Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blocks Parsec STUN with zero logging #1246

Open
dontcrash opened this issue Dec 27, 2024 · 6 comments
Open

Blocks Parsec STUN with zero logging #1246

dontcrash opened this issue Dec 27, 2024 · 6 comments

Comments

@dontcrash
Copy link

dontcrash commented Dec 27, 2024

When attempting to use Parsec (parsecd) I am unable to connect to any hosts and get the following error message:
image

Checking the event log, all traffic has been allowed:
image

I have verified it is OpenSnitch causing this, if I pause OpenSnitch, Parsec works normally
image

I have tried modifying the inbound rule to allow connections:
image

I am already allowing est and rel in system rules:
image

  • OpenSnitch version 1.6.6
  • OS: ArchLinux
  • Version 6.12.6-arch1-1
  • Window Manager: KDE
  • Kernel version: Linux arch 6.12.6-arch1-1 #​1 SMP PREEMPT_DYNAMIC Thu, 19 Dec 2024 21:29:01 +0000 x86_64 GNU/Linux
@dontcrash
Copy link
Author

dontcrash commented Dec 27, 2024

While trying to connect (unsuccessfully):

$ sudo lsof -i -P -n | grep parsecd
parsecd   293011 nick   4u  IPv4 1303460      0t0  UDP 127.0.0.1:5309 
parsecd   293011 nick   7u  IPv4 1410866      0t0  TCP 172.16.2.20:33352->104.18.1.181:443 (ESTABLISHED)
parsecd   293011 nick  11u  IPv6 1410876      0t0  UDP *:30437 
$ sudo tcpdump -nn host 104.18.0.181
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:58:03.175808 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [S], seq 1647410070, win 62720, options [mss 8960,sackOK,TS val 890501315 ecr 0,nop,wscale 7], length 0
16:58:03.178139 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [S.], seq 3419986938, ack 1647410071, win 65535, options [mss 1400,sackOK,TS val 3051760625 ecr 890501315,nop,wscale 13], length 0
16:58:03.178155 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [.], ack 1, win 490, options [nop,nop,TS val 890501325 ecr 3051760625], length 0
16:58:03.178450 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [P.], seq 1:518, ack 1, win 490, options [nop,nop,TS val 890501325 ecr 3051760625], length 517
16:58:03.181186 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [.], ack 518, win 9, options [nop,nop,TS val 3051760628 ecr 890501325], length 0
16:58:03.182896 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [.], seq 1:1449, ack 518, win 9, options [nop,nop,TS val 3051760629 ecr 890501325], length 1448
16:58:03.182904 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [.], ack 1449, win 582, options [nop,nop,TS val 890501330 ecr 3051760629], length 0
16:58:03.183036 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [P.], seq 1449:2853, ack 518, win 9, options [nop,nop,TS val 3051760629 ecr 890501325], length 1404
16:58:03.183042 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [.], ack 2853, win 660, options [nop,nop,TS val 890501330 ecr 3051760629], length 0
16:58:03.184212 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [P.], seq 518:598, ack 2853, win 660, options [nop,nop,TS val 890501331 ecr 3051760629], length 80
16:58:03.184286 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [P.], seq 598:916, ack 2853, win 660, options [nop,nop,TS val 890501331 ecr 3051760629], length 318
16:58:03.186354 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [.], ack 916, win 9, options [nop,nop,TS val 3051760633 ecr 890501331], length 0
16:58:03.186385 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [P.], seq 2853:3406, ack 916, win 9, options [nop,nop,TS val 3051760633 ecr 890501331], length 553
16:58:03.186458 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [P.], seq 916:947, ack 3406, win 674, options [nop,nop,TS val 890501333 ecr 3051760633], length 31
16:58:03.228752 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [.], ack 947, win 9, options [nop,nop,TS val 3051760676 ecr 890501333], length 0
16:58:03.531956 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [P.], seq 3406:3736, ack 947, win 9, options [nop,nop,TS val 3051760979 ecr 890501333], length 330
16:58:03.531988 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [P.], seq 3736:4072, ack 947, win 9, options [nop,nop,TS val 3051760979 ecr 890501333], length 336
16:58:03.532013 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [P.], seq 4072:4103, ack 947, win 9, options [nop,nop,TS val 3051760979 ecr 890501333], length 31
16:58:03.532050 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [.], ack 4103, win 674, options [nop,nop,TS val 890501679 ecr 3051760979], length 0
16:58:03.532081 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [P.], seq 947:995, ack 4103, win 674, options [nop,nop,TS val 890501679 ecr 3051760979], length 48
