Question: Is local peering supposed to work?

[MayeulC]

I have my computer on he same network as my Android phone (connected via Wi-Fi).

I am connected to the Yggdrasil network using my computer. I'd expect to see my phone in yggdrasilctl getpeers when the connection toggle is turned on, but I don't.

My phone can't access the Yggdrasil network, BTW. With or without (in which case I'd expect it to use my computer) adding peers to the list, not sure if that's related or not.

I'll conduct more testing soon.

[vikulin]

@MayeulC ping your device ipv6 local link address. make sure both interfaces are reachable.

[MayeulC]

It pings fine when doing PC -> phone's link-local interface.

My phone doesn't have an ipv6-capable ping comand (busybox) OoTB, I'll see what I can do.

[vikulin]

Closed.

[bbigras]

Anything changed?

I tested a while ago on my Pixel 2 and it wasn't able to discover my node on my lan.

It might be caused by Android.

[vikulin]

What build have you been testing for? Are you able to ping ipv6 local link assigned to your Pixel 2? Use NetworkInfo II app from Googe Play to determine requested data.

ср, 5 авг. 2020 г. в 22:00, Bruno Bigras notifications@github.com:

Anything changed?

I tested a while ago on my Pixel 2 and it wasn't able to discover my node on my lan.

It might be caused by Android.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/yggdrasil-network/yggdrasil-android/issues/14#issuecomment-669408391, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFVRRWTSG35PBVFN3HUGGTR7GT43ANCNFSM4OTWRP7A .

[bbigras]

here's what I just posted on matrix:

so to resume. some weeks ago I thought my Pixel 2 didn't support the link-local ipv6 thing because it didn't work with my desktop (which is wired).

I did a test with my old Nexus 4 and my Pixel 2 using wifi direct and it didn't work so we assumed it was a problem with the devices.

A couple of days ago I noticed that my Pixel 2 found my laptop so I'm guessing my Pixel 2 is fine but the problem might be that my old Nexus 4 doesn't support it and that there's a problem when I try it between my Pixel 2 and my desktop.

https://matrix.to/#/!DwmKuvGvRKciqyFcxv:matrix.org/$1597157014517430XGoou:matrix.org?via=matrix.org&via=privacytools.io&via=tomesh.net

So it doesn't work between my phone and desktop but it does between my phone and laptop.

I'm using the latest version from your fork. I think I'm able to ping my phone's ipv6 local link ip from my laptop but not from my desktop.

[vikulin]

Could you post the Network Info II https://play.google.com/store/apps/details?id=aws.apps.networkInfoIi&hl=ru Interfaces tab screenshot from your Nexus 4?

вт, 11 авг. 2020 г. в 18:02, Bruno Bigras notifications@github.com:

here's what I just posted on matrix:

so to resume. some weeks ago I thought my Pixel 2 didn't support the link-local ipv6 thing because it didn't work with my desktop (which is wired).

I did a test with my old Nexus 4 and my Pixel 2 using wifi direct and it didn't work so we assumed it was a problem with the devices.

A couple of days ago I noticed that my Pixel 2 found my laptop so I'm guessing my Pixel 2 is fine but the problem might be that my old Nexus 4 doesn't support it and that there's a problem when I try it between my Pixel 2 and my desktop.

https://matrix.to/#/!DwmKuvGvRKciqyFcxv:matrix.org/$1597157014517430XGoou:matrix.org?via=matrix.org&via=privacytools.io&via=tomesh.net

So it doesn't work between my phone and desktop but it does between my phone and laptop.

I'm using the latest version from your fork. I think I'm able to ping my phone's ipv6 local link ip from my laptop but not from my desktop.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/yggdrasil-network/yggdrasil-android/issues/14#issuecomment-672000069, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFVRRT7Q7SXXDMFG7SSGYTSAFMQNANCNFSM4OTWRP7A .

[bbigras]

[vikulin]

Does the ping fe80:1267... works from other devices?

