Community discussions

MikroTik App
 
Nazralte
just joined
Topic Author
Posts: 19
Joined: Wed Jun 06, 2018 3:34 pm

Hamachi Relayed Tunnel - Same router Different Networks

Wed Nov 24, 2021 5:00 pm

First the issue. We have a server for commercial business for employees to use a management program. We use hamachi to more easily let new people to get onto the server with remote login. This typically works well but we have noticed that when someone is on our office network we get Relayed Tunnel, which makes the connection to the server slow and unreliable.
The server is on lets say port 2 on a separate network. The office network is on lets say port 3 on a separate network.
After talking with our ISP guy for a different issue he thought that maybe the issue may be that because the traffic is going out and back in on the same device that is why we are getting a relayed tunnel.

I had someone who had a relayed tunnel here at the office log in from home and it was fine, direct tunnel, there. This makes me feel that the guy was correct.

Now I wonder if there is a better way to have it set up in the router. I tried to do a port forward but it didn't seem to help. Any suggestions?

Thanks!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Hamachi Relayed Tunnel - Same router Different Networks

Wed Nov 24, 2021 8:13 pm

The very issue is that all these systems based on UDP hole punching rely, among other things, on routability of the traffic between the public IP of the first peer (client) and the second peer (server). If the coordinating server can see packets from both peers to come from the same public IP, it cannot be sure whether the (apparently common for both NAT device) will handle a connection from one peer to the public address of the other one, so it chooses a relayed tunnel as a safe option.

As you say that the server and the clients inside the company are on "separate networks", you should be good if you can make the server (or the server's network) to be src-nated to a different public IP than the client's network. If you only have a single public IP in the company, the only way out is to run a virtual machine with a public IP address in some data center, create a tunnel to it, and let the server talk to internet via that virtual machine.
 
Nazralte
just joined
Topic Author
Posts: 19
Joined: Wed Jun 06, 2018 3:34 pm

Re: Hamachi Relayed Tunnel - Same router Different Networks

Tue Nov 30, 2021 8:51 pm

So yes, they are on different networks and they are going out on different static IP addresses. Perhaps there is a better way to port forward or something that I am unsure of? I just don't know why it's only having an issue when they are going through the same router.
I suppose to it could be the modem? But since that's a fiber modem with the ISP there isn't anything I can do about that.

If anyone has any ideas on maybe a better way to port forward or manage the traffic for just hamachi I would love to hear it.

Thanks!
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Hamachi Relayed Tunnel - Same router Different Networks

Tue Nov 30, 2021 11:19 pm

I've somehow missed that you have a single router for both.

So it seems the Hamachi director is so clever that even if it detects the clients to have two distinct public addresses, it doesn't take for granted that these addresses can talk to each other, lets the clients test that, and switches them to relayed tunnel if the direct one fails.

The thing is that for the single router to treat the Hamachi connection from server to client and the Hamachi connection from client to server as two separate ones, each src-nated individually, it needs that both of them get routed via some out-interface. So you need a hairpin tunnel (from the router back to itself) to handle this kind of traffic.

So to prevent further guessing, post a "usefully anonymized" configuration of the router, as per my automatic signature below. It will require a few extra routes, routing rules, and firewall rules on top of the hairpin tunnel itself.

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], flapviv and 83 guests