search

heistp / irtt

Isochronous Round-Trip Tester
GNU General Public License v2.0
185 stars 23 forks source link

IRTT and Cloudflare tunneling support/setup? #39

Open Kodalem opened 1 year ago

Kodalem commented 1 year ago

I am trying to getting IRTT Server to work with Cloudflare(d) Tunneling Access service. Explanation and documentation here https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/

I have done the following: Using the WARP client which allows UDP packets, which this documentation has said it uses - it cannot connect to the host server from the client terminal over the domain using my own domain and tunneling settings with the port of 2112. Using the basic tunneling option over HTTP, HTTPS, SMD, SSH and TCP service with localhost as the address, also the server in the terminal irtt server -b irtt.XXXXX.com:2112 -d 0 -i 0 --hmac=XXXXX --fill=rand and irtt server -b localhost:2112 -d 0 -i 0 --hmac=XXXXX --fill=rand - same story, it cannot connect to the host server from the client terminal over the domain using my own domain and tunneling settings with the port of 2112 or any other one.

It works only in the local internet environment and perfectly without any hiccups.

I do not have any option to open up the ports through my own home ISP nor the university laboratories due to security concerns, which is why I use and force to use tunneling. Tunneling has been successful before and the reason why I am trying to get it to work with hosting a smokeping service and website to do my research in internet load latency measurement and networking. Currently relegating to use fping and DNS's dig probes instead as a replacement to get data from my satellite connected smokeping's child's packet to the parent.

heistp commented 1 year ago

Hi, I have not read all the documentation for the Cloudflare tunneling access service, but you would need to make sure that incoming packets into their network aren't blocked for any reason, and that they get to you. I would use tcpdump/wireshark to find out if any UDP/2112 packets are arriving to your server, or not. If not, that suggests there's something in the tunnel config to look at.

That said, instead of binding to an IP, you could also test it with irtt server --set-src-ip -d 0 -i 0 --hmac=XXXXX --fill=rand. That way, regardless of what address the UDP/2112 packets are coming in on, the irtt server will receive them, and at the same time, outgoing packets will use the same address they came in on, to avoid any potential routing problems.

To confirm, irtt only uses UDP packets on the specified port (2112 in your case). So, we just have to get those passed properly between client and server!