search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.26k stars 517 forks source link

Can't Connected #1744

Open youlvlv opened 8 months ago

youlvlv commented 8 months ago

Describe the problem

I have a Raspberry Pi with the Ubuntu system inside. Computers within the same local network can successfully connect to the Raspberry Pi using Netbird. However, most other computers outside of this network cannot establish a connection with the Raspberry Pi, except for my own computer. My computer and the Raspberry Pi are on the same network. It seems that the Netbird on the Raspberry Pi is constantly attempting to use P2P, while my computer directly uses a relay for connection.

Are you using NetBird Cloud? self-host NetBird's control plane.

NetBird version

0.26.3

NetBird status -d output: Peers detail: xiaojueshi-mac-air-15.netbird.selfhosted: NetBird IP: 100.82.11.76 Public key: RGcYaU+2NVs3eIsi3pLS7L+QMu8ttQMUVMf6tz16xQQ= Status: Connecting -- detail -- Connection type: Direct: false ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Last connection update: 2024-03-25 17:06:39 Last WireGuard handshake: - Transfer status (received/sent) 0 B/0 B Quantum resistance: false Routes: -

kp-windows.netbird.selfhosted: NetBird IP: 100.82.56.19 Public key: 88+O16ujpTv1pnMz5TnCOq7zDMHwE2c9pgnra5U6Ey0= Status: Disconnected -- detail -- Connection type: Direct: false ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Last connection update: - Last WireGuard handshake: - Transfer status (received/sent) 0 B/0 B Quantum resistance: false Routes: -

iphone-admin.netbird.selfhosted: NetBird IP: 100.82.86.79 Public key: 42Op9CmuGMtEgh31SQjsN6vHNFJmiwNW0ETfm9AfZQw= Status: Disconnected -- detail -- Connection type: Direct: false ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Last connection update: - Last WireGuard handshake: - Transfer status (received/sent) 0 B/0 B Quantum resistance: false Routes: -

iphone-lizhiwei0720.netbird.selfhosted: NetBird IP: 100.82.108.2 Public key: jl5ttRqA8G/cJlOVFziDyHa4Dkesqq8c9pYRin+KWl4= Status: Disconnected -- detail -- Connection type: P2P Direct: false ICE candidate (Local/Remote): host/host ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.30:51820 Last connection update: - Last WireGuard handshake: 2024-03-25 17:04:56 Transfer status (received/sent) 7.0 MiB/4.3 MiB Quantum resistance: false Routes: -

zhanghaodemacbook-pro.netbird.selfhosted: NetBird IP: 100.82.132.131 Public key: eUNdYLRkuwv73tGT037owIr1yIZ9W22opJKV5AHfW1I= Status: Disconnected -- detail -- Connection type: Direct: false ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Last connection update: - Last WireGuard handshake: - Transfer status (received/sent) 0 B/0 B Quantum resistance: false Routes: -

kp-mac-mini.netbird.selfhosted: NetBird IP: 100.82.133.1 Public key: E8rLkXCzulLdR2KX870xiLA8sxFYptAj7UJ9f1GJmUQ= Status: Connected -- detail -- Connection type: P2P Direct: true ICE candidate (Local/Remote): host/host ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.30:51820 Last connection update: 2024-03-25 15:44:05 Last WireGuard handshake: 2024-03-25 17:04:56 Transfer status (received/sent) 7.0 MiB/4.3 MiB Quantum resistance: false Routes: -

mpj-work-windows.netbird.selfhosted: NetBird IP: 100.82.135.100 Public key: oWB1LKGn+O9aXqu4mAccY5eLlhDwynbxA5Z/whA9Xz8= Status: Connecting -- detail -- Connection type: P2P Direct: false ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.17:51820 Last connection update: 2024-03-25 17:06:32 Last WireGuard handshake: 2024-03-25 17:05:10 Transfer status (received/sent) 1.1 MiB/6.9 MiB Quantum resistance: false Routes: -

lzw-mac-pro.netbird.selfhosted: NetBird IP: 100.82.150.87 Public key: Fu2Wp261gq5R36THY0oHRYo8sc/vpakTotuSIpneLm0= Status: Connected -- detail -- Connection type: P2P Direct: true ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.17:51820 Last connection update: 2024-03-25 13:49:32 Last WireGuard handshake: 2024-03-25 17:05:10 Transfer status (received/sent) 1.1 MiB/6.9 MiB Quantum resistance: false Routes: -

