ssh and sshfs connection via meshnet not working about libtelio HOT 9 CLOSED

I'm currently visiting family over Easter, but as soon as I'm back, I will do so gladly!

I'm also upgrading my Laptop (client device) to 22.04 to have everything uniformly

from libtelio.

Hi,

thanks for your help. Currently its a bit vacationy period, so most likely we will be able to take a look next week

from libtelio.

PS: Probably not the place to add this, but may I suggest adding the possibility to change the host name of the meshnet peers or add a comment to them? When using multiple devices, some with more than one OS, this would greatly help keep an overview.

Yes, this is something that has been requested multiple times, and is in discussions internally (including DNS resolutions and all that goodness). The feature is coming, just at this point in time, I am unable to specify the timeline.

from libtelio.

Hi,

Hmm, just tried to reproduce the issue on ubuntu 22.04, but unsuccesfully. Would You be willing to help us understand the root cause?

For that we would need some debugging information, this is what would help:

• While the issue is in effect, please share nordvpn settings. Would be best if you could share it from both sides of connection, and logs journalctl -u nordvpnd
• Full firewall ruleset with iptables-save
• And if you are ok by it, would be really heplful to have packet capture from both sides of the connections. You can create one using tcpdump -i any -w capture.pcap.

Thanks

from libtelio.

26-04-2023.zip

Excuse the delay, finishing up my thesis was more time consuming than anticipated.

I attached the requested files. My process was:

• I set up the packet captures on both devices
• I connected via ssh and sshfs to the server while still in the same network to confirm it works (~10:45)
• I moved down to a university building and connected to the network there
• I tried connecting via ssh and the nordvpn hostname, but was unable to
• I created the requested files on the client device and stopped it's packet capture
• I moved back home and did the same for the server device.

Hopefully these files are helpful to you.
I appreciate you looking into this

from libtelio.

Ok, so I have been analyzing the captures a bit.

This is what I have managed to see so far. Although I had to make some assumptions.

Generally libtelio as a component is trying to establish direct connections between peers wherever it can. This direct connection seems to be established succesfully in the local network, but when You have moved to another network, nodes entered this state where one is trying to go directly, but the other one is going through relay. We have been working quite a bit to polish these parts lately, and new changes already has been open sourced, but we are still in progress to prepare new official releases with that functionality.

In any case, if you are still available, I would like to further check my theory. Could you try adding iptables rules like this:

sudo systemctl stop nordvpnd
sudo iptables -I OUTPUT 1 -p udp -m multiport --dports 3478,3479 -j DROP
sudo iptables -I INPUT 1 -p udp -m multiport --sports 3478,3479 -j DROP
sudo systemctl start nordvpnd

on both, server and client, and test the SSH connection. This should force relayed connections, and if you are able to connect then - would confirm the problem area.

In order to cleanup the rules, you can simply reboot, or, if reboot is not desired, you can run these commands:

sudo iptables -D OUTPUT -p udp -m multiport --dports 3478,3479 -j DROP
sudo iptables -D INPUT -p udp -m multiport --sports 3478,3479 -j DROP

from libtelio.

2023-05-06.zip

I managed to connect multiple times via SSH and SSHFS now, which wasn't possible before, so this may have resolved the issue.
Unfortunately, I wasn't able to test this for an extended period of time, yet.

I again attached the files you requested earlier.

from libtelio.

Ok, so in that case it is mostly clear what the issue is, thanks for your help.

While those rules might help a bit to connect - the real fix is implemented in new versions of libtelio, once we pass all the required QA - new release will be done and issue will be fixed.

from libtelio.

Great, glad I was able to help!

PS: Probably not the place to add this, but may I suggest adding the possibility to change the host name of the meshnet peers or add a comment to them? When using multiple devices, some with more than one OS, this would greatly help keep an overview.

from libtelio.