FAQ o OpenWrt | Sprzedam różne routery | Oddam

miguelos · 2024-04-05 11:14:39

miguelos
Użytkownik
Nieaktywny

Zarejestrowany: 2012-12-18
Posty: 317

Temat: NAT na tunel wireguard

Hej

Mam dziwny problem.
LAN1 -> RTR1 -> WG -> RTR2

Lacze sie z LAN1 (NAT na IP tunelu wg5 na RTR1) - na RTR2
port 80 dziala (translacja na IP tunelu wg5)
port 22 polaczy mnie po czym zrzuci i przestaje dzialac na jakis czas (nieokreslony)
co ciekawe ssh z RTR1 na RTR2 po tym tunelu dziala poprawnie...

W przypadku LAN->RTR2 Tcpdump pokazuje retransmisje itp, generalnie problemy z polaczeniem. Nic takiego nie ma na port 80
Po jakims czasie problem znika.. do czasu

przyklad ponizej, komunikacja z 2.1 na 2.3

No.     SRC     DST  Protocol Info
#### port 22 #####             
      1 2.1   2.3     TCP      56380 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
      2 2.3   2.1     TCP      22 → 56380 [SYN, ACK] Seq=0 Ack=1 Win=64860 Len=0 MSS=1380 SACK_PERM WS=32
      3 2.1   2.3     TCP      56380 → 22 [ACK] Seq=1 Ack=1 Win=131072 Len=0
      4 2.1   2.3     SSHv2    Client: Protocol (SSH-2.0-PuTTY_Release_0.79)
      5 2.3   2.1     TCP      22 → 56380 [ACK] Seq=1 Ack=29 Win=64832 Len=0
      6 2.3   2.1     SSHv2    Server: Protocol (SSH-2.0-dropbear), Key Exchange Init
      7 2.1   2.3     TCP      [TCP Spurious Retransmission] 56380 → 22 [PSH, ACK] Seq=1 Ack=1 Win=131072 Len=28
      8 2.3   2.1     TCP      [TCP Dup ACK 5#1] 22 → 56380 [ACK] Seq=411 Ack=29 Win=64832 Len=0 SLE=1 SRE=29
      9 2.3   2.1     TCP      [TCP Retransmission] 22 → 56380 [PSH, ACK] Seq=1 Ack=29 Win=64832 Len=410
     10 2.3   2.1     TCP      [TCP Retransmission] 22 → 56380 [PSH, ACK] Seq=1 Ack=29 Win=64832 Len=410
     11 2.1   2.3     TCP      [TCP Spurious Retransmission] 56380 → 22 [PSH, ACK] Seq=1 Ack=1 Win=131072 Len=28
     12 2.3   2.1     TCP      [TCP Dup ACK 5#2] 22 → 56380 [ACK] Seq=411 Ack=29 Win=64832 Len=0 SLE=1 SRE=29
     13 2.3   2.1     TCP      [TCP Retransmission] 22 → 56380 [PSH, ACK] Seq=1 Ack=29 Win=64832 Len=410
     14 2.1   2.3     TCP      [TCP Spurious Retransmission] 56380 → 22 [PSH, ACK] Seq=1 Ack=1 Win=131072 Len=28
     15 2.3   2.1     TCP      [TCP Dup ACK 5#3] 22 → 56380 [ACK] Seq=411 Ack=29 Win=64832 Len=0 SLE=1 SRE=29
     16 2.3   2.1     TCP      [TCP Retransmission] 22 → 56380 [PSH, ACK] Seq=1 Ack=29 Win=64832 Len=410
     17 2.1   2.3     TCP      [TCP Spurious Retransmission] 56380 → 22 [PSH, ACK] Seq=1 Ack=1 Win=131072 Len=28
     18 2.3   2.1     TCP      [TCP Dup ACK 5#4] 22 → 56380 [ACK] Seq=411 Ack=29 Win=64832 Len=0 SLE=1 SRE=29
     19 2.3   2.1     TCP      [TCP Retransmission] 22 → 56380 [PSH, ACK] Seq=1 Ack=29 Win=64832 Len=410
     20 2.1   2.3     TCP      [TCP Spurious Retransmission] 56380 → 22 [PSH, ACK] Seq=1 Ack=1 Win=131072 Len=28
     21 2.3   2.1     TCP      [TCP Dup ACK 5#5] 22 → 56380 [ACK] Seq=411 Ack=29 Win=64832 Len=0 SLE=1 SRE=29
                               
