Closed Berndinox closed 2 months ago
HI @Berndinox, do you have a chance to test this from any other external network that is not mobile? We had a case where the iOS app did not work with a certain mobile carrier. This way we know if the mobile network is the issue or something in your setup.
UPDATE: The Raspi is in my DMZ where i just allow 80/443 outbound via Forward-Proxy. What outgoing Ports do Clients need? I just find a list for the MGMT Parts: https://docs.netbird.io/about-netbird/faq
@pascal-fischer - thanks for your replay. I was able to test with different devices and was able to isolate the issue.
Devices: iPhone1, iPhone2, Windows Client, Raspberry Pi
I cann connect every devices with each other via Mobile or Wifi connection but never with the Raspberry Pi. So the issue seems to be on this specific device.
The stats on the afected raspi:
OS: linux/arm64
Daemon version: 0.27.7
CLI version: 0.27.7
Management: Connected
Signal: Connected
Relays: 0/2 Available
Nameservers: 0/0 Available
FQDN: home-raspbi.netbird.selfhosted
NetBird IP: 100.119.191.160/16
Interface type: Kernel
Quantum resistance: false
Routes: -
Peers count: 0/3 Connected
The Netbird shows the devices as connected.
Details on Raspi Agent:
Peers detail:
iphone-bernd-comp.netbird.selfhosted:
NetBird IP: 100.119.12.202
Public key: xxxx
Status: Disconnected
-- detail --
Connection type:
Direct: false
ICE candidate (Local/Remote): -/-
ICE candidate endpoints (Local/Remote): -/-
Last connection update: 9 seconds ago
Last WireGuard handshake: -
Transfer status (received/sent) 0 B/0 B
Quantum resistance: false
Routes: -
Latency: 0s
iphone-bernd-priv.netbird.selfhosted:
NetBird IP: 100.119.87.208
Public key: xxxxxx
Status: Disconnected
-- detail --
Connection type:
Direct: false
ICE candidate (Local/Remote): -/-
ICE candidate endpoints (Local/Remote): -/-
Last connection update: 24 seconds ago
Last WireGuard handshake: -
Transfer status (received/sent) 0 B/0 B
Quantum resistance: false
Routes: -
Latency: 0s
thinkpad.netbird.selfhosted:
NetBird IP: 100.119.142.139
Public key: xxxxx
Status: Connecting
-- detail --
Connection type:
Direct: false
ICE candidate (Local/Remote): -/-
ICE candidate endpoints (Local/Remote): -/-
Last connection update: 4 seconds ago
Last WireGuard handshake: -
Transfer status (received/sent) 0 B/0 B
Quantum resistance: false
Routes: -
Latency: 0s
OS: linux/arm64
Daemon version: 0.27.7
CLI version: 0.27.7
Management: Connected to https://connect.xxx.onl:443
Signal: Connected to https://connect.xxx.onl:443
Relays:
[stun:connect.xxx.onl:3478] is Unavailable, reason: stun request: context deadline exceeded
[turn:connect.xxx.onl:3478?transport=udp] is Unavailable, reason: allocate: all retransmissions failed for ID-replaced
Nameservers:
FQDN: home-raspbi.netbird.selfhosted
NetBird IP: 100.119.191.160/16
Interface type: Kernel
Quantum resistance: false
Routes: -
Peers count: 0/3 Connected
However, TURN config seems to be fine (see above msg)
Logs look normal (DNS not configured yet, but should not be required for TURN)
2024-05-21T19:49:20+02:00 INFO management/client/grpc.go:147: connected to the Management Service stream
2024-05-21T19:49:20+02:00 WARN client/internal/engine.go:551: running SSH server is not permitted
2024-05-21T19:49:20+02:00 ERRO client/internal/dns/server.go:322: unable to configure DNS for this peer using resolvconf manager without a nameserver group with all domains configured
2024-05-21T19:49:20+02:00 INFO client/internal/acl/manager.go:52: ACL rules processed in: 2.420723ms, total rules count: 0
2024-05-21T19:50:33+02:00 WARN client/internal/engine.go:551: running SSH server is not permitted
2024-05-21T19:50:33+02:00 INFO client/internal/acl/manager.go:52: ACL rules processed in: 1.976112ms, total rules count: 0
2024-05-21T19:51:06+02:00 WARN client/internal/engine.go:551: running SSH server is not permitted
2024-05-21T19:51:06+02:00 ERRO client/internal/dns/server.go:322: unable to configure DNS for this peer using resolvconf ma
@pascal-fischer - Solved, sorry for the inconvenience... For reference, if someone comes arround. Outbound: UDP and TCP ports 3478, and UDP/TCP ports 49152-65535.
Describe the problem I tried connecting my mobile (iOS) and found that i cant connect any peer. I double checked an connected my windows laptop via mobile-phone hotspot and faced the same issue.
A clear and concise description of what the problem is.
To Reproduce
Steps to reproduce the behavior: Connect via Mobile Network Provider.
Expected behavior
Connect the peers.
Are you using NetBird Cloud?
Self-Hosted
NetBird version
netbird version
NetBird status -d output:
latest, installed on 19.05.25 (Quickstart)
Additional context
iOS Logs:
I also read about TURN may be an issue. My "external-ip" is set! I tried: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ - with success:
From same network i can connect the peer successfull.
When coming from external there is a pfsense in between, may thats the issue? From my understanding TURN shold go "through" without any changes.