xyy-work-windows.netbird.selfhosted: NetBird IP: 100.82.210.143 Public key: wezpbFh+7B6p8I0j8wyIp97vXHU1tlMimkbz1S1S7TU= Status: Connecting -- detail -- Connection type: P2P Direct: false ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.17:51820 Last connection update: 2024-03-25 17:06:34 Last WireGuard handshake: 2024-03-25 17:05:10 Transfer status (received/sent) 1.1 MiB/6.9 MiB Quantum resistance: false Routes: -

meizu-20pro-cn.netbird.selfhosted: NetBird IP: 100.82.228.116 Public key: pbQRd5X3r97iek3/OBzoxrCJ8O35c8QXwndWj0vEZ0M= Status: Disconnected -- detail -- Connection type: Direct: false ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Last connection update: - Last WireGuard handshake: - Transfer status (received/sent) 0 B/0 B Quantum resistance: false Routes: -

sjzgdd.netbird.selfhosted: NetBird IP: 100.82.235.109 Public key: jPRM7u1RMb82JQH+6rGZ8UFH3RZWJiuqi90/NmBZb24= Status: Connecting -- detail -- Connection type: P2P Direct: false ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.17:51820 Last connection update: 2024-03-25 17:06:36 Last WireGuard handshake: 2024-03-25 17:05:10 Transfer status (received/sent) 1.1 MiB/6.9 MiB Quantum resistance: false Routes: -

Daemon version: 0.26.3 CLI version: 0.26.3 Management: Connected to https://netbird.yu.xiaojueshi.top:8443 Signal: Connected to https://netbird.yu.xiaojueshi.top:8443 Relays: [stun:netbird.yu.xiaojueshi.top:3478] is Available [turn:netbird.yu.xiaojueshi.top:3478?transport=udp] is Available Nameservers: FQDN: orangepizero3.netbird.selfhosted NetBird IP: 100.82.243.6/16 Interface type: Kernel Quantum resistance: false Routes: 172.16.1.0/24 Peers count: 2/11 Connected

pascal-fischer commented 8 months ago

Hi @youlvlv,

can you tell me a bit more about your network setup? When I check the status output I see multiple peers having same ICE candidate endpoints e.g. `mpj-work-windows.netbird.selfhosted: NetBird IP: 100.82.135.100 Public key: oWB1LKGn+O9aXqu4mAccY5eLlhDwynbxA5Z/whA9Xz8= Status: Connecting -- detail -- Connection type: P2P Direct: false ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.17:51820 Last connection update: 2024-03-25 17:06:32 Last WireGuard handshake: 2024-03-25 17:05:10 Transfer status (received/sent) 1.1 MiB/6.9 MiB Quantum resistance: false Routes: -

lzw-mac-pro.netbird.selfhosted: NetBird IP: 100.82.150.87 Public key: Fu2Wp261gq5R36THY0oHRYo8sc/vpakTotuSIpneLm0= Status: Connected -- detail -- Connection type: P2P Direct: true ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.17:51820 Last connection update: 2024-03-25 13:49:32 Last WireGuard handshake: 2024-03-25 17:05:10 Transfer status (received/sent) 1.1 MiB/6.9 MiB Quantum resistance: false Routes: -

xyy-work-windows.netbird.selfhosted: NetBird IP: 100.82.210.143 Public key: wezpbFh+7B6p8I0j8wyIp97vXHU1tlMimkbz1S1S7TU= Status: Connecting -- detail -- Connection type: P2P Direct: false ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.29:51820/192.168.1.17:51820 Last connection update: 2024-03-25 17:06:34 Last WireGuard handshake: 2024-03-25 17:05:10 Transfer status (received/sent) 1.1 MiB/6.9 MiB Quantum resistance: false Routes: -`

One of each set is able to connect and all the others will be stuck in connecting state. Why do those machines share the same IP address? This might help us understand why the client is unable to connect on those.

youlvlv commented 8 months ago

@pascal-fischer I don't why, they have same IP address. How does Netbird obtain these IP addresses? I have two network connections, a wired network and a wireless network, which are isolated from each other. The wired network has a firewall that prevents direct external access. I am using a Raspberry Pi to connect to both networks simultaneously, allowing me to access network resources in the wired network through Netbird via the wireless network.I have disabled the Raspberry Pi's ability to access the internet through the wired network, so it can only access the internet through the wireless network.

pascal-fischer commented 8 months ago

Those IP addresses are usually the private or public IPs of the devices. We use ICE to detect all the possible connections and negotiate the best one. It might be that this detection has an issue with the network setup. Could you enable debug logs on the raspberry by following https://docs.netbird.io/how-to/troubleshooting-client so that we can see the connection negotiation? Also could you try disabling both networks (one at a time) and see if that would allow proper connection establishment in either case?