16:58:03.532097 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [P.], seq 995:1019, ack 4103, win 674, options [nop,nop,TS val 890501679 ecr 3051760979], length 24
16:58:03.532145 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [F.], seq 1019, ack 4103, win 674, options [nop,nop,TS val 890501679 ecr 3051760979], length 0
16:58:03.534243 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [.], ack 995, win 9, options [nop,nop,TS val 3051760981 ecr 890501679], length 0
16:58:03.534272 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [.], ack 1019, win 9, options [nop,nop,TS val 3051760981 ecr 890501679], length 0
16:58:03.534664 IP 104.18.0.181.443 > 172.16.2.20.39242: Flags [F.], seq 4103, ack 1020, win 9, options [nop,nop,TS val 3051760981 ecr 890501679], length 0
16:58:03.534670 IP 172.16.2.20.39242 > 104.18.0.181.443: Flags [.], ack 4104, win 674, options [nop,nop,TS val 890501682 ecr 3051760981], length 0
16:58:12.913362 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [S], seq 506025666, win 62720, options [mss 8960,sackOK,TS val 890511053 ecr 0,nop,wscale 7], length 0
16:58:12.915203 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [S.], seq 635943723, ack 506025667, win 65535, options [mss 1400,sackOK,TS val 769363270 ecr 890511053,nop,wscale 13], length 0
16:58:12.915219 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [.], ack 1, win 490, options [nop,nop,TS val 890511062 ecr 769363270], length 0
16:58:12.915467 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [P.], seq 1:518, ack 1, win 490, options [nop,nop,TS val 890511062 ecr 769363270], length 517
16:58:12.918141 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [.], ack 518, win 9, options [nop,nop,TS val 769363273 ecr 890511062], length 0
16:58:12.919841 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [.], seq 1:1449, ack 518, win 9, options [nop,nop,TS val 769363275 ecr 890511062], length 1448
16:58:12.919850 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [.], ack 1449, win 582, options [nop,nop,TS val 890511067 ecr 769363275], length 0
16:58:12.920028 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [P.], seq 1449:2853, ack 518, win 9, options [nop,nop,TS val 769363275 ecr 890511062], length 1404
16:58:12.920037 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [.], ack 2853, win 670, options [nop,nop,TS val 890511067 ecr 769363275], length 0
16:58:12.920832 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [P.], seq 518:598, ack 2853, win 670, options [nop,nop,TS val 890511068 ecr 769363275], length 80
16:58:12.920909 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [P.], seq 598:1336, ack 2853, win 670, options [nop,nop,TS val 890511068 ecr 769363275], length 738
16:58:12.923142 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [.], ack 1336, win 9, options [nop,nop,TS val 769363278 ecr 890511068], length 0
16:58:12.923260 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [P.], seq 2853:3406, ack 1336, win 9, options [nop,nop,TS val 769363279 ecr 890511068], length 553
16:58:12.923317 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [P.], seq 1336:1367, ack 3406, win 674, options [nop,nop,TS val 890511070 ecr 769363279], length 31
16:58:12.966197 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [.], ack 1367, win 9, options [nop,nop,TS val 769363322 ecr 890511070], length 0
16:58:13.241905 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [P.], seq 3406:3709, ack 1367, win 9, options [nop,nop,TS val 769363597 ecr 890511070], length 303
16:58:13.241973 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [P.], seq 1367:1415, ack 3709, win 674, options [nop,nop,TS val 890511389 ecr 769363597], length 48
16:58:13.241986 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [P.], seq 1415:1439, ack 3709, win 674, options [nop,nop,TS val 890511389 ecr 769363597], length 24
16:58:13.242032 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [F.], seq 1439, ack 3709, win 674, options [nop,nop,TS val 890511389 ecr 769363597], length 0
16:58:13.244140 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [.], ack 1415, win 9, options [nop,nop,TS val 769363599 ecr 890511389], length 0
16:58:13.244170 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [.], ack 1439, win 9, options [nop,nop,TS val 769363599 ecr 890511389], length 0
16:58:13.244613 IP 104.18.0.181.443 > 172.16.2.20.34926: Flags [F.], seq 3709, ack 1440, win 9, options [nop,nop,TS val 769363600 ecr 890511389], length 0
16:58:13.244621 IP 172.16.2.20.34926 > 104.18.0.181.443: Flags [.], ack 3710, win 674, options [nop,nop,TS val 890511392 ecr 769363600], length 0

