Opened 8 years ago

Closed 7 years ago

#594 closed defect (not a bug)

TCP transport doesn't seem to work

Reported by: Parad0x Owned by: zzz
Priority: major Milestone:
Component: router/transport Version: 0.8.12
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

I've tested i2p behind a udp blocking firewall. (It blocks a lot of tcp ports as well)

I set i2p to use tcp port 80 and I turned on hidden mode and let it run for about two hours. However it never managed to create any tunnels. After a long time I had a green star on a http tunnel but I could not use it to access any eepsites and when I investigated further I saw that the tunnel didn't have any peers….

Log entry samples:

"…ERROR [rtup tunnels] i2p.i2ptunnel.TunnelController?: Error starting the tunnel pop3.postman.i2p

java.lang.IllegalArgumentException?: Unable to connect to the router at 127.0.0.1:7654 and build tunnels for the client

at net.i2p.i2ptunnel.I2PTunnelClientBase.buildSocketManager(I2PTunnelClientBase.java:441)
at net.i2p.i2ptunnel.I2PTunnelClientBase.buildSocketManager(I2PTunnelClientBase.java:354)
at net.i2p.i2ptunnel.I2PTunnelClientBase.verifySocketManager(I2PTunnelClientBase.java:279)
at net.i2p.i2ptunnel.I2PTunnelClientBase.<init>(I2PTunnelClientBase.java:207)
at net.i2p.i2ptunnel.I2PTunnelClient.<init>(I2PTunnelClient.java:32)
at net.i2p.i2ptunnel.I2PTunnel.runClient(I2PTunnel.java:688)
at net.i2p.i2ptunnel.TunnelController?.startClient(TunnelController?.java:342)
at net.i2p.i2ptunnel.TunnelController?.doStartTunnel(TunnelController?.java:181)
at net.i2p.i2ptunnel.TunnelController?.startTunnel(TunnelController?.java:132)
at net.i2p.i2ptunnel.TunnelControllerGroup?$StartControllers?.run(TunnelControllerGroup?.java:137)
at java.lang.Thread.run(Thread.java:679)
at net.i2p.util.I2PThread.run(I2PThread.java:85)…"

"…net.i2p.client.I2PSessionException: [shared clients #15395]: Cannot connect to the router on [internal connection]:0

at net.i2p.client.I2PSessionImpl.connect(I2PSessionImpl.java:421)
at net.i2p.client.streaming.I2PSocketManagerFactory.createManager(I2PSocketManagerFactory.java:154)
at net.i2p.client.streaming.I2PSocketManagerFactory.createManager(I2PSocketManagerFactory.java:79)
at net.i2p.i2ptunnel.I2PTunnelClientBase.buildSocketManager(I2PTunnelClientBase.java:424)
at net.i2p.i2ptunnel.I2PTunnelClientBase.buildSocketManager(I2PTunnelClientBase.java:379)
at net.i2p.i2ptunnel.I2PTunnelClientBase.getSocketManager(I2PTunnelClientBase.java:341)
at net.i2p.i2ptunnel.I2PTunnelClientBase.getSocketManager(I2PTunnelClientBase.java:299)
at net.i2p.i2ptunnel.I2PTunnelClientBase.verifySocketManager(I2PTunnelClientBase.java:281)
at net.i2p.i2ptunnel.I2PTunnelClientBase.<init>(I2PTunnelClientBase.java:207)
at net.i2p.i2ptunnel.I2PTunnelClientBase.<init>(I2PTunnelClientBase.java:153)
at net.i2p.i2ptunnel.I2PTunnelHTTPClientBase.<init>(I2PTunnelHTTPClientBase.java:66)
at net.i2p.i2ptunnel.I2PTunnelConnectClient.<init>(I2PTunnelConnectClient.java:119)
at net.i2p.i2ptunnel.I2PTunnel.runConnectClient(I2PTunnel.java:833)
at net.i2p.i2ptunnel.TunnelController?.startConnectClient(TunnelController?.java:222)
at net.i2p.i2ptunnel.TunnelController?.doStartTunnel(TunnelController?.java:179)
at net.i2p.i2ptunnel.TunnelController?.startTunnel(TunnelController?.java:132)
at net.i2p.i2ptunnel.TunnelControllerGroup?$StartControllers?.run(TunnelControllerGroup?.java:137)
at java.lang.Thread.run(Thread.java:679)
at net.i2p.util.I2PThread.run(I2PThread.java:85)

Caused by: java.io.IOException: No tunnels built after waiting 5 minutes. Your network connection may be down, or there is severe network congestion.

at net.i2p.client.I2PSessionImpl.connect(I2PSessionImpl.java:398)
… 18 more…"

So according to the devs i2p should work on an tcp only connection but for some reason that is not the case.

Subtickets

Change History (6)

comment:1 in reply to:  description ; Changed 8 years ago by killyourtv

Replying to Parad0x:

I've tested i2p behind a udp blocking firewall. (It blocks a lot of tcp ports as well)

I set i2p to use tcp port 80 and I turned on hidden mode and let it run for about two hours.

Ports under 1024 will NOT work for non-root users.

comment:2 in reply to:  1 Changed 8 years ago by Parad0x

Replying to killyourtv:

Ports under 1024 will NOT work for non-root users.

I've tried it also without using port 80. Didn't work then either.

comment:3 Changed 8 years ago by zzz

OP reported version as 0.8.12-7 on IRC. In the future please add version info to all tickets.

You're trying 3 things at once which is complicating the diagnosis:

  • port 80 as non-root
  • disabling UDP
  • hidden mode

However I did the following tests:

  • Setting port 80 as non-root logs an error, chooses a random high port, and that port is displayed on /confignet.jsp
  • disabling UDP works
  • hidden mode works
  • hidden mode + disabling UDP works

My conclusion is that your firewall is preventing connections and there is no I2P bug.

You could help by finding out details of what your firewall does and does not permit (both from and to port numbers, transports, etc). The /peers.jsp page is also good for diagnosis as you can see what connections if any are active. The failure to build tunnels is probably just a symptom of a lack of connections.

If however you have connections and outbound tunnels but no inbound tunnels (while in hidden mode), that may be a bug, I thought I broke it in -2 and fixed it in -4 but maybe not.

comment:4 Changed 8 years ago by Parad0x

I've tried running i2p behind the firewall

  • As root with port 80 enabled — didn't work
  • As user with normal settings — didn't work

I've talked with some computer guys and they gave hints that firewall is running some kind of whitelist policy. So it will only let through ports that are sensible to use. Spotify, http/https works fine for example.

The router gets a long list of banned peers when behind the firewall and my known routers decreases until I have the reseed button. (~25 peers I think it was)

comment:5 Changed 8 years ago by Parad0x

I may have figured out what the problem is. The firewall is very restrictive which means that it only lets through what it have to let through. This means that ports >1024 are going to have problems getting through the firewall. But if I run I2P as root and use port 80 it doesn't work because not many run i2p as root and therefore can't send me any traffic on port 80.

comment:6 Changed 7 years ago by zzz

Milestone: 0.8.13
Resolution: not a bug
Status: newclosed
Note: See TracTickets for help on using tickets.