客户端与服务端无法到ready状态

[miyouzi]

平台

服务端(VPS) CentOS 7 64bit
客户端 Win10 1803 64Bit
假设服务端IP为 202.91.32.100 ，客户端为普通家用宽带，出口IP为 100.100.165.25

启动参数

服务端

./udp2raw_amd64 -s -l0.0.0.0:10120 -r 127.0.0.1:10110 -a -k "passwd" --raw-mode faketcp

客户端

udp2raw_mp_nolibnet -c -r202.91.32.100:10120 -l0.0.0.0:4000 --raw-mode easy-faketcp -k "passwd"

LOG

服务端

[2018-08-31 14:28:49][INFO]argc=10 ./udp2raw_amd64 -s -l0.0.0.0:10120 -r 127.0.0.1:10110 -a -k passwd --raw-mode faketcp
[2018-08-31 14:28:49][INFO]parsing address: 0.0.0.0:10120
[2018-08-31 14:28:49][INFO]its an ipv4 adress
[2018-08-31 14:28:49][INFO]ip_address is {0.0.0.0}, port is {10120}
[2018-08-31 14:28:49][INFO]parsing address: 127.0.0.1:10110
[2018-08-31 14:28:49][INFO]its an ipv4 adress
[2018-08-31 14:28:49][INFO]ip_address is {127.0.0.1}, port is {10110}
[2018-08-31 14:28:49][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=aes128cbc auth_mode=md5 key=passwd local_addr=0.0.0.0:10120 remote_addr=127.0.0.1:10110 socket_buf_size=1048576
[2018-08-31 14:28:49][WARN]you can run udp2raw with non-root account for better security. check README.md in repo for more info.
[2018-08-31 14:28:49][INFO]remote_ip=[127.0.0.1], make sure this is a vaild IP address
[2018-08-31 14:28:49][INFO]const_id:716cf8
[2018-08-31 14:28:49][INFO]run_command iptables -N udp2rawDwrW_716cf8_C0
[2018-08-31 14:28:49][INFO]run_command iptables -F udp2rawDwrW_716cf8_C0
[2018-08-31 14:28:49][INFO]run_command iptables -I udp2rawDwrW_716cf8_C0 -j DROP
[2018-08-31 14:28:49][INFO]run_command iptables -I INPUT -p tcp -m tcp --dport 10120 -j udp2rawDwrW_716cf8_C0
[2018-08-31 14:28:49][WARN]auto added iptables rules
[2018-08-31 14:28:49][INFO]now listening at 0.0.0.0:10120
[2018-08-31 14:29:15][INFO][100.100.165.25:9749]received syn,sent syn ack back
[2018-08-31 14:29:15][INFO][100.100.165.25:9749]got packet from a new ip
[2018-08-31 14:29:15][INFO][100.100.165.25:9749]created new conn,state: server_handshake1,my_id is 102d7826
[2018-08-31 14:29:15][INFO][100.100.165.25:9749]changed state to server_handshake1,my_id is 102d7826
[2018-08-31 14:29:16][INFO][100.100.165.25:9749]changed state to server_handshake1,my_id is 102d7826
[2018-08-31 14:29:17][INFO][100.100.165.25:9749]changed state to server_handshake1,my_id is 102d7826
[2018-08-31 14:29:18][INFO][100.100.165.25:9749]changed state to server_handshake1,my_id is 102d7826
[2018-08-31 14:29:19][INFO][100.100.165.25:9749]changed state to server_handshake1,my_id is 102d7826
[2018-08-31 14:29:20][INFO][100.100.165.25:9760]received syn,sent syn ack back
[2018-08-31 14:29:20][INFO][100.100.165.25:9760]got packet from a new ip
[2018-08-31 14:29:20][INFO][100.100.165.25:9760]created new conn,state: server_handshake1,my_id is bdf4046a
[2018-08-31 14:29:20][INFO][100.100.165.25:9760]changed state to server_handshake1,my_id is bdf4046a
[2018-08-31 14:29:22][INFO][100.100.165.25:9760]changed state to server_handshake1,my_id is bdf4046a
[2018-08-31 14:29:23][INFO][100.100.165.25:9760]changed state to server_handshake1,my_id is bdf4046a
[2018-08-31 14:29:24][INFO][100.100.165.25:9760]changed state to server_handshake1,my_id is bdf4046a
[2018-08-31 14:29:25][INFO][100.100.165.25:9749]inactive conn cleared
[2018-08-31 14:29:25][INFO][100.100.165.25:9760]changed state to server_handshake1,my_id is bdf4046a
[2018-08-31 14:29:26][INFO][100.100.165.25:9763]received syn,sent syn ack back
[2018-08-31 14:29:26][INFO][100.100.165.25:9763]got packet from a new ip
[2018-08-31 14:29:26][INFO][100.100.165.25:9763]created new conn,state: server_handshake1,my_id is e3cc5c99
[2018-08-31 14:29:26][INFO][100.100.165.25:9763]changed state to server_handshake1,my_id is e3cc5c99
[2018-08-31 14:29:28][INFO][100.100.165.25:9763]changed state to server_handshake1,my_id is e3cc5c99
[2018-08-31 14:29:29][INFO][100.100.165.25:9763]changed state to server_handshake1,my_id is e3cc5c99
[2018-08-31 14:29:30][INFO][100.100.165.25:9763]changed state to server_handshake1,my_id is e3cc5c99
[2018-08-31 14:29:31][INFO][100.100.165.25:9760]inactive conn cleared
[2018-08-31 14:29:31][INFO][100.100.165.25:9763]changed state to server_handshake1,my_id is e3cc5c99
[2018-08-31 14:29:32][INFO][100.100.165.25:9767]received syn,sent syn ack back
[2018-08-31 14:29:32][INFO][100.100.165.25:9767]got packet from a new ip
[2018-08-31 14:29:32][INFO][100.100.165.25:9767]created new conn,state: server_handshake1,my_id is 2bccc672
[2018-08-31 14:29:32][INFO][100.100.165.25:9767]changed state to server_handshake1,my_id is 2bccc672
[2018-08-31 14:29:33][INFO][100.100.165.25:9767]changed state to server_handshake1,my_id is 2bccc672

