malcolmseyd / natpunch-go Goto Github PK

In its current state, the program will recieve any udp packet. The BPF filter is supposed to filter only packets with the appropriate type but it lets all packets in.

More research and testing is required with BPF. If we can't get BPF to work, we may have to try manually checking the values in userspace.

suport openvpn UDP please

Hello Malcolm,

I'm interested in porting your excellent Client to Windows. What would be the best way to start that effort? Do you have any prior work on it?

I will definitely push this upgrade back to your project. Just want to find out your thoughts.

Thanks,
Keith

When I have a tunnel established, run iperf test on it, then run the client I get:

Key rotation failed: client/network: incorrect packet type
Key rotation failed: client/network: incorrect packet type
Key rotation failed: client/network: incorrect packet type
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x1f99d8]

goroutine 1 [running]:
github.com/flynn/noise.(*CipherState).Cipher(...)
        /Users/taras/go/pkg/mod/github.com/flynn/[email protected]/state.go:79
github.com/malcolmseyd/natpunch-go/client/network.Handshake(0x180e930, {0x30, 0x19, 0x65, 0x4b, 0xe8, 0x50, 0xb3, 0x5d, 0x56, ...}, ...)
        /Users/taras/Downloads/natpunch-go/client/network/network.go:230 +0x624
main.run({0x7f87ca5a, 0x9}, {{0x7f87ca64, 0xc}, 0x1860108, 0xc33, {0x42, 0x7f, 0x8, 0x2b, ...}, ...}, ...)
        /Users/taras/Downloads/natpunch-go/client/client.go:126 +0x70c
main.main()
        /Users/taras/Downloads/natpunch-go/client/client.go:73 +0x644

This is on openwrt, on a pretty low-end mips. Works fine without network test in backround.

I got this to work. I been looking for a small tool to initiate native hole-punch wireguard connections on openwrt. tailscale & friends take up too much resources and reduce throughput a fair bit. This is the most minimalistic tool I found so far.

natpunch-go works great for hole-punching. However I find that I can only initiate 1-to-1 wireguard networks. If i have 2 nodes connecting to same wireguard network, only one of the connections is accepted by my NAT.

Would appreciate some notes on how to build this for openwrt in readme. Some examples:

GOARCH="amd64" GOOS="linux"  go build -ldflags="-s -w"
GOARCH="arm64" GOOS="linux"  go build -ldflags="-s -w"
GOARCH="mips" GOMIPS=softfloat  GOOS="linux"  go build -ldflags="-s -w"

The readme says "I'd recommend putting this tool behind a Wireguard connection with the server as there's no authentication yet." This makes sense, but I'm confused about how to do it.

As I understand it, the server records the IP address of each client and shares that with other clients when requested, allowing them to establish communication between themselves. Wouldn't connecting to the server via Wireguard change the IPs seen by the server to Wireguard specific ones, removing the possibility for a direct P2P connection? Have I misunderstood the instructions/how hole-punching works?