Opened 5 months ago

Last modified 2 months ago

#2429 new defect

Firewall status reports OK when UDP is firewalled

Reported by: Reportage Owned by: zzz
Priority: minor Milestone: undecided
Component: router/transport Version: 0.9.38
Keywords: firewall status, UDP, setup wizard Cc:
Parent Tickets: Sensitive: no

Description (last modified by Reportage)

In the event that UDP is indicated as firewalled (on /peers) and introducers are required for SSU, the firewall status indicator in the sidebar should not indicate "OK" as this is misleading.

On a related issue, the setup wizard could run a series of tests to determine TCP/UDP status and optimally configure the router or provide guidance on how to correct potential issues (port forwarding, general firewall/router configuration etc).

Subtickets

Change History (3)

comment:1 Changed 5 months ago by Reportage

Description: modified (diff)

comment:2 Changed 2 months ago by jogger

I would like to describe the situation around this. This has been around for years on my routers. Got 2 routers in the same family with perfect connectivity on the same IP with IPv6 and IPv4 w/ NAT. They even share the same firewall rules where possible. They only differ in port and local IP. Drove me nuts and I gave up on this one more than two years ago.

IPv6 is fine all the time. One router comes up fine all the time. Second one rarely comes up fine or wrongly as completely IPv4 firewalled. Most of the time comes up as described in the OP. Working NTCPv4 address with inbound connections, but SSUv4 wrongly as firewalled with introducers. Lefthand panel says "Network OK", event log says: "Reachability change from IPv4: Testing; IPv6: OK to IPv4: Firewalled; IPv6: OK". When there is an IP change, it appears in the event log, but the NTCPv4 address stays unchanged and that type of traffic starves out. advanced config i2np.udp.port= jumps around in the range assigned by the masquerading rule.

Settings used:
i2np.ipv4.firewalled=false
i2np.ipv6.firewalled=false
i2np.laptopMode=false
i2np.ntcp.autoip=always
i2np.ntcp.enable=true
i2np.ntcp.ipv6=preferIPv6
i2np.ntcp2.enable=true
i2np.udp.addressSources=local,ssu
i2np.udp.enable=true
i2np.udp.internalPort=12345
i2np.udp.ipv6=preferIPv6
i2np.udp.maxConnections=2222
i2np.udp.port=55555
i2np.upnp.enable=false

comment:3 Changed 2 months ago by jogger

In the above situation found kind of a weird workaround:

i2np.udp.addressSources=local,ssu corresponds to "Disable UPnP IP address detection".

Setting
i2np.udp.addressSources=upnp,ssu ("Ignore local interface IP address") gives a soft restart. A valid SSUv4 address appears and the SSUv6 address is killed (which is a further bug).

Againg clicking "Disable UPnP IP address detection" makes the SSUv6 address reappear and voila: router fully connected as it should.

Note: See TracTickets for help on using tickets.