OpenVPN and OpenVPN Access server when i use, can that cause turnserver and turnclient confuse?

540 views
Skip to first unread message

Sprogrammer

unread,
Jan 22, 2014, 6:45:27 AM1/22/14
to turn-server-project...@googlegroups.com
In my laptop i am running some VPN server + 3G/4G interfaces for my research/study. strongSwan server/client, OpenVPN client, and OpenVPN access server therefore, in my laptop i have lot of virtual network interfaces for example:

A) with VPN

root@sun-M14xR2:~/Downloads# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether d4:be:d9:55:91:4a brd ff:ff:ff:ff:ff:ff
    inet 82.xxxxxxxx/29 brd 82.143.xxxxx scope global eth0
    inet6 fe80::d6be:d9ff:fe55:914a/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
    link/ether 68:5d:43:f1:88:f8 brd ff:ff:ff:ff:ff:ff
4: as0t0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.0.1/24 brd 5.5.0.255 scope global as0t0
5: as0t1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.1.1/24 brd 5.5.1.255 scope global as0t1
6: as0t2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.2.1/24 brd 5.5.2.255 scope global as0t2
7: as0t3: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.3.1/24 brd 5.5.3.255 scope global as0t3
8: as0t4: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.4.1/24 brd 5.5.4.255 scope global as0t4
9: as0t5: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.5.1/24 brd 5.5.5.255 scope global as0t5
10: as0t6: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.6.1/24 brd 5.5.6.255 scope global as0t6
11: as0t7: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.7.1/24 brd 5.5.7.255 scope global as0t7
12: as0t8: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.8.1/24 brd 5.5.8.255 scope global as0t8
13: as0t9: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.9.1/24 brd 5.5.9.255 scope global as0t9
14: as0t10: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.10.1/24 brd 5.5.10.255 scope global as0t10
15: as0t11: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.11.1/24 brd 5.5.11.255 scope global as0t11
16: as0t12: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.12.1/24 brd 5.5.12.255 scope global as0t12
17: as0t13: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.13.1/24 brd 5.5.13.255 scope global as0t13
18: as0t14: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.14.1/24 brd 5.5.14.255 scope global as0t14
19: as0t15: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 200
    link/none 
    inet 5.5.15.1/24 brd 5.5.15.255 scope global as0t15

B) while being connected with another peer and i can see in turnserver i have lot of ip (including my VPN ip's)

> ps

    1) id=003000000000000054, user <root>:
      started 83 secs ago
      expiring in 517 secs
      client protocol TCP, relay protocol UDP
      client addr 82.xxxx:61095, server addr 82.xxxxx:3478
      relay addr 82.xxxx:52813
      fingerprints enforced: OFF
      mobile: OFF
      SHA256 only: OFF
      usage: rp=849, rb=121392, sp=213, sb=31964
       rate: r=0, s=0, total=0 (bytes per sec)
      peers:
          5.5.13.1
          5.5.15.1
          5.5.2.1
          5.5.5.1
          5.5.6.1
          5.5.11.1
          5.5.9.1
          5.5.8.1
          82.xxxxx
          5.5.10.1
          82.xxxxxx
          5.5.14.1
          5.5.0.1
          5.5.3.1
          5.5.4.1
          5.5.1.1
          5.5.12.1
          5.5.7.1

  Total sessions: 1

> ps

  Total sessions: 0

> q


C) When i have the situation like shown A, B then WebRTC do not connect shows "Connecting...." but never connects

D) When i removed openvpn access server from my laptop , it works fine


Can you please advise if its a normal behavior, that connection is unable to get established sometimes and sometimes it still get connected even having all my VPN running?


Thank you so much.

Best regards
/Sham


Sprogrammer

unread,
Jan 22, 2014, 8:50:07 AM1/22/14
to turn-server-project...@googlegroups.com
Right now i had very strange issue. Let me describe it in details

A) Public Internet i have with static dedicated Public IP connected to DrayTek Vigor 2920 (enterprise router)
B) Behind the router Dell R310 CentOS 64-bit running WebRTC + Turnserver with Public IP no NAT:82.x.x.20
C) from DrayTek router my PC straight cable connected with Public IP no NAT: 82.x.x.18
D) from DrayTek router Wifi Smartphone connected with NAT:  192.168.1.11 lan and public ip is: 82.x.x.17

C) To avoid confusion:
- I have disabled my laptop Peer 1 VPN, VPN access server, 3G/4G interfaces and only kept my laptop with real Public IP (no NAT involved)
- Turnserver with Public IP (no NAT involved)
- Smart phone Samsung Galaxy S4 Android with Chrome version 31x, is connected WiFi 

D) Problem: PC And Smartphone connecting but never connects shows connecting..., but in Turnserver i see as below:

> ps


   
1) id=002000000000000057, user <root>:
      started
10 secs ago
      expiring
in 590 secs
      client protocol TCP
, relay protocol UDP
      client addr xxx
.17:47540, server addr xxx.20:3478
      relay addr xxx
.20:65340

      fingerprints enforced
: OFF
      mobile
: OFF
      SHA256 only
:
OFF
      usage
: rp=22, rb=2304, sp=19, sb=1512

       rate
: r=0, s=0, total=0 (bytes per sec)
      peers
:

          xxx
.20
          xxx
.18


   
2) id=001000000000000063, user <root>:
      started
10 secs ago
      expiring
in 590 secs
      client protocol TCP
, relay protocol UDP
      client addr xxx
.18:49206, server addr xxx.20:3478
      relay addr xxx
.20:55437

      fingerprints enforced
: OFF
      mobile
: OFF
      SHA256 only
:
OFF
      usage
: rp=68, rb=6992, sp=67, sb=5160

       rate
: r=0, s=0, total=0 (bytes per sec)
      peers
:

         
192.168.1.11
          xxx
.20
          xxx
.17


 
Total sessions: 2




What is causing the connection to be failure? I have retried several time but same result connection failed, when i do not use TurnServer it works (very confused).

Oleg Moskalenko

unread,
Jan 22, 2014, 12:11:48 PM1/22/14
to turn-server-project...@googlegroups.com
Shamun, that's very difficult to diagnose this kind of problem remotely. Unfortunately, to find out what is going on you have to run the wireshark and see what is happening in your network, from the TURN point of view and from the TURN clients point of views.

Regards,
Oleg

Sprogrammer

unread,
Jan 23, 2014, 11:25:31 AM1/23/14
to turn-server-project...@googlegroups.com
Dear Oleg, 

OK - Thank you very much, i will. 

One thing is very clear. Putting the WebRTC Signaling + TurnServer really somewhere in the Public network where no firewall is involved, and  no NAT involved is the rule of thumbs to do in step 1. else all gets messed up.
Even i had so many network interfaces it worked. 

But as soon as Servers are getting some NAT issues then everything is lost it just does not work as it should be.

Many thanks, for your feedback.

Best regards
/Sham
Reply all
Reply to author
Forward
0 new messages