客户端

[2018-08-31 14:29:13][INFO]source_addr is now 192.168.1.146
[2018-08-31 14:29:13][INFO]using port 59644
[2018-08-31 14:29:13][INFO]filter expression is [ip and tcp and src 202.91.32.100 and src port 10120 and dst port 59644]
[2018-08-31 14:29:13][INFO]ret=-1,errno=0:,472 202.91.32.100:10120
[2018-08-31 14:29:13][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 14:29:13][INFO]state changed from client_tcp_dummy to client_handshake1
[2018-08-31 14:29:13][INFO](re)sent handshake1
[2018-08-31 14:29:14][INFO](re)sent handshake1
[2018-08-31 14:29:15][INFO](re)sent handshake1
[2018-08-31 14:29:17][INFO](re)sent handshake1
[2018-08-31 14:29:18][INFO](re)sent handshake1
[2018-08-31 14:29:18][INFO]state back to client_idle from client_handshake1
[2018-08-31 14:29:19][INFO]source_addr is now 192.168.1.146
[2018-08-31 14:29:19][INFO]using port 61597
[2018-08-31 14:29:19][INFO]filter expression is [ip and tcp and src 202.91.32.100 and src port 10120 and dst port 61597]
[2018-08-31 14:29:19][INFO]ret=-1,errno=0:,440 202.91.32.100:10120
[2018-08-31 14:29:19][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 14:29:19][INFO]state changed from client_tcp_dummy to client_handshake1
[2018-08-31 14:29:19][INFO](re)sent handshake1
[2018-08-31 14:29:20][INFO](re)sent handshake1
[2018-08-31 14:29:21][INFO](re)sent handshake1
[2018-08-31 14:29:23][INFO](re)sent handshake1
[2018-08-31 14:29:24][INFO](re)sent handshake1
[2018-08-31 14:29:24][INFO]state back to client_idle from client_handshake1
[2018-08-31 14:29:25][INFO]source_addr is now 192.168.1.146
[2018-08-31 14:29:25][INFO]using port 30248
[2018-08-31 14:29:25][INFO]filter expression is [ip and tcp and src 202.91.32.100 and src port 10120 and dst port 30248]
[2018-08-31 14:29:25][INFO]ret=-1,errno=0:,552 202.91.32.100:10120
[2018-08-31 14:29:25][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 14:29:25][INFO]state changed from client_tcp_dummy to client_handshake1
[2018-08-31 14:29:25][INFO](re)sent handshake1
[2018-08-31 14:29:26][INFO](re)sent handshake1
[2018-08-31 14:29:27][INFO](re)sent handshake1
[2018-08-31 14:29:29][INFO](re)sent handshake1
[2018-08-31 14:29:30][INFO](re)sent handshake1
[2018-08-31 14:29:30][INFO]state back to client_idle from client_handshake1
[2018-08-31 14:29:31][INFO]source_addr is now 192.168.1.146
[2018-08-31 14:29:31][INFO]using port 61771
[2018-08-31 14:29:31][INFO]filter expression is [ip and tcp and src 202.91.32.100 and src port 10120 and dst port 61771]
[2018-08-31 14:29:31][INFO]ret=-1,errno=0:,420 202.91.32.100:10120
[2018-08-31 14:29:31][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 14:29:31][INFO]state changed from client_tcp_dummy to client_handshake1

以上不断循环显示。

[wangyu-]

参考一下这个连接：

https://github.com/wangyu-/udp2raw-tunnel/wiki/%E5%B8%B8%E8%A7%81%E9%94%99%E8%AF%AF

[miyouzi]

我上面所使用的VPS是HostDare的ovz。我尝试换成了谷歌云主机来操作，LOG发生不同，但依然不能到ready状态。

谷歌云已清空的iptables设置（bty，希望清空iptables的介绍能添加提醒“需确认INPUT的默认规则为ACCEPT，为DROP的话会断开所有连接”）

假设谷歌云IP为 35.194.100.3
谷歌云使用Ubuntu 16

启动参数

服务端

./udp2raw_amd64 -s -l0.0.0.0:10120 -r 127.0.0.1:443 -a -k "passwd" --raw-mode faketcp

客户端

udp2raw_mp_nolibnet -c -r35.194.100.3:10120 -l0.0.0.0:443 --raw-mode easy-faketcp -k "passwd"

LOG

服务端

[2018-08-31 08:56:45][INFO]argc=10 ./udp2raw_amd64 -s -l0.0.0.0:10120 -r 127.0.0.1:443 -a -k passwd --raw-mode faketcp 
[2018-08-31 08:56:45][INFO]parsing address: 0.0.0.0:10120
[2018-08-31 08:56:45][INFO]its an ipv4 adress
[2018-08-31 08:56:45][INFO]ip_address is {0.0.0.0}, port is {10120}
[2018-08-31 08:56:45][INFO]parsing address: 127.0.0.1:443
[2018-08-31 08:56:45][INFO]its an ipv4 adress
[2018-08-31 08:56:45][INFO]ip_address is {127.0.0.1}, port is {443}
[2018-08-31 08:56:45][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=aes128cbc auth_mode=md5 key=passwd local_addr=0.0.0.0:10120 remote_addr=127.0.0.1:443 socket_buf_size=1048576 
[2018-08-31 08:56:45][WARN]you can run udp2raw with non-root account for better security. check README.md in repo for more info.
[2018-08-31 08:56:45][INFO]remote_ip=[127.0.0.1], make sure this is a vaild IP address
[2018-08-31 08:56:45][INFO]const_id:82e084b6
[2018-08-31 08:56:45][INFO]run_command iptables -N udp2rawDwrW_82e084b6_C0
[2018-08-31 08:56:45][INFO]run_command iptables -F udp2rawDwrW_82e084b6_C0
[2018-08-31 08:56:45][INFO]run_command iptables -I udp2rawDwrW_82e084b6_C0 -j DROP
[2018-08-31 08:56:45][INFO]run_command iptables -I INPUT -p tcp -m tcp --dport 10120 -j udp2rawDwrW_82e084b6_C0
[2018-08-31 08:56:45][WARN]auto added iptables rules
[2018-08-31 08:56:45][INFO]now listening at 0.0.0.0:10120
[2018-08-31 08:56:54][INFO][100.100.165.25:11018]received syn,sent syn ack back
[2018-08-31 08:56:57][INFO][100.100.165.25:11018]received syn,sent syn ack back
[2018-08-31 08:57:00][INFO][100.100.165.25:11022]received syn,sent syn ack back
[2018-08-31 08:57:03][INFO][100.100.165.25:11022]received syn,sent syn ack back
[2018-08-31 08:57:03][INFO][100.100.165.25:11025]received syn,sent syn ack back
[2018-08-31 08:57:05][INFO][100.100.165.25:11026]received syn,sent syn ack back
[2018-08-31 08:57:08][INFO][100.100.165.25:11026]received syn,sent syn ack back
[2018-08-31 08:57:09][INFO][100.100.165.25:11031]received syn,sent syn ack back
[2018-08-31 08:57:11][INFO][100.100.165.25:11033]received syn,sent syn ack back
[2018-08-31 08:57:14][INFO][100.100.165.25:11033]received syn,sent syn ack back
[2018-08-31 08:57:14][INFO][100.100.165.25:11035]received syn,sent syn ack back
[2018-08-31 08:57:16][INFO][100.100.165.25:11039]received syn,sent syn ack back
[2018-08-31 08:57:19][INFO][100.100.165.25:11039]received syn,sent syn ack back
[2018-08-31 08:57:20][INFO][100.100.165.25:11033]received syn,sent syn ack back
[2018-08-31 08:57:22][INFO][100.100.165.25:11044]received syn,sent syn ack back
[2018-08-31 08:57:25][INFO][100.100.165.25:11044]received syn,sent syn ack back
[2018-08-31 08:57:25][INFO][100.100.165.25:11048]received syn,sent syn ack back

客户端

[2018-08-31 16:56:52][INFO]source_addr is now 192.168.1.146
[2018-08-31 16:56:52][INFO]using port 26190
[2018-08-31 16:56:52][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 26190]
[2018-08-31 16:56:52][INFO]ret=-1,errno=0:,336 35.194.100.3:10120
[2018-08-31 16:56:52][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 16:56:58][INFO]state back to client_idle from client_tcp_handshake_dummy
[2018-08-31 16:56:58][INFO]source_addr is now 192.168.1.146
[2018-08-31 16:56:58][INFO]using port 16431
[2018-08-31 16:56:58][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 16431]
[2018-08-31 16:56:58][INFO]ret=-1,errno=0:,448 35.194.100.3:10120
[2018-08-31 16:56:58][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 16:57:03][INFO]state back to client_idle from client_tcp_handshake_dummy
[2018-08-31 16:57:04][INFO]source_addr is now 192.168.1.146
[2018-08-31 16:57:04][INFO]using port 29236
[2018-08-31 16:57:04][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 29236]
[2018-08-31 16:57:04][INFO]ret=-1,errno=0:,512 35.194.100.3:10120
[2018-08-31 16:57:04][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 16:57:09][INFO]state back to client_idle from client_tcp_handshake_dummy
[2018-08-31 16:57:09][INFO]source_addr is now 192.168.1.146
[2018-08-31 16:57:09][INFO]using port 18204
[2018-08-31 16:57:09][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 18204]
[2018-08-31 16:57:09][INFO]ret=-1,errno=0:,416 35.194.100.3:10120
[2018-08-31 16:57:09][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 16:57:14][INFO]state back to client_idle from client_tcp_handshake_dummy
[2018-08-31 16:57:15][INFO]source_addr is now 192.168.1.146
[2018-08-31 16:57:15][INFO]using port 29576
[2018-08-31 16:57:15][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 29576]
[2018-08-31 16:57:15][INFO]ret=-1,errno=0:,504 35.194.100.3:10120
[2018-08-31 16:57:15][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 16:57:20][INFO]state back to client_idle from client_tcp_handshake_dummy
[2018-08-31 16:57:20][INFO]source_addr is now 192.168.1.146
[2018-08-31 16:57:20][INFO]using port 26725
[2018-08-31 16:57:20][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 26725]
[2018-08-31 16:57:20][INFO]ret=-1,errno=0:,372 35.194.100.3:10120
[2018-08-31 16:57:20][INFO]state changed from client_idle to client_tcp_handshake_dummy

以上循环显示

这是否说明我所使用的这两台主机不支持raw流量呢？

[wangyu-]

希望清空iptables的介绍能添加提醒“需确认INPUT的默认规则为ACCEPT

你按我链接里方法操作，INPUT的默认规则就一定为ACCEPT

这是否说明我所使用的这两台主机不支持raw流量呢？

不清楚，谷歌云貌似是支持的。 你可以先试一下Linux版的客户端。另外确保你用的是非pre-release版的。

[wangyu-]

谷歌云确认是支持的，你参考一下这个issue，谷歌云貌似有一层额外的防火墙：

https://github.com/wangyu-/udp2raw-tunnel/issues/179

建议你在调试通之前先用非pre-release版。 如果windows版的client连不上，先拿linux版的client试一下(在本地的虚拟机或另一个vps)。

[miyouzi]

上面我所使用的版本是：服务端 20180830.0 ，Win客户端 20180830.0
至于谷歌云的防火墙问题，已确认设置好，不然server端就不会显示日志了。
接着我尝试使用非pre-release版：

谷歌云服务端20180225.0+Win客户端20180701.0
情况和上面一样，服务端无限 received syn,sent syn ack back

谷歌云服务端20180225.0+HostDare上的Linux客户端20180225.0
此时客户端启动参数

 ./udp2raw_amd64 -c -r35.194.100.3:10120 -l0.0.0.0:4000 --raw-mode faketcp -a -k "passwd"

服务端与客户端都成功进入ready状态。

所以是Win客户端兼容性问题还是Win上面还需要进一步操作？
（目前在Win的操作除了启动命令外只有一个防火墙弹出联网提示并放行）

[wangyu-]

所以是Win客户端兼容性问题还是Win上面还需要进一步操作？

不清楚。

你可以尝试一下在windows上配合-g手动添加防火墙规则，然后用faketcp模式(非easy)。排除easyfaketcp模式的兼容问题。

还可以尝试一下在本地桥接的虚拟机里运行linux版的客户端，排除一下本地宽带不支持raw流量的可能。

[miyouzi]

你可以尝试一下在windows上配合-g手动添加防火墙规则

尝试后不能到ready状态，LOG同上

还可以尝试一下在本地桥接的虚拟机里运行linux版的客户端，排除一下本地宽带不支持raw流量的可能。

依然不能到ready状态，LOG同Win客户端。

如此看来是本地带宽不支持raw流量？（ISP为福建联通）

[wangyu-]

如此看来是本地带宽不支持raw流量？（ISP为福建联通）

如果排除掉操作有错误的情况，看起来问题确实是出在本地。 有可能是宽带的问题(不过联通应该没问题呀)，也有可能是路由器的问题（在issue里没遇到过）。

如果有机会，建议试一下这台电脑在其他网络环境下是否可以。

另外你试一下两边用--log-level 5，看log里显示什么。

[miyouzi]

我再进行了一次测试，这次尝试使用ICMP伪装。
这次在虚拟机和实机都成功到了ready状态。

HostDare VPS 上服务端的启动参数

./udp2raw_amd64 -s -l0.0.0.0:10120 -r 127.0.0.1:10110 -a -k "passwd" --raw-mode icmp

虚拟机Linux客户端（版本20180225.0）启动参数

./udp2raw_amd64 -c -r202.91.32.100:10120 -l0.0.0.0:4000 --raw-mode icmp -a -k "passwd"

Win客户端（版本20180701.0）启动参数

udp2raw_mp_nolibnet -c -r202.91.32.100:10120 -l0.0.0.0:4000 --raw-mode icmp -k "passwd"

这是否说明ISP已经能够阻止使用udp2raw处理出来的伪TCP流量？

[wangyu-]

