search

nexodus-io / nexodus

Network Connectivity as a Service
https://nexodus.io
Apache License 2.0
61 stars 26 forks source link

Detect moving into and out of symmetric NAT #1702

Open russellb opened 11 months ago

russellb commented 11 months ago

nexd currently only does symmetric NAT detection at startup. Whatever it detects at that point is what it assumes until nexd is restarted again. This should be changed so that it is reconciled while running.

The impact of the bug:

  1. If nexd starts behind symmetric NAT and moves outside of it, will continue to only peer with a relay. It will not attempt direct peering, even though it should be able to.

  2. If nexd starts behind easy NAT and moves to symmetric NAT, nexd will continue attempting direct peering even though it won't work. Because nexd retries using fallback methods, peering should eventually still work once it falls back to a relay, assuming one is present. Peering will just take longer to come up than it should.

markmc commented 11 months ago

When I moved from easy NAT to symmetric NAT and back, I found even restarting the agent wasn't enough to re-establish connectivity - it went back to showing reflexive as the peering method, but peers were unreachable

Note - I didn't actually set up a relay when I was behind symmetric NAT