search

wangyu- / tinyfecVPN

A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
MIT License
2.32k stars 459 forks source link

after stopping the client, server still tries to contact it endlessly #124

Closed its0ka closed 3 months ago

its0ka commented 3 months ago

client side wireshark image

194.180.x.x is the server, 192.168.1.2 is the client at packet 90 i stopped the client, but the server still tried to contact it endlessly every 3 seconds, i waited 8 hours and it didn't stop. please implement a timeout or detect icmp port unreachable messages, thank you

wangyu- commented 3 months ago

that's because on the server side some your application is still trying to send traffic over the VPN. tinyfecVPN server was just faithfully encapsulating and forwarding your packet to tinyfecVPN client.

the current behavior is similiar to wireguard. I don't think this is a bug or desgin problem.

please implement a timeout and detect icmp port unreachable messages, thank you

if you have special need you can fork the code and implement a customize version

its0ka commented 3 months ago

"that's because on the server side some your application is still trying to send traffic over the VPN. tinyfecVPN server was just faithfully encapsulating and forwarding your packet to tinyfecVPN client."

i verified that there is no data going through the tun interface with "tcpdump -i tinyfec_tun" on both sides before stopping the process, if i don't stop the client then this is what i see (no data going through tun interface) image

wangyu- commented 3 months ago

Hi, sorry my last reply was wrong.

There is a keep_alive_feature which sends packets every 3s, so that the NAT device won't revoke the NAT channel.

In https://github.com/wangyu-/tinyfecVPN/blob/master/tun_dev.h, there is a:

const int keep_alive_interval = 3000;  // 3000ms

Currently I didn't make it a tune-able parameter. If you want to disable this feature, you can change 3000 to a super large value. (at compile time)

wangyu- commented 3 months ago

I can make this const int keep_alive_interval = 3000; // 3000ms tune-able from a cmdline argument in the next release.
But not planning to add detecing loss of connection.

please implement a timeout or detect icmp port unreachable messages

In my desgin I would like the VPN to be still working after recovering from a long period of network outage, regardless of how long the outage is. The current desgin is (almost) stateless and (almost) connection-less.

tinyfecVPN is meant to be tiny and simple. So I want to avoid the concept of connection timeout.

If you need VPN with more feature, maybe you can use "UDPspeeder" + "wiregaurd or openvpn"

its0ka commented 3 months ago

thank you, my country is VERY strict on internet censorship and i just wanted to avoid long udp sessions. my upload speed is only 600kbit/s and udpspeeder + wireguard uses a bit more bandwidth than tinyfecvpn so i wanted to use tinyfecvpn. i'll just stop the server when it's not in use

wangyu- commented 3 months ago

i just wanted to avoid long udp sessions

if that's the main concern you can change:

const int keep_alive_interval = 3000;  // 3000ms

to 

const long long keep_alive_interval = 1e17;

Re-compile at server side, then server will never send any packet on it's own. And you will not need to stop the server manually.

its0ka commented 3 months ago

oh, thanks for mentioning it again, i didn't get it at first, this will work nicely, thank you!