-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
server sending TCP RST / reset by peer #160
Comments
Check whether system kernel forwarding is turned on, the server side and client side the value of net.ipv4.ip_forward should be equal 1 you can execute this command to turn on kernel forwarding |
@smith752 first off, thanks for replying. |
my server is running Ubuntu 22.04 and on another instance it is running on 24.04 with latest kernel installed. |
Annoyingly, you may need to also disable the rp_filter
check if it's on and turn it off |
HI all,
I have a problem that the server is sending TCP RST toward the client. I have gone through the logs and I couldn't find the root cause of sending the RST.
tshark/tcpdump from server:
36 31.420796365 SERVER_IP → CLIENT_IP TCP 54 443 → 53520 [RST, ACK] Seq=1 Ack=1 Win=65535 Len=0
37 31.663715425 CLIENT_IP → SERVER_IP TCP 78 53530 → 443 [SYN] Seq=0 Win=42340 Len=0 MSS=1460 SACK_PERM TSval=717831679 TSecr=0 WS=2048 TFO=R
server:
RUST_LOG=info /root/phantun/target/release/server --local 443 --remote 127.0.0.1:51822 &> /var/log/phantun_server.log &
~# tail -f /var/log/phantun_server.log
INFO server > Remote address is: 127.0.0.1:51822
INFO server > 1 cores available
INFO server > Created TUN device tun0
INFO server > Listening on 443
client:
RUST_LOG=info /root/phantun/target/release/client --local 127.0.0.1:1234 --remote SERVER_IP:443 &> /var/log/phantun_client.log &
INFO client > New UDP client from 127.0.0.1:46180
INFO fake_tcp > Sent SYN to server
INFO fake_tcp > Connection to SERVER_IP:443 established
INFO fake_tcp > Connection (Fake TCP connection from 192.168.200.2:27979 to SERVER_IP:443) reset by peer
INFO fake_tcp > Fake TCP connection to (Fake TCP connection from 192.168.200.2:27979 to SERVER_IP:443) closed
server iptables:
iptables -t filter -nvL
Chain INPUT (policy ACCEPT 530K packets, 197M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
562 22480 ACCEPT 0 -- tun0 * 0.0.0.0/0 0.0.0.0/0
562 35940 ACCEPT 0 -- * tun0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 365K packets, 28M bytes)
pkts bytes target prot opt in out source destination
1083 68296 DNAT 6 -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.201.2
any input is much appreciated.
P.s, the 443 TCP/udp port is free from the netstat side as well. I know already that the phantun is not registering the listening port on Kernel.
The text was updated successfully, but these errors were encountered: