If that is the complete log, then it’s not seeing any packets and so it can’t forward them. Firewall rules blocking perhaps?
Thanks for responding.
Actually there is more traffic in the logs. Took a while for it to show up. Lots of the following. This shed light on anything? 192.168.20.x is main. Music is 192.168.50.x.
No firewall on the Synology itself. Could be the UniFi firewall but I don’t think so. Main has full access to Music. I have a rule to allow the Roon core to access main.
|2023/10/20 09:24:56|stderr|level=debug msg=handlePackets(eth0) ticker|
|---|---|---|
|2023/10/20 09:24:55|stderr|level=warning msg=Unable to decode packet from eth1: No decoder for layer type Dot1Q|
|2023/10/20 09:24:55|stderr|level=debug msg=processing packet from eth1 on eth0|
|2023/10/20 09:24:55|stderr|level=warning msg=Unable to decode packet from eth1: No decoder for layer type Dot1Q|
|2023/10/20 09:24:55|stderr|level=debug msg=processing packet from eth1 on eth0|
|2023/10/20 09:24:55|stderr|level=warning msg=Unable to decode packet from eth1: No decoder for layer type Dot1Q|
|2023/10/20 09:24:55|stderr|level=debug msg=processing packet from eth1 on eth0|
|2023/10/20 09:24:55|stderr|level=debug msg=eth0: sending out because we're not eth1|
|2023/10/20 09:24:55|stderr|level=debug msg=eth1: received packet and fowarding onto other interfaces|
|2023/10/20 09:24:55|stderr|level=debug msg=eth0: sending out because we're not eth1|
|2023/10/20 09:24:55|stderr|level=debug msg=eth1: received packet and fowarding onto other interfaces|
|2023/10/20 09:24:55|stderr|level=debug msg=eth0: sending out because we're not eth1|
|2023/10/20 09:24:55|stderr|level=debug msg=eth1: received packet and fowarding onto other interfaces|
|2023/10/20 09:24:55|stderr|level=debug msg=eth0 => 192.168.20.255: packet len: 146|
|2023/10/20 09:24:55|stderr|level=debug msg=processing packet from eth1 on eth0|
Are you using 802.1Q VLANs or separate physical ports? Because if they’re different physical ports, not sure why you would be getting this warning:
|2023/10/20 09:24:55|stderr|level=warning msg=Unable to decode packet from eth1: No decoder for layer type Dot1Q|
Packets on 802.1Q won’t be processed.
Beyond that, a misconception a lot of people have is that because you can talk from one network to another through a firewall, that means it will work with udp-proxy-2020. The issue is that Roon traffic that udp-proxy-2020 is processing is being sent to the firewall and not through the firewall. So this is often different firewall rules. So you have to look at your firewall logs to ensure it’s not dropping packets on the floor (also make sure it is logging packets it drops!).
We’re at the fringes of my understanding.
All gear is UniFi, all switches are managed UniFi switches. Networks are defined as UniFi networks. Networks are configured to tag with VLAN IDs.
The Synology has 4 ports, and the two we’re talking about are connected to a switch. On that switch, the ports to which the cables are connected are configured for their respective vlans.
Does that help?
I firewall cross-vlan traffic with one LAN In/Block rule that drops all cross-vlan traffic. The typical “RFC1918” rule.
I precede that with LAN In/Allow rules. I think the rules I have in place are correct. I’ll triple check if that’s what you think the likely culprit is.
Thanks again!
VLAN == 802.1Q
Basically a VLAN is a “virtual network interface” which runs on top of the physical port. So you have eth0 (physical port) and something like eth0.200 which is a virtual network interface on eth0 with the VLAN ID of 200. udp-proxy-2020 doesn’t today understand this virtual interface thingy.
Now you may be able to work around this by telling udp-proxy-2020 to use eth0.200 and eth0.100 (not I’m just picking random VLAN ID’s… you’ll need to use the values you have configured!!!) and see if that works- you’ll want to pick the values that map to your music and main VLANs. Don’t specify the network interfaces you don’t care about.
I don’t see any evidence that the Synology knows about, or exposes, VLAN-based interfaces. They don’t show up, for example, in “ip a” and when I try configuring udp-proxy-2020 to bind to one, it errors out with “no such interface”. What I mean by this is that with respect to how UniFi manages my network, the music vlan is tagged with 50. I think what you’re saying is that if eth1 is physically connected to a UniFi switch port configured for the music vlan, then somehow the interface id would be eth1@50. From the perspective of the NAS, that doesn’t seem to be a thing.
Anyhow, you’ve given me some really helpful info and I’ll try to play with it further this weekend including exploring whether or not there’s something going on at the firewall. Thank you for time and help!
Well, you don’t want to run udp-proxy-2020 on the Synology. You have to run it on the router.
I mean, maybe you can just run Roon on your Synology if it is connected to both networks, but you wouldn’t use udp-proxy-2020 for that.
Just think of my Synology as a multi-homed Linux box. That’s how I’m using it. It’s connected to both networks as you say. There’s more to it than that, but that’s the foundation.
Before I jump in : Thank you, @Aaron_Turner for developing and sharing your software and for supporting it here. Very, very appreciated!!
Here we go.
I think I figured out how to do it. When Docker is on a multi-homed machine, specifying “host” network can end up on any of the available physical networks. I won’t go into what behavior this led to other than to say that it was inconsistent and hard to understand/debug. Firewall “Allow established/related” rule(s) add to debugging challenges.
I didn’t have a Docker macvlan setup for my “main” network because I hadn’t had a need for one. The solution was to:
- Set up a macvlan for the main network
- In udp-proxy-2020 compose, specify both the music and main networks as external
- Assign static ip addresses on both networks
So…to anyone looking at this in the future, you need to do what I described above but you also need to make sure that the command to launch upd-proxy-2020 specifies your underlying ethernet interfaces. The easiest path to figuring this out is to ssh into your Synology and run “ip a”.
This is my compose. Yours will vary 
version: '3.7'
services:
udp-proxy:
environment:
- TZ=America/Los_Angeles
image: synfinatic/udp-proxy-2020
container_name: udp-proxy-2020
restart: unless-stopped
networks:
macvlan_roon:
ipv4_address: 192.168.50.49
macvlan_main:
ipv4_address: 192.168.20.48
command: udp-proxy-2020 --port 9003 --interface eth0,eth1 --cache-ttl 300
networks:
macvlan_roon:
external: true
macvlan_main:
external: true
1 Like
Fast forward a month, got my head a little more wrapped around this challenge.
It’s not about adding the Roon Server to the Roon app across the VPN, I can do that. It’s about Roon finding Roon Ready endpoints across the VPN. At least in my case.
I presume that is where udp-proxy-2020 steps in, however it seems that for most people it’s about a phone connecting back to the server via VPN. In my case, I have 3 locations connected by wireguard/pfsense. Potentially installing udp-proxy-2020 on the 3 firewalls and pointing to the correct interfaces “may” allow Roon Server to see the Endpoints across the VPN, but nobody has been successfully gotten that working?
I tried Site-to-Site VPN
So I acquired a free mini-PC and had a USB ethernet adapter laying around. Hardly “professional” or anything reliable (pfSense specifically says to not use USB ethernet adapters), but I figured it would be enough for basic testing. I then installed pfSense on it and followed the following documentation to create a Site to Site VPN: pfSense® software Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example | pfSense Documentation
After carefully following those directions, I verified I had LAN traffic from my existing pfSense firewall going over the Wireguard tunnel to the new pfSense firewall “remote” LAN. I made sure to allow all traffic across the tunnel. I also verified had access to the internet (this did not go over the VPN tunnel, but instead ended up being double-NAT’d through both firewalls).
I then installed udp-proxy-2020 on the new “remote” firewall per the documentation:
The contents of my /usr/local/etc/udp-proxy-2020.conf file on the new “remote” firewall:
udp_vars="--port 9003 --interface ue0,tun_wg0 --logfile /var/log/udp-proxy-2020.log
Where ue0 is my LAN port and tun_wg0 is the Wireguard tunnel interface.
On my original firewall, I added tun_wg3 (the new Wireguard tunnel interface) to the list of --interfaces and started/restarted udp-proxy-2020 on the two firewalls.
I then connected a laptop to the LAN of the new “remote” firewall and started the Roon Client.
drum roll please…
And it worked perfectly. I can play music (local storage and Qobuz) on my laptop at the “remote site” and even control audio zones in the “local” home network where my Roon Core is. I will say finding the audio zone on the laptop in the “remote site” takes a few seconds, but it does find it and seems stable in the little amount of testing I’ve done so far.
I will caveat that I’ve not done a lot of testing and of course, I’m testing using equipment that is completely in my home- no traffic is going over the Internet (other than streaming Qobuz or any API calls that my Roon Core normally does to the Roon servers on the Internet). Traffic going over the Internet may experience more issues.
What does this mean?
Basically, site-to-site VPN’s work can work just fine with udp-proxy-2020 and Roon if you follow the the pfSense and udp-proxy-2020 directions. You absolutely have to install/run udp-proxy-2020 on BOTH firewalls and configure it to use the LAN and VPN network interfaces. You also have to make sure network traffic flows correctly across the VPN.
What if I don’t use pfSense??
Well then you’ll have to adapt the above directions as appropriate for your platform. Sorry, I can’t test everything, nor do I know enough about other solutions to provide advice. The key things are making sure to route the correct traffic over the VPN tunnel and ensure both your firewall rules and Wireguard
Why do most people fail???
My guess is they are not configuring Wireguard correctly. The key thing is in the Peer Connection settings: pfSense® software Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example | pfSense Documentation
You MUST specify both the remote network AND the VPN tunnel network in the Allowed IPs list. If you forget the VPN tunnel network then Roon discovery will not work correctly.
You also need to allow both the local and remote side of the network initiate connections to the other side, but I assume most people do that already?
Will OpenVPN, IPSec, Tailscale, ZeroTier, etc work too??
I haven’t tried them and can’t say specifically, other than to say that Tailscale will definitely not work. Now that I’ve proven Wireguard works I probably won’t bother testing others since OpenVPN is less secure/performant, IPSec is a huge PITA and pfSense doesn’t support ZeroTier.
Does this mean I can ask you questions about my Site-to-Site VPN now?
I can’t stop you, but honestly I’m not really interested in providing technical support for people’s random network setups- it’s just way too much work and I’m too busy with work and other hobbies. The pfSense documentation I linked to is very good and if you’re running pfSense it should be pretty straight forward. Of course if you’re using something else… well, hopefully you can find an expert with that system/platform who can assist. Good luck!
2 Likes
Gotta go to the office because “reasons”. Doesn’t mean I can’t take Roon with me though!
Got myself a RasPi running Roon Web Controller + Roon Bridge → Schiit stack. Connects to the work guest wifi, builds a Wireguard VPN tunnel to home and now I got tunes!
1 Like
Aaron, you are a star!
1 Like
Hello all, i’m looking for the best way to connect to Roon Remote while on the go, on my IPhone.
This all started when I realized Roon Arc sounds worse than streaming from Roon Remote on wifi, and I narrowed it down to MUSE vs RAAT. I hope one day i’ll somehow be able to use RAAT on the go without jumping thru hoops, but until then i’ve been getting into VPNs to do just this.
I’ve been using NordVPN’s Meshnet on my Roon Core PC for the past 2 days, Nord VPN on IOS and it works, kind of. I have to enable the “route traffic” feature on my phone, and when i do this, it breaks 5G internet for my entire phone, except for the Roon Remote app. Not even GPS works. Songs also skip/don’t load about 40% of the time, and this is with my Roon Core on ethernet to fiber thru ATT, 1 gbps down and 300 up.
Should I get a router with a built in VPN? Is there a better VPN than Meshnet that will allow me to access the Roon Remote app and my phones 5G connection simultaneously? Thanks in advance.
My personal hot take: pretty much all VPN’s are better than NordVPN meshnet.
Anyways, since this is the udp-proxy-2020 thread I’ll say that people have had a lot of success with both Wireguard and OpenVPN. Neither (in conjunction with udp-proxy-2020) requires sending all network traffic over the VPN and will not break your other phone applications.
There are plenty of firewalls out there which support one or both. A lot of people have gotten various Ubiquiti firewalls to work, but I’ve no personal experience with any recent models so I can’t really provide a recommendation. I personally use pfSense (software is free) + a cheap PC with two network cards.
I recommend reading docs on how to install on various devices to understand more and of course reading the comments in this thread.
@Aaron_Turner I am really glad someone built what you have built.
It took me a while to work out what to do, so in case I’ve got it wrong can you check something before I post some logs related to things not working?
