search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.16k stars 514 forks source link

DNS/COTURN Bug: credentials #1080

Open ykorzikowski opened 1 year ago

ykorzikowski commented 1 year ago

I maybe found another (dns) bug. I am re-installing netbird right now (integrate it into my ansible deploy pipeline).

My notebook always complaining in client.log

2023-08-13T12:28:11+02:00 WARN [upstream: 10.123.***.***:53, error: read udp 100.69.***.***:55316->10.123.***.***:53: i/o timeout] client/internal/d
ns/upstream.go:81: got an error while connecting to upstream
2023-08-13T12:28:11+02:00 ERRO client/internal/dns/upstream.go:101: all queries to the upstream nameservers failed with timeout

BUT

[12:29:28] :) [~]
root@yksolutions-m1:~ # nslookup app.vpn.swokiz.com 10.123.***.***
Server:     10.123.***.***
Address:    10.123.***.***#53

Non-authoritative answer:
Name:   app.***.***.***
Address: 100.69.***.***

On a fresh netbird service restart, it is working for minutes. Then netbird finds timeouts in dns and removes it from the dns resolver list.

10.123.***.*** is routed via eros.

My Mac:

Daemon version: 0.22.3
CLI version: 0.22.3
Management: Connected to https://***.***.com:33073
Signal: Connected to https://***.***.com:10000
FQDN: yksolutions-m1-1.***.net
NetBird IP: 100.69.***.***/16
Interface type: Userspace
Peers count: 14/23 Connected

Eros:

Connection to eros is always pending between Connecting and Connected. 

 eros.swokiz.net:
  NetBird IP: 100.69.***.***
  Public key: ***+tItrgs=
  Status: Connecting
  -- detail --
  Connection type:
  Direct: false
  ICE candidate (Local/Remote): -/-
  Last connection update: 2023-08-13 12:30:05
 eros.swokiz.net:
  NetBird IP: 100.69.***.***
  Public key: ***+tItrgs=
  Status: Connected
  -- detail --
  Connection type: Relayed
  Direct: false
  ICE candidate (Local/Remote): relay/host
  Last connection update: 2023-08-13 12:30:48

Its really hard to debug, because neither netbird server, netbird-client or coturn is prividing any error messages.

Only coturn is logging: 

2023-08-13T10:39:38+0000(25): INFO: session 000000000000000388: realm <***.com> user <>: incoming packet message processed, error 401: Unauthorized
Screenshot 2023-08-13 at 13 05 02
MichalNemec commented 5 months ago

have the same on 0.27.10

1040: (9): INFO: session 000000000000000057: realm <realm.com> user <>: incoming packet message processed, error 401: Unauthorized
1040: (9): INFO: session 000000000000000058: realm <realm.com> user <self>: incoming packet message processed, error 438: Wrong nonce