I am trying to find a way to communicate two machines (Machine A and Machine B) behind their respective NATs using wireguard. So basically :
I started to make them communicate with an intermediate server located on the internet by creating a UDP hole punching port, so it means Machine A can communicate with the intermediate server and Machine B can also communicate with the intermediate server.
Now, When I'm trying to make communicate Machine A with Machine B by using the hole punching port previously created by the communication between Machine A and the intermediate server, that does not work.
Is that someone who could help me to make it works or share useful documentation?
Thanks in advance
Related
This may be a very obvious question to a lot of people on here. Unfortunately I'm PRETTY bad with networking, nuff said:
I have a local webservice running on PC A, that I can without a problem access (via the lan/the local ip address:port of PC A) from PC B.
What I'm trying now is to connect the same two PC's, while using the same VPN and being in two different physical networks.
My gut tells me, that I need to reconfigure the local webserver (PC A) to the (local) VPN address that got assigned to it, right? Reality is, this solution is not working. Any suggestions?
Cheers.
I've tried looking for how to connect my Linux machines over the Internet to sort of create a point to point VPN for a project. Both are located physically in different cities, behind a NAT. For what I'm testing, unfortunately I can't be touching any router, max I can perform is port forwarding.
Is there any way to create such a setup with only 2 port forwarded machines, each behind NAT and have a dynamic IP(obviously xD)?
I want a GRE tunnel because I can then use the interface for my purposes, and from what I can see its pretty straightforward.
I found a tutorial that shows you how to create server and client programs, and make them communicate over a network.
http://www.win32developer.com/tutorial/winsock/winsock_tutorial_1.shtm
I can make a client program connect to, for example, 192.168.0.4 on my local network, and I can make it connect to 74.125.225.96. But what if I wanted to make it communicate with 192.168.0.4 on the network of 74.125.225.96, instead of just the default server on 74.125.225.96? I'm having a difficult time finding the answer with Google.
Is there even a way to do this? If not, then how are Gnutella and Bittorrent, able to connect computers directly together to share files?
To do what you are asking, 74.125.225.96 would have to be assigned to a router that is configured to forward inbound connections on the target server port to the machine that is running 192.168.0.4.
BitTorrent and other file sharing apps use various techniques, like NAT traversal, hole punching, etc to get connections through routers and firewalls. For example, if one party is behind a router/firewall and the other party is not, then the two apps first try to connect to each other in one direction, and if that fails then they reverse roles - client becomes server and server becomes client - and they try again. If that still fails, they could then connect to a middleman server that both parties have access to, and let it delegate the connections.
Some background first. I have a .net client agent installed on each of the machines in the lan. They are interacting with my central server [website] also on the same lan.
It is important for my website to figure out which of the machines can talk to each other. For example, machines of one subnet cannot directly talk to machines of another subnet without configuring the routers and such. But machines in the same subnet should be able to talk to each other directly.
The problem I am facing is when the lan setup is like in Figure 1.
Because Comp1, Comp2 and Comp3 are behind a router, they have got the ipaddress 192.168.1.2 till 192.168.1.4. My client agent on these machines report the same ipaddress back to the server. However, machines Comp4, Comp5 also have the same ipaddresses.
Thus, as far as my server is concerned, there are 2 machines with the same ipaddress. Not just that, because the subnet mask is 255.255.255.0 for all machines, my server is fooled into thinking that Comp1 can directly talk to Comp5, which is not possible.
So, how do I solve this? What do I need to change in my client or in my server, so that I can support this scenario. These two are the only things in my control.
EDIT: Seems that the network diagram
is over simplified and there could be
multiple router/subnet levels. My
original answer will not handle this
scenario. Also, with the restriction
of modifying only the client app or server
app and not tampering with the
routers and firewalls makes
it more difficult.
EDIT2: Using 'arp -a' you can extract
the MAC address of the router. If the
client apps can manage to do this then
the puzzle is solved!
The client app knows the local machine address and passes it to the server app.
The server app knows the remote address when a connection comes in. This would be machine address or a router address.
From these two values you can work out what you ask.
For example:
Server app receives connection from 10.10.10.2 with client supplying 192.168.1.2
Server app receives connection from 10.10.10.3 with client supplying 192.168.1.3
The 'remote address' distinguishes the subnets.
So, all you need to figure out is how to extract the remote address of a client connection. If you are using any of the popular web technologies for your server app then this is very easy.
One approach is for the individual client machines to determine who they can see using a broadcast message. Have each client listen on some particular UDP port, and each client broadcast its presence to whatever the local broadcast domain is. When clients can see each other in this way, they can probably also make TCP connections to each other.
If the server needs to know which clients can talk to each other, just have the clients tell the server.
If the network diagram is complicated enough I think if would be very difficuilt to find what you need.
You should also take into account that Comp1 can establish direct connection to Comp6.
The solution I can suggest is probing. Client receives list of all other clients from server and tries to establish connection to each of them. I think that would be the only way to know which clients are REALLY accessible assuming any number of routers/firewalls/NATs in the network. Doesn'r scale much for a big number of computers of course.
I am writing a peer-to-peer binary socket program. There are only two endpoints. One socket is listening on my laptop system. The other socket is broadcasting from my desktop system. I have a third program running on a hosted server, that is available to broker the connection between the two. My problem is that when the laptop and desktop are on the same network, they both have the same internet IP address but different intranet IPs, but when the laptop is on the road, then the IP addresses are different. In order to be truly peer-to-peer, I have to write it so that after the connection is established, that the two computers communicate directly between one another. How is this generally accomplished, when the two computers could potentially share the same IP address, if they are running on the same network?
Your question is really: how do I deal with network address translation in a P2P system?
One possibility is to require holes poked in the NAT/firewall systems--that will ensure that requests to a given port are sent to a given computer. Allowing multiple clients inside the network would require poking multiple holes and configuring each client with the corresponding port.
Another possibility involving UDP is here--I haven't reviewed it enough to know if it really removes the broker from the equation after a handshake.
As always, Google can be your friend.