I have a Ubiquiti UDR and after reading everything I couldn’t see an immediately need for UDM utilities (later maybe for running on start-up). So I just ran apt on the local deb file for udp-proxy-2020 and it installed fine. It appears to run fine from command line, but now I’m trying to get Roon to work via Wireguard and OpenVPN (not site-to-site) I’m getting errors.
Is what I have done fine or should I have spun up a nspawn-container set-up?
If it’s all good I’ll post my errors, which it would be amazing if you had time to review. If not I’ll reinstall the correct way if you could advise.
I can take a look
Thank you. Let me make sure it’s a consistent and repeatable error and that I’ve ruled out anything silly I’ve done and they I’ll post my errors.
Okay, I have run two tests with the same result, which I would really appreciate your opinion. Thanks for being available to help.
- I close Roon
- I connect via VPN
- SSH to UDR and start udp-proxy-2020 (exact command line in the shell output below)
- Open Roon
- udp-proxy-2020 crashes with output shown
First, we have a GL iNet Beryl AX travel router using Wireguard (I also have OpenVPN, which I can show the same if needed). Second I have a MacBook Pro M3 using the Wireguard client directly.
eth2 is the UDR port Roon ROCK is running on
tun1 is OpenVPN
wgsrv1 is Wireguard
br0 is added because I believe it’s required, but don’t actually know what interface it is.
Here is the test connecting through the GL iNet device as a VPN proxy.
# udp-proxy-2020 --port 9003 --interface eth2,br0,tun1,wgsrv1 --level debug
DEBUG eth2: ifIndex: 11
DEBUG eth2 network: ip+net string: fe80::9e05:d6ff:fe3a:c3b5/64
DEBUG Listen: (main.Listen) {
iname: (string) (len=4) "eth2",
netif: (*net.Interface)(0x40001699c0)({
Index: (int) 11,
MTU: (int) 1500,
Name: (string) (len=4) "eth2",
HardwareAddr: (net.HardwareAddr) (len=6 cap=60072) 9c:05:d6:3a:c3:b5,
Flags: (net.Flags) up|broadcast|multicast
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) "",
promisc: (bool) false,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x40000b07e0,
clients: (map[string]time.Time) {
}
}
DEBUG br0: ifIndex: 42
DEBUG br0 network: ip+net string: 192.168.1.1/24
DEBUG br0 network: ip+net string: fe80::247a:6fff:fe9a:a9e0/64
DEBUG Listen: (main.Listen) {
iname: (string) (len=3) "br0",
netif: (*net.Interface)(0x4000259240)({
Index: (int) 42,
MTU: (int) 1500,
Name: (string) (len=3) "br0",
HardwareAddr: (net.HardwareAddr) (len=6 cap=19112) 9c:05:d6:3a:c3:b3,
Flags: (net.Flags) up|broadcast|multicast
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) (len=13) "192.168.1.255",
promisc: (bool) false,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x40000b08a0,
clients: (map[string]time.Time) {
}
}
DEBUG tun1: ifIndex: 45
DEBUG Listen: (main.Listen) {
iname: (string) (len=4) "tun1",
netif: (*net.Interface)(0x40002b8b00)({
Index: (int) 45,
MTU: (int) 1500,
Name: (string) (len=4) "tun1",
HardwareAddr: (net.HardwareAddr) ,
Flags: (net.Flags) up|pointtopoint|multicast
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) "",
promisc: (bool) true,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x40000b0960,
clients: (map[string]time.Time) {
}
}
DEBUG wgsrv1: ifIndex: 44
DEBUG Listen: (main.Listen) {
iname: (string) (len=6) "wgsrv1",
netif: (*net.Interface)(0x4000328300)({
Index: (int) 44,
MTU: (int) 1420,
Name: (string) (len=6) "wgsrv1",
HardwareAddr: (net.HardwareAddr) ,
Flags: (net.Flags) up|pointtopoint
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) "",
promisc: (bool) true,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x40000b0a20,
clients: (map[string]time.Time) {
}
}
DEBUG eth2: applying BPF Filter: udp port 9003
DEBUG Opened pcap handle on eth2
DEBUG br0: applying BPF Filter: (udp port 9003) and (src net 192.168.1.0/24)
DEBUG Opened pcap handle on br0
DEBUG tun1: applying BPF Filter: (udp port 9003) and (src net 192.168.2.0/24)
DEBUG Opened pcap handle on tun1
DEBUG wgsrv1: applying BPF Filter: (udp port 9003) and (src net 192.168.4.0/24)
DEBUG Opened pcap handle on wgsrv1
DEBUG Initialization complete!
