0 0.0.0.0/0 0.0.0.0/0
562 35940 ACCEPT 0 -- tun0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 365K packets, 28M bytes) pkts bytes target prot opt in out source destination
1083 68296 DNAT 6 -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.201.2

any input is much appreciated. P.s, the 443 TCP/udp port is free from the netstat side as well. I know already that the phantun is not registering the listening port on Kernel.

smith752 commented 1 month ago

Check whether system kernel forwarding is turned on, the server side and client side the value of net.ipv4.ip_forward should be equal 1 # sysctl -a | grep "net.ipv4.ip_forward" net.ipv4.ip_forward = 1

you can execute this command to turn on kernel forwarding echo "net.ipv4.ip_forward = 1">>/etc/sysctl.conf;sysctl -p

seek2222 commented 1 month ago

@smith752 first off, thanks for replying. secondly, the ipv4 forwarding is enabled on both phantun client and server.

seek2222 commented 1 month ago

my server is running Ubuntu 22.04 and on another instance it is running on 24.04 with latest kernel installed.