вт, 11 авг. 2020 г. в 19:03, Bruno Bigras notifications@github.com:

[image: image] https://user-images.githubusercontent.com/24027/89920574-905b4a00-dbca-11ea-82a6-cc95ab657763.png

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/yggdrasil-network/yggdrasil-android/issues/14#issuecomment-672051134, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFVRRTEPSS5YOTBSKKLJYLSAFTUJANCNFSM4OTWRP7A .

[bbigras]

Yes my laptop can ping fe80::1268:3fff:fe48:153f.

Note that I'm not really using my Nexus 4 anymore. It was more for troubleshooting.

So right now my Pixel 2 can discover my laptop (which is on wifi like the Pixel) using local peering but not my desktop (which is wired).

My desktop and laptop have almost the same config and I tested with the firewall disabled, so I'm guessing that local peering doesn't work from wifi to wired.

[vikulin]

No, it should work for any direction as soon as it is connected to the same broadcast domain. Could you make sure that your desktop has not limited multicast in yggdrasil.conf and all devices are seated up with .* option? Also could you ping desktop's local link IP?

вт, 11 авг. 2020 г. в 22:40, Bruno Bigras notifications@github.com:

Yes my laptop can ping fe80::1268:3fff:fe48:153f.

Note that I'm not really using my Nexus 4 anymore. It was more for troubleshooting.

So right now my Pixel 2 can discover my laptop (which is on wifi like the Pixel) using local peering but not my desktop (which is wired).

My desktop and laptop have almost the same config and I tested with the firewall disabled, so I'm guessing that local peering doesn't work from wifi to wired.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/yggdrasil-network/yggdrasil-android/issues/14#issuecomment-672226345, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFVRRWUE5K5XUYXLK5XQRDSAGNCJANCNFSM4OTWRP7A .

[bbigras]

I can't ping my desktop local link ip for some reason.

Maybe I should try with LinkLocalTCPPort: 0 but I thought I needed to choose a port and allow it in the firewall.

Here's my config:

{
  # List of connection strings for outbound peer connections in URI format,
  # e.g. tcp://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j. These connections
  # will obey the operating system routing table, therefore you should
  # use this section when you may connect via different interfaces.
  Peers:
  [
    tcp://64.112.177.94:1617
    tcp://64.112.180.77:1617
    tcp://50.236.201.218:56088
  ]

  # List of connection strings for outbound peer connections in URI format,
  # arranged by source interface, e.g. { "eth0": [ tcp://a.b.c.d:e ] }.
  # Note that SOCKS peerings will NOT be affected by this option and should
  # go in the "Peers" section instead.
  InterfacePeers: {}

  # Listen addresses for incoming connections. You will need to add
  # listeners in order to accept incoming peerings from non-local nodes.
  # Multicast peer discovery will work regardless of any listeners set
  # here. Each listener should be specified in URI format as above, e.g.
  # tcp://0.0.0.0:0 or tcp://[::]:0 to listen on all interfaces.
  Listen:
  [
    tcp://0.0.0.0:9977
  ]

  # Listen address for admin connections. Default is to listen for local
  # connections either on TCP/9001 or a UNIX socket depending on your
  # platform. Use this value for yggdrasilctl -endpoint=X. To disable
  # the admin socket, use the value "none" instead.
  AdminListen: unix:///var/run/yggdrasil/yggdrasil.sock

  # Regular expressions for which interfaces multicast peer discovery
  # should be enabled on. If none specified, multicast peer discovery is
  # disabled. The default value is .* which uses all interfaces.
  MulticastInterfaces:
  [
    .*
  ]

  # List of peer encryption public keys to allow incoming TCP peering
  # connections from. If left empty/undefined then all connections will
  # be allowed by default. This does not affect outgoing peerings, nor
  # does it affect link-local peers discovered via multicast.
  AllowedEncryptionPublicKeys: []

  # Your public encryption key. Your peers may ask you for this to put
  # into their AllowedEncryptionPublicKeys configuration.
  EncryptionPublicKey: 

  # Your private encryption key. DO NOT share this with anyone!
  EncryptionPrivateKey: 

  # Your public signing key. You should not ordinarily need to share
  # this with anyone.
  SigningPublicKey: 

  # Your private signing key. DO NOT share this with anyone!
  SigningPrivateKey: 

  # The port number to be used for the link-local TCP listeners for the
  # configured MulticastInterfaces. This option does not affect listeners
  # specified in the Listen option. Unless you plan to firewall link-local
  # traffic, it is best to leave this as the default value of 0. This
  # option cannot currently be changed by reloading config during runtime.
  LinkLocalTCPPort: 9988

  # Local network interface name for TUN adapter, or "auto" to select
  # an interface automatically, or "none" to run without TUN.
  IfName: auto

  # Maximum Transmission Unit (MTU) size for your local TUN interface.
  # Default is the largest supported size for your platform. The lowest
  # possible value is 1280.
  IfMTU: 65535

  # The session firewall controls who can send/receive network traffic
  # to/from. This is useful if you want to protect this node without
  # resorting to using a real firewall. This does not affect traffic
  # being routed via this node to somewhere else. Rules are prioritised as
  # follows: blacklist, whitelist, always allow outgoing, direct, remote.
  SessionFirewall:
  { 
    # Enable or disable the session firewall. If disabled, network traffic  
    # from any node will be allowed. If enabled, the below rules apply. 
    Enable: true

    # Allow network traffic from directly connected peers. 
    AllowFromDirect: false

    # Allow network traffic from remote nodes on the network that you are  
    # not directly peered with. 
    AllowFromRemote: false

    # Allow outbound network traffic regardless of AllowFromDirect or  
    # AllowFromRemote. This does allow a remote node to send unsolicited  
    # traffic back to you for the length of the session. 
    AlwaysAllowOutbound: true

    # List of public keys from which network traffic is always accepted,  
    # regardless of AllowFromDirect or AllowFromRemote. 
    WhitelistEncryptionPublicKeys: []

    # List of public keys from which network traffic is always rejected,  
    # regardless of the whitelist, AllowFromDirect or AllowFromRemote. 
    BlacklistEncryptionPublicKeys: []
  }

  # Allow tunneling non-Yggdrasil traffic over Yggdrasil. This effectively
  # allows you to use Yggdrasil to route to, or to bridge other networks,
  # similar to a VPN tunnel. Tunnelling works between any two nodes and
  # does not require them to be directly peered.
  TunnelRouting:
  { 
    # Enable or disable tunnel routing. 
    Enable: false

    # IPv6 subnets belonging to remote nodes, mapped to the node's public  
    # key, e.g. { "aaaa:bbbb:cccc::/e": "boxpubkey", ... } 
    IPv6RemoteSubnets: {}

    # IPv6 subnets belonging to this node's end of the tunnels. Only traffic  
    # from these ranges (or the Yggdrasil node's IPv6 address/subnet)  
    # will be tunnelled. 
    IPv6LocalSubnets: []

    # IPv4 subnets belonging to remote nodes, mapped to the node's public  
    # key, e.g. { "a.b.c.d/e": "boxpubkey", ... } 
    IPv4RemoteSubnets: {}

    # IPv4 subnets belonging to this node's end of the tunnels. Only traffic  
    # from these ranges will be tunnelled. 
    IPv4LocalSubnets: []
  }

  # Advanced options for tuning the switch. Normally you will not need
  # to edit these options.
  SwitchOptions:
  { 
    # Maximum size of all switch queues combined (in bytes). 
    MaxTotalQueueSize: 4194304
  }

  # By default, nodeinfo contains some defaults including the platform,
  # architecture and Yggdrasil version. These can help when surveying
  # the network and diagnosing network routing problems. Enabling
  # nodeinfo privacy prevents this, so that only items specified in
  # "NodeInfo" are sent back if specified.
  NodeInfoPrivacy: false

  # Optional node info. This must be a { "key": "value", ... } map
  # or set as null. This is entirely optional but, if set, is visible
  # to the whole network on request.
  NodeInfo: {}
}

[bbigras]

I don't see much if I run sudo tcpdump -i enp3s0 ip6 on my desktop:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:20:21.526041 IP6 desktop.etlservicemgr > ff02::114.etlservicemgr: UDP, length 32
16:20:22.528372 IP6 desktop.etlservicemgr > ff02::114.etlservicemgr: UDP, length 32
16:20:23.531508 IP6 desktop.etlservicemgr > ff02::114.etlservicemgr: UDP, length 32
16:20:24.533152 IP6 desktop.etlservicemgr > ff02::114.etlservicemgr: UDP, length 32
16:20:25.534792 IP6 desktop.etlservicemgr > ff02::114.etlservicemgr: UDP, length 32
16:20:26.536958 IP6 desktop.etlservicemgr > ff02::114.etlservicemgr: UDP, length 32
16:20:27.539549 IP6 desktop.etlservicemgr > ff02::114.etlservicemgr: UDP, length 32
[...]

[bbigras]

I'm also using zerotier and tailscale btw. I hope they don't conflict.

[vikulin]

Accordingly to comments from yggdrasil.conf:

it is best to leave this as the default value of 0

Please configure it to default value

вт, 11 авг. 2020 г. в 23:22, Bruno Bigras notifications@github.com:

I'm also using zerotier and tailscale btw. I hope they don't conflict.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/yggdrasil-network/yggdrasil-android/issues/14#issuecomment-672259760, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFVRRVQ454AEPNYY4FBSC3SAGSARANCNFSM4OTWRP7A .

[bbigras]

OK I'm using LinkLocalTCPPort: 0 now.

Same thing. I can't ping my desktop. I don't seem to see traffic with tcpdump and I don't see blocked packet by the firewall (which is off too).

[vikulin]

This is an actual issue you need to solve: multicasting requires an ipv6 local link to be reachable.

вт, 11 авг. 2020 г. в 23:31, Bruno Bigras notifications@github.com:

OK I'm using LinkLocalTCPPort: 0 now.

Same thing. I can't ping my desktop. I don't seem to see traffic with tcpdump and I don't see blocked packet by the firewall (which is off too).

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/yggdrasil-network/yggdrasil-android/issues/14#issuecomment-672263943, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFVRRSUIRZFUU23QQO2NKTSAGTC7ANCNFSM4OTWRP7A .

[bbigras]

ok thanks for the help.

[vikulin]

np. Please close the issue if you don't have any other questions.

вт, 11 авг. 2020 г. в 23:39, Bruno Bigras notifications@github.com:

ok thanks for the help.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/yggdrasil-network/yggdrasil-android/issues/14#issuecomment-672267311, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFVRRUIKMZ3SJH2WPYGT4LSAGT7RANCNFSM4OTWRP7A .

[bbigras]

It's already closed :)

[abcdw]

Have the similiar problem, latest crispa on my phone doesn't peer with the ygg on my laptop, while another laptop peers with my laptop as expected. They all in the same wifi network and reacheable to each other by IPv4 and IPv6.

Can you give some tips on how to debug it, please?

[vikulin]

Have the similiar problem, latest crispa on my phone doesn't peer with the ygg on my laptop, while another laptop peers with my laptop as expected. They all in the same wifi network and reacheable to each other by IPv4 and IPv6.

Can you give some tips on how to debug it, please?

Please check whether IPv6 local link interfaces are active and reachable for both devices

[abcdw]

Please check whether IPv6 local link interfaces are active and reachable for both devices.

ping6 fe80::723f:db00:658d:ff64%wlan0 in termux on my phone and

ping6 fe80::beac:d8a3:dc6e:ff22%wlp0s20f3 on my laptop works good.

[vikulin]

Please check whether IPv6 local link interfaces are active and reachable for both devices.

ping6 fe80::723f:db00:658d:ff64%wlan0 in termux on my phone and

ping6 fe80::beac:d8a3:dc6e:ff22%wlp0s20f3 on my laptop works good.

Which linux kernel you are running on?

[abcdw]

4.9.248 on my phone, 5.16.16 on my laptop.

[vikulin]

4.9.248 on my phone, 5.16.16 on my laptop.

Than it should work. Can you please share your yggdrasil logs. I'm curios whether the multicasting module starts as well.

[abcdw]

@vikulin It's not very clear how to obtain logs for an application on android and I don't find this information in documentation either. Can you share the way to do it, please?

[vikulin]

Connect to the device via adb and get logcat data.