DEBUG handlePackets(tun1) ticker
DEBUG handlePackets(eth2) ticker
DEBUG handlePackets(br0) ticker
DEBUG handlePackets(wgsrv1) ticker
DEBUG handlePackets(wgsrv1) ticker
DEBUG handlePackets(br0) ticker
DEBUG handlePackets(eth2) ticker
DEBUG handlePackets(tun1) ticker
DEBUG handlePackets(br0) ticker
DEBUG handlePackets(wgsrv1) ticker
DEBUG handlePackets(eth2) ticker
DEBUG handlePackets(tun1) ticker
DEBUG br0: received packet and fowarding onto other interfaces
DEBUG tun1: sending out because we're not br0
DEBUG wgsrv1: sending out because we're not br0
DEBUG eth2: sending out because we're not br0
DEBUG br0: received packet and fowarding onto other interfaces
DEBUG processing packet from br0 on wgsrv1
DEBUG processing packet from br0 on eth2
DEBUG wgsrv1: sending out because we're not br0
DEBUG eth2: sending out because we're not br0
DEBUG tun1: sending out because we're not br0
FATAL can't serialize IP header: (layers.IPv4) {
BaseLayer: (layers.BaseLayer) {
Contents: ([]uint8) <nil>,
Payload: ([]uint8) <nil>
},
Version: (uint8) 4,
IHL: (uint8) 5,
TOS: (uint8) 0,
Length: (uint16) 126,
Id: (uint16) 59482,
Flags: (layers.IPv4Flag) DF,
FragOffset: (uint16) 0,
TTL: (uint8) 2,
Protocol: (layers.IPProtocol) UDP,
Checksum: (uint16) 0,
SrcIP: (net.IP) (len=4 cap=114) 192.168.1.40,
DstIP: (net.IP) <nil>,
Options: ([]layers.IPv4Option) <nil>,
Padding: ([]uint8) <nil>
}
MacBook Pro M3 using Wireguard client direct
# udp-proxy-2020 --port 9003 --interface eth2,br0,tun1,wgsrv1 --level debug
DEBUG eth2: ifIndex: 11
DEBUG eth2 network: ip+net string: fe80::9e05:d6ff:fe3a:c3b5/64
DEBUG Listen: (main.Listen) {
iname: (string) (len=4) "eth2",
netif: (*net.Interface)(0x40001699c0)({
Index: (int) 11,
MTU: (int) 1500,
Name: (string) (len=4) "eth2",
HardwareAddr: (net.HardwareAddr) (len=6 cap=60072) 9c:05:d6:3a:c3:b5,
Flags: (net.Flags) up|broadcast|multicast
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) "",
promisc: (bool) false,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x40000807e0,
clients: (map[string]time.Time) {
}
}
DEBUG br0: ifIndex: 42
DEBUG br0 network: ip+net string: 192.168.1.1/24
DEBUG br0 network: ip+net string: fe80::247a:6fff:fe9a:a9e0/64
DEBUG Listen: (main.Listen) {
iname: (string) (len=3) "br0",
netif: (*net.Interface)(0x4000257240)({
Index: (int) 42,
MTU: (int) 1500,
Name: (string) (len=3) "br0",
HardwareAddr: (net.HardwareAddr) (len=6 cap=19112) 9c:05:d6:3a:c3:b3,
Flags: (net.Flags) up|broadcast|multicast
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) (len=13) "192.168.1.255",
promisc: (bool) false,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x40000808a0,
clients: (map[string]time.Time) {
}
}
DEBUG tun1: ifIndex: 45
DEBUG Listen: (main.Listen) {
iname: (string) (len=4) "tun1",
netif: (*net.Interface)(0x40002b8b00)({
Index: (int) 45,
MTU: (int) 1500,
Name: (string) (len=4) "tun1",
HardwareAddr: (net.HardwareAddr) ,
Flags: (net.Flags) up|pointtopoint|multicast
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) "",
promisc: (bool) true,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x4000080960,
clients: (map[string]time.Time) {
}
}
DEBUG wgsrv1: ifIndex: 44
DEBUG Listen: (main.Listen) {
iname: (string) (len=6) "wgsrv1",
netif: (*net.Interface)(0x4000328300)({
Index: (int) 44,
MTU: (int) 1420,
Name: (string) (len=6) "wgsrv1",
HardwareAddr: (net.HardwareAddr) ,
Flags: (net.Flags) up|pointtopoint
}),
ports: ([]int32) (len=1 cap=1) {
(int32) 9003
},
ipaddr: (string) "",
promisc: (bool) true,
handle: (*pcap.Handle)(<nil>),
writer: (*pcapgo.Writer)(<nil>),
inwriter: (*pcapgo.Writer)(<nil>),
outwriter: (*pcapgo.Writer)(<nil>),
timeout: (time.Duration) 250ms,
clientTTL: (time.Duration) 0s,
sendpkt: (chan main.Send) (cap=100) 0x4000080a20,
clients: (map[string]time.Time) {
}
}
DEBUG eth2: applying BPF Filter: udp port 9003
DEBUG Opened pcap handle on eth2
DEBUG br0: applying BPF Filter: (udp port 9003) and (src net 192.168.1.0/24)
DEBUG Opened pcap handle on br0
DEBUG tun1: applying BPF Filter: (udp port 9003) and (src net 192.168.2.0/24)
DEBUG Opened pcap handle on tun1
DEBUG wgsrv1: applying BPF Filter: (udp port 9003) and (src net 192.168.4.0/24)
DEBUG Opened pcap handle on wgsrv1
DEBUG Initialization complete!
DEBUG handlePackets(eth2) ticker
DEBUG handlePackets(br0) ticker
DEBUG handlePackets(wgsrv1) ticker
DEBUG handlePackets(tun1) ticker
DEBUG handlePackets(wgsrv1) ticker
DEBUG handlePackets(br0) ticker
DEBUG handlePackets(eth2) ticker
DEBUG handlePackets(tun1) ticker
DEBUG wgsrv1: Learned client IP: 192.168.4.3
DEBUG wgsrv1: received packet and fowarding onto other interfaces
DEBUG eth2: sending out because we're not wgsrv1
DEBUG br0: sending out because we're not wgsrv1
DEBUG tun1: sending out because we're not wgsrv1
DEBUG processing packet from wgsrv1 on eth2
FATAL can't serialize IP header: (layers.IPv4) {
BaseLayer: (layers.BaseLayer) {
Contents: ([]uint8) <nil>,
Payload: ([]uint8) <nil>
},
Version: (uint8) 4,
IHL: (uint8) 5,
TOS: (uint8) 0,
Length: (uint16) 126,
Id: (uint16) 14434,
Flags: (layers.IPv4Flag) ,
FragOffset: (uint16) 0,
TTL: (uint8) 2,
Protocol: (layers.IPProtocol) UDP,
Checksum: (uint16) 0,
SrcIP: (net.IP) (len=4 cap=114) 192.168.4.3,
DstIP: (net.IP) <nil>,
Options: ([]layers.IPv4Option) <nil>,
Padding: ([]uint8) <nil>
}
what is the output of ifconfig on your UDR?
Here you are, I’ve hidden my real IP, but otherwise everything is as it came out of SSH
# ifconfig -a
apcli0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9a:05:d6:3a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
apclii0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9a:05:d6:3a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::247a:6fff:fe9a:a9e0 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b3 txqueuelen 1000 (Ethernet)
RX packets 68552034 bytes 60166013226 (56.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 61014595 bytes 59953417737 (55.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
deprecated: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether ea:f8:3f:b5:19:c4 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
dummy0: flags=130<BROADCAST,NOARP> mtu 1500
ether 4a:8c:aa:8d:a2:b1 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b3 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b3 txqueuelen 1000 (Ethernet)
RX packets 62145 bytes 43594471 (41.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 70232 bytes 52917939 (50.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b4 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b4 txqueuelen 1000 (Ethernet)
RX packets 14104 bytes 4047031 (3.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1603181 bytes 365227089 (348.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b5 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b5 txqueuelen 1000 (Ethernet)
RX packets 16913467 bytes 17454970978 (16.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13862778 bytes 8516165726 (7.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b6 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b6 txqueuelen 1000 (Ethernet)
RX packets 23008620 bytes 26188609624 (24.3 GiB)
RX errors 0 dropped 7550 overruns 0 frame 0
TX packets 27846158 bytes 26784860799 (24.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet <REAL_IP> netmask 255.255.255.0 broadcast 0.0.0.0
inet6 <REAL_IP> prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b7 txqueuelen 1000 (Ethernet)
RX packets 65698734 bytes 64645104102 (60.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48487850 bytes 55355463275 (51.5 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
gre0: flags=128<NOARP> mtu 1476
unspec 00-00-00-00-30-35-3A-64-00-00-00-00-00-00-00-00 txqueuelen 1 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
gretap0: flags=4098<BROADCAST,MULTICAST> mtu 1462
ether 00:00:00:00:00:00 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
honeypot0: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet 192.168.1.3 netmask 255.255.255.255 broadcast 192.168.1.3
inet6 fe80::b016:92ff:feb0:dbe3 prefixlen 64 scopeid 0x20<link>
ether b2:16:92:b0:db:e3 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 43120 bytes 1983536 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifb0: flags=130<BROADCAST,NOARP> mtu 1500
ether 5e:d3:86:26:e4:34 txqueuelen 32 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifb1: flags=130<BROADCAST,NOARP> mtu 1500
ether 06:eb:e6:49:b5:00 txqueuelen 32 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ip6tnl0: flags=128<NOARP> mtu 1452
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ip_vti0: flags=128<NOARP> mtu 1480
tunnel txqueuelen 1 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 6440628 bytes 9876206018 (9.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6440628 bytes 9876206018 (9.1 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
nic0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether ea:f8:3f:b5:19:c4 txqueuelen 1000 (Ethernet)
RX packets 105707251 bytes 110271925994 (102.6 GiB)
RX errors 86 dropped 0 overruns 0 frame 0
TX packets 95126683 bytes 92056882471 (85.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 251
ppd: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether ea:f8:3f:b5:19:c4 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ra0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b8 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 3338517 bytes 314451641 (299.8 MiB)
RX errors 2782751 dropped 0 overruns 0 frame 0
TX packets 232135 bytes 177739921 (169.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 247
ra1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9c05:d6ff:fe1a:c3b8 prefixlen 64 scopeid 0x20<link>
ether 9e:05:d6:1a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ra2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 9e:05:d6:2a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ra3: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:3a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ra4: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:4a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ra5: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:5a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ra6: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:6a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ra7: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:7a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rai0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b9 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 6641832 bytes 1866365689 (1.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8378378 bytes 5215136748 (4.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 4
rai1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9c05:d6ff:fe1a:c3b9 prefixlen 64 scopeid 0x20<link>
ether 9e:05:d6:1a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rai2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 9e:05:d6:2a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 39066 bytes 1016676 (992.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 41949298 bytes 32730501847 (30.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rai3: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:3a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rai4: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:4a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rai5: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:5a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rai6: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:6a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rai7: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9e:05:d6:7a:c3:b9 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
sit0: flags=128<NOARP> mtu 1480
sit txqueuelen 1 (IPv6-in-IPv4)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
switch0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b3 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b3 txqueuelen 1000 (Ethernet)
RX packets 39994649 bytes 43541985427 (40.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40166899 bytes 34423343029 (32.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
switch0.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::9e05:d6ff:fe3a:c3b3 prefixlen 64 scopeid 0x20<link>
ether 9c:05:d6:3a:c3:b3 txqueuelen 1000 (Ethernet)
RX packets 39994567 bytes 43541974834 (40.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40166892 bytes 34985678877 (32.5 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 destination 192.168.2.1
inet6 fe80::f196:a2eb:95a4:d888 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 909874 bytes 331883061 (316.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2999603 bytes 3210229396 (2.9 GiB)
TX errors 0 dropped 4630 overruns 0 carrier 0 collisions 0
wds0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9c:05:d6:3a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wds1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9c:05:d6:3a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wds2: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9c:05:d6:3a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wds3: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 9c:05:d6:3a:c3:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wgsrv1: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 192.168.4.1 netmask 255.255.255.0 destination 192.168.4.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1 (UNSPEC)
RX packets 65505 bytes 11270836 (10.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 678386 bytes 905895792 (863.9 MiB)
TX errors 2060 dropped 586 overruns 0 carrier 0 collisions 0