#### port 80 #####             
     22 2.1   2.3     TCP      56377 → 80 [FIN, ACK] Seq=1 Ack=1 Win=511 Len=0
     23 2.1   2.3     TCP      56377 → 80 [RST, ACK] Seq=2 Ack=1 Win=0 Len=0
     24 2.1   2.3     TCP      56378 → 80 [FIN, ACK] Seq=1 Ack=1 Win=507 Len=0
     25 2.1   2.3     TCP      56378 → 80 [RST, ACK] Seq=2 Ack=1 Win=0 Len=0
     26 2.1   2.3     TCP      56381 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
     27 2.1   2.3     TCP      56382 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
     28 2.3   2.1     TCP      80 → 56377 [ACK] Seq=1 Ack=2 Win=2015 Len=0
     29 2.3   2.1     TCP      80 → 56378 [ACK] Seq=1 Ack=2 Win=2005 Len=0
     30 2.3   2.1     TCP      80 → 56381 [SYN, ACK] Seq=0 Ack=1 Win=64860 Len=0 MSS=1380 SACK_PERM WS=32
     31 2.3   2.1     TCP      80 → 56382 [SYN, ACK] Seq=0 Ack=1 Win=64860 Len=0 MSS=1380 SACK_PERM WS=32
     32 2.1   2.3     TCP      56381 → 80 [ACK] Seq=1 Ack=1 Win=131072 Len=0
     33 2.1   2.3     TCP      56382 → 80 [ACK] Seq=1 Ack=1 Win=131072 Len=0
     34 2.1   2.3     HTTP     GET /cgi-bin/luci/ HTTP/1.1 
     35 2.3   2.1     TCP      80 → 56381 [ACK] Seq=1 Ack=553 Win=64320 Len=0
     36 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=1 Ack=553 Win=64320 Len=76 [TCP segment of a reassembled PDU]
     37 2.3   2.1     TCP      80 → 56381 [ACK] Seq=77 Ack=553 Win=64320 Len=1380 [TCP segment of a reassembled PDU]
     38 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=1457 Ack=553 Win=64320 Len=1380 [TCP segment of a reassembled PDU]
     39 2.1   2.3     TCP      56381 → 80 [ACK] Seq=553 Ack=1457 Win=131072 Len=0
     40 2.3   2.1     HTTP     HTTP/1.1 403 Forbidden  (text/html)
     41 2.1   2.3     TCP      56381 → 80 [ACK] Seq=553 Ack=3210 Win=131072 Len=0
     42 2.1   2.3     HTTP     GET /cgi-bin/luci/admin/translations/en HTTP/1.1 
     43 2.3   2.1     TCP      80 → 56381 [ACK] Seq=3210 Ack=977 Win=64160 Len=0
     44 2.3   2.1     TCP      [TCP Retransmission] 22 → 56380 [PSH, ACK] Seq=1 Ack=29 Win=64832 Len=410
     45 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=3210 Ack=977 Win=64160 Len=69 [TCP segment of a reassembled PDU]
     46 2.1   2.3     TCP      56381 → 80 [ACK] Seq=977 Ack=3279 Win=130816 Len=0
     47 2.3   2.1     HTTP     HTTP/1.1 200 OK  (application/javascript)
     48 2.1   2.3     TCP      56381 → 80 [PSH, ACK] Seq=977 Ack=3513 Win=130560 Len=432 [TCP segment of a reassembled PDU]
     49 2.1   2.3     HTTP/JSON POST /ubus/?1712311194954 HTTP/1.1 , JSON (application/json)
     50 2.3   2.1     TCP      80 → 56381 [ACK] Seq=3513 Ack=1409 Win=64160 Len=0
     51 2.3   2.1     TCP      80 → 56381 [ACK] Seq=3513 Ack=1454 Win=64160 Len=0
     52 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=3513 Ack=1454 Win=64160 Len=69 [TCP segment of a reassembled PDU]
     53 2.1   2.3     TCP      56381 → 80 [ACK] Seq=1454 Ack=3582 Win=130560 Len=0
     54 2.3   2.1     HTTP/JSON HTTP/1.1 200 OK , JSON (application/json)
     55 2.1   2.3     TCP      56381 → 80 [PSH, ACK] Seq=1454 Ack=4466 Win=129792 Len=433 [TCP segment of a reassembled PDU]
     56 2.1   2.3     HTTP/JSON POST /ubus/?1712311195083 HTTP/1.1 , JSON (application/json)
     57 2.3   2.1     TCP      80 → 56381 [ACK] Seq=4466 Ack=2146 Win=64160 Len=0
     58 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=4466 Ack=2146 Win=64160 Len=69 [TCP segment of a reassembled PDU]
     59 2.1   2.3     TCP      56381 → 80 [ACK] Seq=2146 Ack=4535 Win=129536 Len=0
     60 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=4535 Ack=2146 Win=64160 Len=64 [TCP segment of a reassembled PDU]
     61 2.1   2.3     TCP      56381 → 80 [ACK] Seq=2146 Ack=4599 Win=131072 Len=0
     62 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=4599 Ack=2146 Win=64160 Len=5 [TCP segment of a reassembled PDU]
     63 2.1   2.3     TCP      56381 → 80 [ACK] Seq=2146 Ack=4604 Win=131072 Len=0
     64 2.3   2.1     TCP      [TCP Keep-Alive] 80 → 56382 [ACK] Seq=0 Ack=1 Win=64864 Len=0
     65 2.1   2.3     TCP      [TCP Keep-Alive ACK] 56382 → 80 [ACK] Seq=1 Ack=1 Win=131072 Len=0
     66 2.3   2.1     HTTP/JSON HTTP/1.1 200 OK , JSON (application/json)
     67 2.1   2.3     TCP      56381 → 80 [PSH, ACK] Seq=2146 Ack=5532 Win=130048 Len=433 [TCP segment of a reassembled PDU]
     68 2.1   2.3     HTTP/JSON POST /ubus/?1712311195474 HTTP/1.1 , JSON (application/json)
     69 2.3   2.1     TCP      80 → 56381 [ACK] Seq=5532 Ack=2736 Win=64160 Len=0
     70 2.3   2.1     TCP      80 → 56381 [PSH, ACK] Seq=5532 Ack=2736 Win=64160 Len=69 [TCP segment of a reassembled PDU]
     71 2.1   2.3     TCP      56381 → 80 [ACK] Seq=2736 Ack=5601 Win=130048 Len=0
     72 2.3   2.1     HTTP/JSON HTTP/1.1 200 OK , JSON (application/json)
     73 2.1   2.3     TCP      56381 → 80 [ACK] Seq=2736 Ack=5736 Win=129792 Len=0
     74 2.1   2.3     TCP      [TCP Spurious Retransmission] 56380 → 22 [PSH, ACK] Seq=1 Ack=1 Win=131072 Len=28
     75 2.3   2.1     TCP      [TCP Dup ACK 5#6] 22 → 56380 [ACK] Seq=411 Ack=29 Win=64832 Len=0 SLE=1 SRE=29
     76 2.3   2.1     TCP      [TCP Keep-Alive] 80 → 56382 [ACK] Seq=0 Ack=1 Win=64864 Len=0
     77 2.1   2.3     TCP      [TCP Keep-Alive ACK] 56382 → 80 [ACK] Seq=1 Ack=1 Win=131072 Len=0
     78 2.3   2.1     TCP      [TCP Keep-Alive] 80 → 56381 [ACK] Seq=5735 Ack=2736 Win=64160 Len=0
     79 2.1   2.3     TCP      [TCP Keep-Alive ACK] 56381 → 80 [ACK] Seq=2736 Ack=5736 Win=129792 Len=0
     80 2.3   2.1     TCP      [TCP Keep-Alive] 80 → 56382 [ACK] Seq=0 Ack=1 Win=64864 Len=0
     81 2.1   2.3     TCP      [TCP Keep-Alive ACK] 56382 → 80 [ACK] Seq=1 Ack=1 Win=131072 Len=0
     82 2.3   2.1     TCP      [TCP Keep-Alive] 80 → 56381 [ACK] Seq=5735 Ack=2736 Win=64160 Len=0

probowalem static NAT jak i MASQUERADE, bez zmian

Cezary · 2024-04-05 11:24:00

Cezary
...
Nieaktywny

Skąd: Warszawa
Zarejestrowany: 2006-02-25
Posty: 115,923

Odp: NAT na tunel wireguard

Zmniejsz mtu i zobacz czy to coś da?

Masz niepotrzebny router, uszkodzony czy nie - chętnie przygarnę go.

miguelos · 2024-04-05 11:39:02

miguelos
Użytkownik
Nieaktywny

Zarejestrowany: 2012-12-18
Posty: 317

Odp: NAT na tunel wireguard

testowane
mniejsze MTU, 1380 i 1300
bez i z MSS clamping
z i bez NAT offload software i hardware

nic nie pomaga

FAQ o OpenWrt | Sprzedam różne routery | Oddam

NAT na tunel wireguard

Posty: 3

1 Temat przez miguelos 2024-04-05 11:14:39 (edytowany przez miguelos 2024-04-05 11:15:11)

Temat: NAT na tunel wireguard

2 Odpowiedź przez Cezary 2024-04-05 11:24:00

Odp: NAT na tunel wireguard

3 Odpowiedź przez miguelos 2024-04-05 11:39:02

Odp: NAT na tunel wireguard

Posty: 3