 
 
While trying to connect (successfully):

$ sudo lsof -i -P -n | grep parsecd
parsecd   293011 nick   4u  IPv4 1303460      0t0  UDP 127.0.0.1:5309 
parsecd   293011 nick   6u  IPv4 1465354      0t0  TCP 172.16.2.20:42544->104.18.1.181:443 (ESTABLISHED)
parsecd   293011 nick  11u  IPv6 1465355      0t0  UDP *:30437
$ sudo tcpdump -nn host 104.18.1.181
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:00:46.070469 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [S], seq 1475933013, win 62720, options [mss 8960,sackOK,TS val 984049641 ecr 0,nop,wscale 7], length 0
17:00:46.072496 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [S.], seq 2095764059, ack 1475933014, win 65535, options [mss 1400,sackOK,TS val 1242443912 ecr 984049641,nop,wscale 13], length 0
17:00:46.072516 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [.], ack 1, win 490, options [nop,nop,TS val 984049643 ecr 1242443912], length 0
17:00:46.072748 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [P.], seq 1:518, ack 1, win 490, options [nop,nop,TS val 984049644 ecr 1242443912], length 517
17:00:46.075498 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [.], ack 518, win 9, options [nop,nop,TS val 1242443915 ecr 984049644], length 0
17:00:46.078153 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [.], seq 1:1449, ack 518, win 9, options [nop,nop,TS val 1242443917 ecr 984049644], length 1448
17:00:46.078163 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [.], ack 1449, win 582, options [nop,nop,TS val 984049649 ecr 1242443917], length 0
17:00:46.078194 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [P.], seq 1449:2842, ack 518, win 9, options [nop,nop,TS val 1242443917 ecr 984049644], length 1393
17:00:46.078199 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [.], ack 2842, win 605, options [nop,nop,TS val 984049649 ecr 1242443917], length 0
17:00:46.079034 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [P.], seq 518:598, ack 2842, win 605, options [nop,nop,TS val 984049650 ecr 1242443917], length 80
17:00:46.079083 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [P.], seq 598:909, ack 2842, win 605, options [nop,nop,TS val 984049650 ecr 1242443917], length 311
17:00:46.080602 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [.], ack 909, win 9, options [nop,nop,TS val 1242443920 ecr 984049650], length 0
17:00:46.899031 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [P.], seq 2842:3852, ack 909, win 9, options [nop,nop,TS val 1242444738 ecr 984049650], length 1010
17:00:46.899215 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [P.], seq 909:1643, ack 3852, win 628, options [nop,nop,TS val 984050470 ecr 1242444738], length 734
17:00:46.942905 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [.], ack 1643, win 9, options [nop,nop,TS val 1242444783 ecr 984050470], length 0
17:00:47.695990 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [P.], seq 3852:4619, ack 1643, win 9, options [nop,nop,TS val 1242445536 ecr 984050470], length 767
17:00:47.737453 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [.], ack 4619, win 650, options [nop,nop,TS val 984051308 ecr 1242445536], length 0
17:00:47.776342 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [P.], seq 1643:1986, ack 4619, win 650, options [nop,nop,TS val 984051347 ecr 1242445536], length 343
17:00:47.778444 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [.], ack 1986, win 9, options [nop,nop,TS val 1242445618 ecr 984051347], length 0
17:00:47.808037 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [P.], seq 4619:5002, ack 1986, win 9, options [nop,nop,TS val 1242445648 ecr 984051347], length 383
17:00:47.808046 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [.], ack 5002, win 673, options [nop,nop,TS val 984051379 ecr 1242445648], length 0
17:00:48.022965 IP 104.18.1.181.443 > 172.16.2.20.38834: Flags [P.], seq 5002:5394, ack 1986, win 9, options [nop,nop,TS val 1242445863 ecr 984051379], length 392
17:00:48.022982 IP 172.16.2.20.38834 > 104.18.1.181.443: Flags [.], ack 5394, win 674, options [nop,nop,TS val 984051594 ecr 1242445863], length 0
17:00:56.193833 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [S], seq 2351270205, win 62720, options [mss 8960,sackOK,TS val 984059765 ecr 0,nop,wscale 7], length 0
17:00:56.195500 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [S.], seq 1387859587, ack 2351270206, win 65535, options [mss 1400,sackOK,TS val 1615876545 ecr 984059765,nop,wscale 13], length 0
17:00:56.195515 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [.], ack 1, win 490, options [nop,nop,TS val 984059767 ecr 1615876545], length 0
17:00:56.195805 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [P.], seq 1:518, ack 1, win 490, options [nop,nop,TS val 984059767 ecr 1615876545], length 517
17:00:56.198461 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [.], ack 518, win 9, options [nop,nop,TS val 1615876548 ecr 984059767], length 0
17:00:56.200404 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [.], seq 1:1449, ack 518, win 9, options [nop,nop,TS val 1615876549 ecr 984059767], length 1448
17:00:56.200409 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [.], ack 1449, win 582, options [nop,nop,TS val 984059771 ecr 1615876549], length 0
17:00:56.200550 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [P.], seq 1449:2854, ack 518, win 9, options [nop,nop,TS val 1615876549 ecr 984059767], length 1405
17:00:56.200554 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [.], ack 2854, win 660, options [nop,nop,TS val 984059772 ecr 1615876549], length 0
17:00:56.201336 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [P.], seq 518:598, ack 2854, win 660, options [nop,nop,TS val 984059772 ecr 1615876549], length 80
17:00:56.201416 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [P.], seq 598:959, ack 2854, win 660, options [nop,nop,TS val 984059772 ecr 1615876549], length 361
17:00:56.203495 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [.], ack 959, win 9, options [nop,nop,TS val 1615876553 ecr 984059772], length 0
17:00:56.203538 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [P.], seq 2854:3407, ack 959, win 9, options [nop,nop,TS val 1615876553 ecr 984059772], length 553
17:00:56.203602 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [P.], seq 959:990, ack 3407, win 674, options [nop,nop,TS val 984059775 ecr 1615876553], length 31
17:00:56.246198 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [.], ack 990, win 9, options [nop,nop,TS val 1615876596 ecr 984059775], length 0
17:00:56.339562 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [S], seq 3243159426, win 62720, options [mss 8960,sackOK,TS val 984059911 ecr 0,nop,wscale 7], length 0
17:00:56.341517 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [S.], seq 1056515563, ack 3243159427, win 65535, options [mss 1400,sackOK,TS val 2438372003 ecr 984059911,nop,wscale 13], length 0
17:00:56.341526 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [.], ack 1, win 490, options [nop,nop,TS val 984059913 ecr 2438372003], length 0
17:00:56.341802 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [P.], seq 1:518, ack 1, win 490, options [nop,nop,TS val 984059913 ecr 2438372003], length 517
17:00:56.344504 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [.], ack 518, win 9, options [nop,nop,TS val 2438372006 ecr 984059913], length 0
17:00:56.346115 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [.], seq 1:1449, ack 518, win 9, options [nop,nop,TS val 2438372008 ecr 984059913], length 1448
17:00:56.346120 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [.], ack 1449, win 582, options [nop,nop,TS val 984059917 ecr 2438372008], length 0
17:00:56.346253 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [P.], seq 1449:2853, ack 518, win 9, options [nop,nop,TS val 2438372008 ecr 984059913], length 1404
17:00:56.346256 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [.], ack 2853, win 660, options [nop,nop,TS val 984059917 ecr 2438372008], length 0
17:00:56.347304 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [P.], seq 518:598, ack 2853, win 660, options [nop,nop,TS val 984059918 ecr 2438372008], length 80
17:00:56.347388 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [P.], seq 598:1331, ack 2853, win 660, options [nop,nop,TS val 984059918 ecr 2438372008], length 733
17:00:56.349468 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [.], ack 1331, win 9, options [nop,nop,TS val 2438372011 ecr 984059918], length 0
17:00:56.349548 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [P.], seq 2853:3406, ack 1331, win 9, options [nop,nop,TS val 2438372011 ecr 984059918], length 553
17:00:56.349609 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [P.], seq 1331:1362, ack 3406, win 674, options [nop,nop,TS val 984059921 ecr 2438372011], length 31
17:00:56.391829 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [.], ack 1362, win 9, options [nop,nop,TS val 2438372054 ecr 984059921], length 0
17:00:56.469974 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [P.], seq 3407:3709, ack 990, win 9, options [nop,nop,TS val 1615876819 ecr 984059775], length 302
17:00:56.470072 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [P.], seq 990:1038, ack 3709, win 674, options [nop,nop,TS val 984060041 ecr 1615876819], length 48
17:00:56.470094 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [P.], seq 1038:1062, ack 3709, win 674, options [nop,nop,TS val 984060041 ecr 1615876819], length 24
17:00:56.470143 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [F.], seq 1062, ack 3709, win 674, options [nop,nop,TS val 984060041 ecr 1615876819], length 0
17:00:56.471478 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [.], ack 1038, win 9, options [nop,nop,TS val 1615876821 ecr 984060041], length 0
17:00:56.471507 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [.], ack 1062, win 9, options [nop,nop,TS val 1615876821 ecr 984060041], length 0
17:00:56.472223 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [F.], seq 3709, ack 1062, win 9, options [nop,nop,TS val 1615876822 ecr 984060041], length 0
17:00:56.472230 IP 172.16.2.20.38968 > 104.18.1.181.443: Flags [.], ack 3710, win 674, options [nop,nop,TS val 984060043 ecr 1615876822], length 0
17:00:56.472419 IP 104.18.1.181.443 > 172.16.2.20.38968: Flags [.], ack 1063, win 9, options [nop,nop,TS val 1615876822 ecr 984060041], length 0
17:00:56.668363 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [P.], seq 3406:3708, ack 1362, win 9, options [nop,nop,TS val 2438372330 ecr 984059921], length 302
17:00:56.668454 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [P.], seq 1362:1410, ack 3708, win 674, options [nop,nop,TS val 984060239 ecr 2438372330], length 48
17:00:56.668472 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [P.], seq 1410:1434, ack 3708, win 674, options [nop,nop,TS val 984060239 ecr 2438372330], length 24
17:00:56.668524 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [F.], seq 1434, ack 3708, win 674, options [nop,nop,TS val 984060240 ecr 2438372330], length 0
17:00:56.670467 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [.], ack 1410, win 9, options [nop,nop,TS val 2438372332 ecr 984060239], length 0
17:00:56.670495 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [.], ack 1434, win 9, options [nop,nop,TS val 2438372332 ecr 984060239], length 0
17:00:56.670761 IP 104.18.1.181.443 > 172.16.2.20.38972: Flags [F.], seq 3708, ack 1435, win 9, options [nop,nop,TS val 2438372332 ecr 984060240], length 0
17:00:56.670766 IP 172.16.2.20.38972 > 104.18.1.181.443: Flags [.], ack 3709, win 674, options [nop,nop,TS val 984060242 ecr 2438372332], length 0

 
 
Note
Ignore the fact it is a different IP on the successful attempt, it flaps between 104.18.1.181 and 104.18.0.181 on multiple attempts both successful and unsuccessful.

@gustavo-iniguez-goya
Copy link
Collaborator

Hi @dontcrash ,

Could you enable [x] Debug invalid connections on the Preferences dialog -> Nodes tab, and see if it prompts you to allow an outbound connection?

@dontcrash
Copy link
Author

Hi @dontcrash ,

Could you enable [x] Debug invalid connections on the Preferences dialog -> Nodes tab, and see if it prompts you to allow an outbound connection?

Hey, thank you for the quick response, unfortunately that did not reveal anything further :(

image

@gustavo-iniguez-goya
Copy link
Collaborator

ok @dontcrash . If I'm not wrong, I need a mac or win computer to act as a "Host" , correct? Is it possible to use Parsec for a linux2linux connection (or linux2android)?

I only have linux/android machines right now, so until the next week I won't be able to properly try to reproduce this issue.

@dontcrash
Copy link
Author

dontcrash commented Dec 30, 2024

ok @dontcrash . If I'm not wrong, I need a mac or win computer to act as a "Host" , correct? Is it possible to use Parsec for a linux2linux connection (or linux2android)?

I only have linux/android machines right now, so until the next week I won't be able to properly try to reproduce this issue.

Hosting does not work on Linux sadly! I have found another scenario that reproduces the same issue, if I mount an SMB share in Dolphin using Network > Add Network Folder, if I mount that before OpenSnitch is running it works, if I close Dolphin, start OpenSnitch, Dolphin then will not open and hangs until I pause OpenSnitch, interestingly, mounting via fstab works perfectly, mount -a brings up a dialog to allow traffic.
I am wondering if there is some weird sauce happening with iptables chains.

I have tried disabling UFW, issue persists.

Chain INPUT (policy DROP)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warn prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warn prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere            

Chain ufw-before-input (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             mdns.mcast.net       udp dpt:mdns
ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:ssdp
ufw-user-input  all  --  anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere            

Chain ufw-logging-allow (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warn prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warn prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere            

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination         

Chain ufw-user-input (1 references)
target     prot opt source               destination         

Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warn prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         

Chain ufw-user-output (1 references)
target     prot opt source               destination

@gustavo-iniguez-goya
Copy link
Collaborator

thank you @dontcrash . Adding a samba share from Dolphin having OpenSnitch running works for me (Dolphin -> Add network folder -> M.Windows network drive).

On latest KDE version, there're 2 connections from kioworker to port 445/tcp and from smbnotifier to port 139/tcp. The server needs to have the port 445 udp/tcp opened if OpenSnitch is installed (or if there's any other firewall).

On older KDE (kubuntu 20.04), kdeinit5 initiates the connection to ports 139/tcp and 445/tcp.

It'd be interesting to see logs in DEBUG level (Preferences -> Nodes -> Logging), and post /var/log/opensnitchd.log.

this is my smb.conf configuration:
[global]

 workgroup = WORKGROUP
 server string = %h server (Samba, ubuntu)

 log file = /var/log/samba/log.%m
 max log size = 1000
 logging = file

 server role = standalone server
 
 obey pam restrictions = yes
 unix password sync = yes

 passwd program = /usr/bin/passwd %u
 passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype:\snew\spassword:* %n\n *password\supdated\ssuccesssfully

 map to guest = bad user


 usershare allow guests = yes

[share-xxx-test]
 browseable = yes
 read only = yes
 guest ok = yes
 path = /tmp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants