prof7bit / udp-reverse-tunnel Goto Github PK

I have two machines (A and B) behind NATs and one public server (S). A and B had constant bidirectional UDP flow (RTP audio) using port forwarding. Now without port forwarding they exchange UDP flow with help of udp-reverse-tunnel as follows:

A --> 5001:S --> 5001:B
A:5002 <-- S:5002 <-- A

OS on the machines:

A: Linux 5.10.103-v7+ armv7l
B: Linux 4.4.202-1237-rockchip-ayufan-gfd4492386213 aarch64
S: Linux 5.10.0-20-amd64 x86_64

The UDP flow from machine A to B works perfectly with no interruptions. The flow from machine B to A interrupts after one-two seconds and may recover after tens of seconds.

The ssh connections are stable. Seems the problem occurs only with UDP tunnel. Changing ports doesn't help.

The logs for the non stable UDP tunnel:

$ udp-tunnel -o 111.111.111.111:5002 -s 127.0.0.1:5002
<6>UDP tunnel inside agent v1.2
<6>building tunnels to outside agent at 111.111.111.111, port 5002
<6>forwarding incomimg UDP to 127.0.0.1, port 5002
<6>creating initial outgoing tunnel

$ udp-tunnel -l 5002
<6>UDP tunnel outside agent v1.2
<6>listening on port 5002
<6>new incoming reverse tunnel from: 222.222.222.222:27110
<6>Total: 1, active: 0, spare: 1
<6>new incoming reverse tunnel from: 222.222.222.222:29156
<6>Total: 2, active: 0, spare: 2
<6>removing connection
<6>Total: 1, active: 0, spare: 1
<6>new incoming reverse tunnel from: 222.222.222.222:11751
<6>Total: 2, active: 0, spare: 2
<6>removing connection
<6>Total: 1, active: 0, spare: 1

Hey I was hoping to run this on an openwrt router that is built with musl instead of glibc.
I am getting a build error that seems indicative that glibc be used instead of musl.

mipsel-openwrt-linux-musl-gcc -MMD -O3 -flto -Wall -Wextra -DVERSION=1.2 -c main.c -o main.o
mipsel-openwrt-linux-musl-gcc -MMD -O3 -flto -Wall -Wextra -DVERSION=1.2 -c connlist.c -o connlist.o
mipsel-openwrt-linux-musl-gcc -MMD -O3 -flto -Wall -Wextra -DVERSION=1.2 -c args.c -o args.o
args.c:2:10: fatal error: argp.h: No such file or directory
    2 | #include <argp.h>
      |          ^~~~~~~~
compilation terminated.
make: *** [Makefile:44: args.o] Error 1

Before I potentially attempt to work around this error, I'm curious if you know what other dependencies there are on glibc that may make this a difficult. The alternative I'm considering right now is using zerotier with a custom standalone planet server and a custom planet file. I do however like this nationalistic approach as I think there is less room for future potential security issues.

Any suggestions you have would be appreciate.

In my gaming server, i would like to need to open several udp port at once. is it possible to do something like:

udp-tunnel -l 1234 -l 1235

?

The outside agent floods the log when receives UDP packets while there is no any inside agent connected:

new client conection from x.x.x.x:40587
could not find tunnel connection for client, dropping package
new client conection from x.x.x.x:40587
could not find tunnel connection for client, dropping package
new client conection from x.x.x.x:40587
could not find tunnel connection for client, dropping package
...

A better approach would be to show such message just once and wait until at least one tunnel is created, e.g.:

new client conection from x.x.x.x:40587
could not find tunnel connection for client, dropping all following packages
waiting for incoming reverse tunnel

And works perfectly well. Thank you so much @prof7bit!