这是否说明ISP已经能够阻止使用udp2raw处理出来的伪TCP流量？

感觉不像。

client端：

[2018-08-31 16:56:52][INFO]using port 26190
[2018-08-31 16:56:52][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 26190]
[2018-08-31 16:56:52][INFO]ret=-1,errno=0:,336 35.194.100.3:10120
[2018-08-31 16:56:52][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 16:56:58][INFO]state back to client_idle from client_tcp_handshake_dummy
[2018-08-31 16:56:58][INFO]source_addr is now 192.168.1.146
[2018-08-31 16:56:58][INFO]using port 16431
[2018-08-31 16:56:58][INFO]filter expression is [ip and tcp and src 35.194.100.3 and src port 10120 and dst port 16431]
[2018-08-31 16:56:58][INFO]ret=-1,errno=0:,448 35.194.100.3:10120
[2018-08-31 16:56:58][INFO]state changed from client_idle to client_tcp_handshake_dummy
[2018-08-31 16:57:03][INFO]state back to client_idle from client_tcp_handshake_dummy
[2018-08-31 16:57:04][INFO]source_addr is now 192.168.1.146

server端：

[2018-08-31 08:57:00][INFO][100.100.165.25:11022]received syn,sent syn ack back
[2018-08-31 08:57:03][INFO][100.100.165.25:11022]received syn,sent syn ack back
[2018-08-31 08:57:03][INFO][100.100.165.25:11025]received syn,sent syn ack back

从你最后一次发的log来看， client发了个 syn, server收到后回了syn ack， 然后client端就收不到这个server回的syn ack了。 如果ISP能检测出udp2raw的协议来，应该不会只发了个syn和syn ack就检测出来了，这个阶段跟普通tcp是一样的。 感觉还是出了什么问题。

你可以尝试下，用nc监听在udp2raw server的端口，然后在本地用另一个nc去连，看能否正常收发数据（双向）

[miyouzi]

可能是路由器的问题

我使用的是OpenWRT Chaos Calmer 15.05.1，我也想过是不是路由器问题，尝试在“防火墙”设置里开关“启用SYN-flood防御”，“MSS钳制”，流量设置全部选择“接受”，情况并没有发生变化。

如果有机会，建议试一下这台电脑在其他网络环境下是否可以。

暂时没有除了联通以外的ISP，尝试过使用手机热点（联通）结果相同。

另外你试一下两边用--log-level 5

服务端启动参数

./udp2raw_amd64 -s -l0.0.0.0:10120 -r 127.0.0.1:10110 -a -k "passwd" --raw-mode faketcp --log-level 5

Win客户端启动参数

>udp2raw_mp_nolibnet -c -r202.91.32.100:10120 -l0.0.0.0:4000 --raw-mode faketcp -k "passwd" --log-level 5

客户端LOG

using system32/wpcap.dll
The Winsock 2.2 dll was found okay, _setmaxstdio() was set to 4000
[2018-08-31 21:28:37][INFO]argc=10 udp2raw_mp_nolibnet -c -r202.91.32.100:10120 -l0.0.0.0:4000 --raw-mode faketcp -k passwd --log-level 5
[2018-08-31 21:28:37][DEBUG]option_index: 6
[2018-08-31 21:28:37][DEBUG]parsing key option
[2018-08-31 21:28:37][DEBUG]option_index: 2
[2018-08-31 21:28:37][INFO]important variables: log_level=5:DEBUG raw_mode=faketcp cipher_mode=aes128cbc auth_mode=md5 key=passwd local_ip=0.0.0.0 local_port=4000 remote_address=202.91.32.100 remote_port=10120 source_ip=0.0.0.0 source_port=0 socket_buf_size=1048576
[2018-08-31 21:28:37][INFO]remote_ip=[202.91.32.100], make sure this is a vaild IP address
[2018-08-31 21:28:37][INFO]const_id:5fb26b55
<71><d4><88><f9><e9><70><a2><84><69><4f><06><45><23><2d><3f><a6>
<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
[2018-08-31 21:28:38][INFO]get_src_adress called
[2018-08-31 21:28:38][DEBUG]created new udp_fd 336
[2018-08-31 21:28:38][INFO]source ip = 192.168.1.146
[2018-08-31 21:28:38][INFO]--dev have not been set, trying to detect automatically, avaliable deives:
[2018-08-31 21:28:38][INFO]avaliable deives(device name: ip address ; description):
\Device\NPF_{1E6E1A23-9F91-4236-A9D0-A358032A7BD2}: [unknow:23] [192.168.180.1]; VMware Virtual Ethernet Adapter
\Device\NPF_{4C04AAE8-8AFC-4183-996E-337AF53DC4C5}: [unknow:23] [0.0.0.0]; VPN Client Adapter - VPN
\Device\NPF_{C4BDCF2F-016B-4F84-BC89-767659395205}: [unknow:23] [unknow:23] [no ip found]; TAP-Windows Adapter V9
\Device\NPF_{6C7F3A21-5D32-4109-A21D-FFAAD961EB58}: [unknow:23] [unknow:23] [no ip found]; Microsoft
\Device\NPF_{9D60222B-4063-4DFA-8F73-DE41CFC3B685}: [unknow:23] [10.0.4.10]; TAP-Windows Adapter V9
\Device\NPF_{78FB8BA9-B4EF-4E8E-B35F-564FF1DE85F8}: [unknow:23] [10.0.4.10]; TAP-Windows Adapter V9
\Device\NPF_{E81E97DE-AF43-4C02-A281-97C0263D4835}: [unknow:23] [10.0.66.10]; ZeroTier One Virtual Port
\Device\NPF_{FF649AED-DF57-43B0-9213-BC398B7AB677}: [192.168.2.201]; Realtek PCIe GBE Family Controller
\Device\NPF_{901E7296-8B72-4BF6-9B1B-B1A317D30BB6}: [unknow:23] [192.168.40.1]; VMware Virtual Ethernet Adapter
\Device\NPF_{CCE92692-CEAF-43A0-A857-6EDB796A3683}: [unknow:23] [0.0.0.0]; MS NDIS 6.0 LoopBack Driver
\Device\NPF_{5207454D-F560-4060-805E-33A7C71E55E0}: [unknow:23] [10.198.75.60]; TAP-Windows Adapter V9
\Device\NPF_{9457959D-717C-4C9F-8C69-1210A7237049}: [unknow:23] [192.168.137.1] [192.168.137.1]; Microsoft
\Device\NPF_{79332963-47D2-4B7E-8977-C3D1A9C3A13A}: [unknow:23] [unknow:23] [unknow:23] [unknow:23] [192.168.1.146]; Microsoft
[2018-08-31 21:28:39][INFO]using device:[\Device\NPF_{79332963-47D2-4B7E-8977-C3D1A9C3A13A}], ip: [192.168.1.146]
[2018-08-31 21:28:39][DEBUG]send_raw : from 9201a8c0 0  to ab205bca 10120
[2018-08-31 21:28:39][INFO]waiting for a use-able packet to be captured
link level header captured:
<74><7d><24><52><f3><43><f6><8e><38><e9><a0><18><8><0>
[2018-08-31 21:28:39][DEBUG]created new udp_fd 436
[2018-08-31 21:28:39][INFO]using port 13034
[2018-08-31 21:28:39][INFO]filter expression is [tcp and src 202.91.32.100 and src port 10120 and dst port 13034]
[2018-08-31 21:28:39][INFO]state changed from client_idle to client_tcp_handshake
[2018-08-31 21:28:39][INFO](re)sent tcp syn
[2018-08-31 21:28:39][INFO]state changed from client_tcp_handshake to client_handshake1
[2018-08-31 21:28:39][INFO](re)sent handshake1
[2018-08-31 21:28:39][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:39][DEBUG]recv_bare failed!
[2018-08-31 21:28:40][INFO](re)sent handshake1
[2018-08-31 21:28:40][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:40][DEBUG]recv_bare failed!
[2018-08-31 21:28:41][INFO](re)sent handshake1
[2018-08-31 21:28:42][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:42][DEBUG]recv_bare failed!
[2018-08-31 21:28:42][INFO](re)sent handshake1
[2018-08-31 21:28:43][INFO](re)sent handshake1
[2018-08-31 21:28:44][INFO]state back to client_idle from client_handshake1
[2018-08-31 21:28:44][DEBUG]created new udp_fd 532
[2018-08-31 21:28:44][INFO]using port 49958
[2018-08-31 21:28:44][INFO]filter expression is [tcp and src 202.91.32.100 and src port 10120 and dst port 49958]
[2018-08-31 21:28:44][INFO]state changed from client_idle to client_tcp_handshake
[2018-08-31 21:28:44][INFO](re)sent tcp syn
[2018-08-31 21:28:44][INFO]state changed from client_tcp_handshake to client_handshake1
[2018-08-31 21:28:44][INFO](re)sent handshake1
[2018-08-31 21:28:44][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:44][DEBUG]recv_bare failed!
[2018-08-31 21:28:45][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:45][DEBUG]recv_bare failed!
[2018-08-31 21:28:45][INFO](re)sent handshake1
[2018-08-31 21:28:47][INFO](re)sent handshake1
[2018-08-31 21:28:47][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:47][DEBUG]recv_bare failed!
[2018-08-31 21:28:48][INFO](re)sent handshake1
[2018-08-31 21:28:49][INFO](re)sent handshake1
[2018-08-31 21:28:49][INFO]state back to client_idle from client_handshake1
[2018-08-31 21:28:50][DEBUG]created new udp_fd 436
[2018-08-31 21:28:50][INFO]using port 63443
[2018-08-31 21:28:50][INFO]filter expression is [tcp and src 202.91.32.100 and src port 10120 and dst port 63443]
[2018-08-31 21:28:50][INFO]state changed from client_idle to client_tcp_handshake
[2018-08-31 21:28:50][INFO](re)sent tcp syn
[2018-08-31 21:28:50][INFO]state changed from client_tcp_handshake to client_handshake1
[2018-08-31 21:28:50][INFO](re)sent handshake1
[2018-08-31 21:28:50][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:50][DEBUG]recv_bare failed!
[2018-08-31 21:28:51][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:51][DEBUG]recv_bare failed!
[2018-08-31 21:28:51][INFO](re)sent handshake1
[2018-08-31 21:28:53][INFO](re)sent handshake1
[2018-08-31 21:28:53][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:53][DEBUG]recv_bare failed!
[2018-08-31 21:28:54][INFO](re)sent handshake1
[2018-08-31 21:28:55][INFO](re)sent handshake1
[2018-08-31 21:28:55][INFO]state back to client_idle from client_handshake1
[2018-08-31 21:28:56][DEBUG]created new udp_fd 532
[2018-08-31 21:28:56][INFO]using port 14979
[2018-08-31 21:28:56][INFO]filter expression is [tcp and src 202.91.32.100 and src port 10120 and dst port 14979]
[2018-08-31 21:28:56][INFO]state changed from client_idle to client_tcp_handshake
[2018-08-31 21:28:56][INFO](re)sent tcp syn
[2018-08-31 21:28:56][INFO]state changed from client_tcp_handshake to client_handshake1
[2018-08-31 21:28:56][INFO](re)sent handshake1
[2018-08-31 21:28:56][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:56][DEBUG]recv_bare failed!
[2018-08-31 21:28:57][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:57][DEBUG]recv_bare failed!
[2018-08-31 21:28:57][INFO](re)sent handshake1
[2018-08-31 21:28:59][INFO](re)sent handshake1
[2018-08-31 21:28:59][DEBUG]unexpect packet type recv_info.syn=1 recv_info.ack=1
[2018-08-31 21:28:59][DEBUG]recv_bare failed!
[2018-08-31 21:29:00][INFO](re)sent handshake1
[2018-08-31 21:29:00][INFO]got sigint, exit

服务端LOG

[2018-08-31 21:28:29][INFO]argc=12 ./udp2raw_amd64 -s -l0.0.0.0:10120 -r 127.0.0.1:10110 -a -k passwd --raw-mode faketcp --log- level 5
[2018-08-31 21:28:29][DEBUG]parsing key option
[2018-08-31 21:28:29][DEBUG]option_index: 6
[2018-08-31 21:28:29][DEBUG]option_index: 2
[2018-08-31 21:28:29][INFO]important variables: log_level=5:DEBUG raw_mode=faketcp cipher_mode=aes128cbc auth_mode=md5 key=pass wd local_ip=0.0.0.0 local_port=10120 remote_ip=127.0.0.1 remote_port=10110 source_ip=0.0.0.0 source_port=0 socket_buf_size=1048 576
[2018-08-31 21:28:29][WARN]you can run udp2raw with non-root account for better security. check README.md in repo for more info .
[2018-08-31 21:28:29][INFO]const_id:4f45e707
[2018-08-31 21:28:29][INFO]run_command iptables -N udp2rawDwrW_4f45e707_C0
[2018-08-31 21:28:29][INFO]run_command iptables -F udp2rawDwrW_4f45e707_C0
[2018-08-31 21:28:29][INFO]run_command iptables -I udp2rawDwrW_4f45e707_C0 -j DROP
[2018-08-31 21:28:29][INFO]run_command iptables -I INPUT -p tcp -m tcp --dport 10120 -j udp2rawDwrW_4f45e707_C0
[2018-08-31 21:28:29][WARN]auto added iptables rules
[2018-08-31 21:28:29][DEBUG]error remove fiter
[2018-08-31 21:28:29][INFO]now listening at 0.0.0.0:10120
[2018-08-31 21:28:40][INFO][100.100.165.25:11051]received syn,sent syn ack back
[2018-08-31 21:28:41][DEBUG]auth_verify failed
[2018-08-31 21:28:41][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:41][INFO][100.100.165.25:11051]got packet from a new ip
[2018-08-31 21:28:41][INFO][100.100.165.25:11051]created new conn,state: server_handshake1,my_id is 58a53864
[2018-08-31 21:28:41][INFO][100.100.165.25:11051]changed state to server_handshake1,my_id is 58a53864
[2018-08-31 21:28:42][DEBUG]auth_verify failed
[2018-08-31 21:28:42][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:42][INFO][100.100.165.25:11051]changed state to server_handshake1,my_id is 58a53864
[2018-08-31 21:28:43][DEBUG]auth_verify failed
[2018-08-31 21:28:43][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:43][INFO][100.100.165.25:11051]changed state to server_handshake1,my_id is 58a53864
[2018-08-31 21:28:44][INFO][100.100.165.25:11051]changed state to server_handshake1,my_id is 58a53864
[2018-08-31 21:28:44][DEBUG]auth_verify failed
[2018-08-31 21:28:44][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:45][DEBUG]auth_verify failed
[2018-08-31 21:28:45][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:45][INFO][100.100.165.25:11051]changed state to server_handshake1,my_id is 58a53864
[2018-08-31 21:28:46][INFO][100.100.165.25:11055]received syn,sent syn ack back
[2018-08-31 21:28:46][INFO][100.100.165.25:11055]got packet from a new ip
[2018-08-31 21:28:46][INFO][100.100.165.25:11055]created new conn,state: server_handshake1,my_id is 654b87bb
[2018-08-31 21:28:46][INFO][100.100.165.25:11055]changed state to server_handshake1,my_id is 654b87bb
[2018-08-31 21:28:46][DEBUG]auth_verify failed
[2018-08-31 21:28:46][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:47][DEBUG]auth_verify failed
[2018-08-31 21:28:47][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:47][INFO][100.100.165.25:11055]changed state to server_handshake1,my_id is 654b87bb
[2018-08-31 21:28:48][DEBUG]auth_verify failed
[2018-08-31 21:28:48][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:48][INFO][100.100.165.25:11055]changed state to server_handshake1,my_id is 654b87bb
[2018-08-31 21:28:50][DEBUG]auth_verify failed
[2018-08-31 21:28:50][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:50][INFO][100.100.165.25:11055]changed state to server_handshake1,my_id is 654b87bb
[2018-08-31 21:28:51][DEBUG]auth_verify failed
[2018-08-31 21:28:51][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:51][INFO][100.100.165.25:11055]changed state to server_handshake1,my_id is 654b87bb
[2018-08-31 21:28:51][INFO][100.100.165.25:11051]inactive conn cleared
[2018-08-31 21:28:52][INFO][100.100.165.25:11060]received syn,sent syn ack back
[2018-08-31 21:28:52][INFO][100.100.165.25:11060]got packet from a new ip
[2018-08-31 21:28:52][INFO][100.100.165.25:11060]created new conn,state: server_handshake1,my_id is f8985915
[2018-08-31 21:28:52][INFO][100.100.165.25:11060]changed state to server_handshake1,my_id is f8985915
[2018-08-31 21:28:52][DEBUG]auth_verify failed
[2018-08-31 21:28:52][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:53][DEBUG]auth_verify failed
[2018-08-31 21:28:53][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:53][INFO][100.100.165.25:11060]changed state to server_handshake1,my_id is f8985915
[2018-08-31 21:28:54][DEBUG]auth_verify failed
[2018-08-31 21:28:54][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:54][INFO][100.100.165.25:11060]changed state to server_handshake1,my_id is f8985915
[2018-08-31 21:28:56][DEBUG]auth_verify failed
[2018-08-31 21:28:56][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:56][INFO][100.100.165.25:11060]changed state to server_handshake1,my_id is f8985915
[2018-08-31 21:28:57][DEBUG]auth_verify failed
[2018-08-31 21:28:57][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:57][INFO][100.100.165.25:11060]changed state to server_handshake1,my_id is f8985915
[2018-08-31 21:28:58][INFO][100.100.165.25:11063]received syn,sent syn ack back
[2018-08-31 21:28:58][DEBUG]auth_verify failed
[2018-08-31 21:28:58][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:58][INFO][100.100.165.25:11063]got packet from a new ip
[2018-08-31 21:28:58][INFO][100.100.165.25:11063]created new conn,state: server_handshake1,my_id is 5f2b97e9
[2018-08-31 21:28:58][INFO][100.100.165.25:11063]changed state to server_handshake1,my_id is 5f2b97e9
[2018-08-31 21:28:58][INFO][100.100.165.25:11055]inactive conn cleared
[2018-08-31 21:28:59][DEBUG]auth_verify failed
[2018-08-31 21:28:59][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:28:59][INFO][100.100.165.25:11063]changed state to server_handshake1,my_id is 5f2b97e9
[2018-08-31 21:29:00][DEBUG]auth_verify failed
[2018-08-31 21:29:00][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:29:00][INFO][100.100.165.25:11063]changed state to server_handshake1,my_id is 5f2b97e9
[2018-08-31 21:29:02][DEBUG]auth_verify failed
[2018-08-31 21:29:02][DEBUG]decrypt_fail in recv bare
[2018-08-31 21:29:02][INFO][100.100.165.25:11063]changed state to server_handshake1,my_id is 5f2b97e9
[2018-08-31 21:29:03][INFO][100.100.165.25:11060]inactive conn cleared
[2018-08-31 21:29:09][INFO][100.100.165.25:11063]inactive conn cleared

[wangyu-]

我使用的是OpenWRT Chaos Calmer 15.05.1，我也想过是不是路由器问题，尝试在“防火墙”设置里开关“启用SYN-flood防御”，“MSS钳制”，流量设置全部选择“接受”，情况并没有发生变化。

我也用的是OpenWRT CC 15.05.1，默认设置没问题。

[wangyu-]

我加一下你的telegram或者whatsapp吧，把你的号发到我的邮箱wangyucn at gmail.com。

我连你的服务器，你连我的服务器试试。

[miyouzi]

和wangyu大佬交流后问题大体明白了。HostDare是支持raw流量的，问题出在防火墙上，清空规则后faketcp模式已能联通，具体是和哪一条规则冲突，有机会的话日后补充。

至于谷歌云方面，因为上了TCP阻断豪华名单，暂无法确定是配置问题还是*FW的问题，不过还是能ping通的，因此可以尝试用ICMP模式来抢救一下。

[kob]

添加
iptables -I OUTPUT -p tcp --sport 监听端口 -j ACCEPT

终于成功

[escapezn]

可能是这个问题 #258