Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't find a good downstream fragment size #107

Open
mynetx opened this issue Feb 12, 2025 · 2 comments
Open

Can't find a good downstream fragment size #107

mynetx opened this issue Feb 12, 2025 · 2 comments

Comments

@mynetx
Copy link

mynetx commented Feb 12, 2025

I'm trying to connect from a macOS machine to a Linux server.
The DNS configuration seems correct, since the iodine test page says:

Analyzing DNS setup for tunnel domain 't.mynetx.net'... (might take some time)

Looking for nameserver for MYDOMAIN.net.. got ns-969.awsdns-57.net (at 205.251.195.201).
Resolving delegation of t.MYDOMAIN.net at 205.251.195.201... to my.srv.MYDOMAIN.net (at 49.XXX.XXX.XXX).

Expecting iodined to be accessible at 49.XXX.XXX.XXX... yes, using proto 00000502.
Testing iodine reply using default nameserver... ok.

Well done, your iodine setup seems fine!

I started the server with:

$ sudo iodined -P MYPASSWORD -f -c 10.0.0.1 t.MYDOMAIN.net

Opened dns0
Setting IP of dns0 to 10.0.0.1
Setting MTU of dns0 to 1130
Opened IPv4 UDP socket
Listening to dns for domain t.MYDOMAIN.net

And this would be my client log:

$ sudo iodine -f -M 200 -P MYPASSWORD t.MYDOMAIN.net

No tun devices found, trying utun
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
Opened utun8
Opened IPv4 UDP socket
Sending DNS queries for t.MYDOMAIN.net to 192.168.0.1
Autodetecting DNS query type (use -T to override).
Using DNS type NULL queries
Version ok, both using protocol v 0x00000502. You are user #1
Setting IP of utun8 to 10.0.0.3
Adding route 10.0.0.0/27 to 10.0.0.3
add net 10.0.0.0: gateway 10.0.0.3
Setting MTU of utun8 to 1130
Server tunnel IP is 10.0.0.1
Requesting server address to attempt raw UDP mode (skip with -r) 
Server is at 49.XXX.XXX.XXX, trying raw login: (skip with -r) ....failed
Using EDNS0 extension
Switching upstream to codec Base128
Server switched upstream to codec Base128
No alternative downstream codec available, using default (Raw)
Switching to lazy mode for low-latency
Server switched to lazy mode
Autoprobing max downstream fragment size... (skip with -m fragsize)
...768 not ok.. ...384 not ok.. ...192 not ok.. ...96 not ok.. ...48 not ok.. ...24 not ok.. ...12 not ok.. ...6 not ok.. ...3 not ok.. ...2 not ok.. 
iodine: found no accepted fragment size.
iodine: try setting -M to 200 or lower, or try other -T or -O options.

Any ideas?
@bloodson135
Copy link

If your server is behind a NAT, you could try -n <your.public.address> in iodined when starting the server. Just a thought.

@yarrick
Copy link
Owner

yarrick commented Feb 14, 2025

The IP address for iodined only matters for raw mode login, so that should not matter here.

Try different nameservers if that is allowed. Maybe your packets go through a different path and arrive at the server with from a new source IP and are dropped. Try adding some debug on the server or record with tcpdump to see if the issue is upstream or downstream.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yarrick @mynetx @bloodson135