-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sctp over udp encapsulation does not work under NAT network #316
Comments
I have go through it and found that my main interface was added into the asoc.sctp_restricted_addrs and this is why the four-way handshake always stuck. However, if I deactivate the virbr0 in my client computer, the demo program works without any issue. It is a quite strange behavior. |
Can you figure out why the addresses where added? |
In my case, a connection cannot be established even if I create address/port translation rule directly in the router. Tried three different machines with Windows 10 and different routers, no luck. Debug logs
|
Which addresses do you have configured on which interface on the machine behind the NAT. It seems that it owns 192.168.1.2. Do you see packets going out that machine? If yes, are you using UDP encapsulation and which SCTP and UDP port numbers are you using? Do you see packets being received by the external host owning 2.93.125.139? |
Yes, the machine behind the NAT owns 192.168.1.2.
Yes, SCTP is repeatedly sending INIT until ABORT packet.
Server and client are encapsulated using 9925 port in
Nope, it seems that it doesn't receive anything. |
But you see an SCTP packet some random source port to the destination port number 9500 encapsulated in a UDP packet using 9925 as the source and destination port number encapsulated in IPv4 using 192.168.1.2 as the source address and 2.93.125.139 as the destination address, right? If that is true and if the checksums (IPv4 header, UDP, SCTP) are correct, the problem is not with the SCTP implementation on the client side. I would try to capture on the uplink of the NAT box to see if it really sends the packet upstream. If that is the case, are you sure that your external host (the one owning 2.93.125.139) is protected by any kind of firewall? I just tried to initiate an association with that server, but I don't get any response (no ICMP (Destination unreachable, port unreachable) or SCTP ABORT or SCTP INIT-ACK)... |
Yes.
Nope, the source port is random as well while the destination is 9925. In the local network everything works fine, the problem occurs only when an external IP address is used with a device behind NAT. To make sure that the problem is not with the router I just checked another UDP transport which works fine using the same port and translation rule.
The server was down, but I can keep it running for a while if you want. |
I just realized that 9925 port number for NAT translation rule should be used instead of 9500, only then the client is able to establish a connection. So manual address translation helps, but SCTP itself doesn't map addresses (UPNP/PMP)? It seems that I misunderstood the NAT friendliness... |
Outgoing SCTP/UDP/IP packets should use the port number provided in the Behind a NAT box, an SCTP client should be able to initiate a SCTP/UDP based communication with a host in the Internet without any additional configuration on the NAT box. The SCTP does not interact with middle-boxes using UPNP/PMP. Why do you think this is necessary? |
Everything is correct, yes, I was a bit confused...
Yes, it works as expected, for the client no external steps are required. I have a different problem actually which directly related to:
My case is a quite common thing in multiplayer games where a user is hosting a game server which is listening for incoming connections behind NAT and this requires to manually (or by using UPNP/PMP) set translation rule to the address behind NAT. Some UDP transport layers provide this feature out of the box due to the popular demand (see for example) and this one is a popular implementation. |
OK, great. Thanks for the clarification.
Understood. But usrsctp is just an SCTP implementation. You can combine it with NAT traversal tools if you want. This is what WebRTC does, for example, by combining it that STUN/TURN/ICE. But this is not part of any SCTP specification... |
Yup, I'll stick with a sort of signaling server as well I think, just was a bit confused with NAT-friendly mode. 👌 |
If there is still an issue, please re-open. |
I am trying usrsctp right now.
As far as I understand, usrsctp should work fine even client is behind NAT when udp encapsulation is using.
However, I found that demo programs does not work when client is behind NAT.
(Note that: WebRTC is working fine and discard_server is not reside in the LAN.)
The 4-way handshake always stuck at the second step and the client will keep retry and retry.
Is that a normal case for the demo programs?
The log of client and discard_server is shown as below:
The text was updated successfully, but these errors were encountered: