Closed Cherser-s closed 1 year ago
It’s expected in symmetric NAT, but I don’t understand why it received local udp packet instead of 8.8.8.8.
Did you try other proxy servers? Mine works fine with querying DNS.
It doesn't receive local UDP packet, it does receive it from 8.8.8.8 (through proxy) The problem is that the IP address inside the encapsulated socks packet is the destination address and not the source one. That happens with any UDP use-case.
Also doesn't RFC 1928 state that the DST address field in the reply from the proxy server should be the real destination which the relay should send the packet to?
Also doesn't RFC 1928 state that the DST address field in the reply from the proxy server should be the real destination which the relay should send the packet to?
Yes and that’s how it implemented.
Yes and that’s how it implemented.
It isn't? The relay implementation here compares the relay client's src ip and src port (192.168.100.72:40689 for this case) with it's destination address (which then proxy sends the packet to), which will always fail.
Why the from
variable here (which in my case was 192.168.100.72:40689) is compared with dst (which in my case is 8.8.8.8:53)?
Why the from variable here (which in my case was 192.168.100.72:40689) is compared with dst (which in my case is 8.8.8.8:53)?
To make sure that the address is NAT’s destination address.
And I think the code is probably ok because I have tested it many times and didn’t encounter these kind of issues.
Shouldn't pc.src and pc.dst be associated with client's source and destination address in this case instead of client's dst address and the proxy server dst address?
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
Verify steps
Version
2.4.1
What OS are you seeing the problem on?
Linux
Description
UDP relay processes address incorrectly. When testing connection to Google DNS, the client generates the packet with source port 40689 and then relay uses src port 43123 to send the packet to the proxy server. Method
ReadFrom
withinproxy/socks5.go
returns the192.168.100.72:40689
instead of8.8.8.8:53
. I used Microtik built-in socks5 proxy server to test the connection.The DNS response did go through when I removed this branching snippet: https://github.com/xjasonlyu/tun2socks/blob/main/tunnel/udp.go#L124
CLI or Config
No response
Logs