Please Help!! UDP acceleration not working

[tina_ne]

Hi,

I am trying to establish a UDP vpn connection to my server.

I have enabled secure NAT on the server, but UDP Acceleration still does not work. The application that I'm using works on UDP and is to laggy on tcp connection so UDP connection is a must. I have been trying to search any special configuration, but not able to find any. I have tried both windows and linux clients but same status everywhere, UDP Holepunching doesnt work, do i need to map open any ports?
I have tried the server on both public IP and Behind NAT using vpn azure, but it doesnt work, all the time the connection is TCP instead of UDP, Anybody Plsssss help!
Its getting very frustrating as i am trying
Here is my Client Status

Item |Value
------------------------------------------+------------------------------------------
VPN Connection Setting Name |New VPN Connection
Session Status |Connection Completed (Session Established)
VLAN ID |-
Server Name |XXXX.softether.net
Port Number |TCP Port 443
Server Product Name |SoftEther VPN Server (64 bit)
Server Version |4.04
Server Build |Build 9412
Connection Started at |2014-03-29 (Sat) 17:59:08
First Session has been Established since |2014-03-29 (Sat) 17:59:17
Current Session has been Established since|2014-03-29 (Sat) 17:59:17
Number of Established Sessions |1 Times
Half Duplex TCP Connection Mode |No (Full Duplex Mode)
VoIP / QoS Function |Disabled
Number of TCP Connections |1
Maximum Number of TCP Connections |1
Encryption |Enabled (Algorithm: RC4-SHA)
Use of Compression |Yes (100 %)
Physical Underlay Protocol |Standard TCP/IP (IPv4)
UDP Acceleration is Supported |Yes
UDP Acceleration is Active |No
Session Name |SID-TEST-25
Connection Name |CID-111
Session Key (160 bit) |2BC3CD937054A947AC294E80C83FCD4AED8B8842
Bridge / Router Mode |Yes
Monitoring Mode |No
Outgoing Data Size |8,951,972 bytes
Incoming Data Size |8,815,604 bytes
Outgoing Unicast Packets |58,370 packets
Outgoing Unicast Total Size |8,415,320 bytes
Outgoing Broadcast Packets |47 packets
Outgoing Broadcast Total Size |1,974 bytes
Incoming Unicast Packets |69,481 packets
Incoming Unicast Total Size |8,082,722 bytes
Incoming Broadcast Packets |2,088 packets
Incoming Broadcast Total Size |98,906 bytes

[onyx]

base on my experience it does base on your current connection and does it automatically. When using my landline connection then udp acceleration is active. When i switch to my mobile internet connection then it doesn't use udp acceleration although it is supported. Instead I use the openvpn feature to use UDP on mobile connection since even if UDP acceleration is enabled it still says standard TCP/IP connection in SEVPN status.

And also. You might want to change this in advance settings.
Number of TCP Connections |1
1 tcp connection is very slow when your application is trying to make multiple request.

[tina_ne]

Hi Onyx, Can you please tell me about your land line? By landline do you mean a DSL with normal NAT modem?

I am using 4MB DSL, the modem is doing NATing. We need to find what exactly stops it?

Actually my application works purely on UDP with video and voice stream, and on tcp even on 3-4% packet loss, it doesnt work, have tried multiple tcp connections but same performance. So desperately need the UDP Acceleration feature. What do we need to do in order to make it work? Any idea?

[onyx]

Sorry for being such a noob in helping you out but I'm doing the best I can. I am using DSL connectio but It doesn't matter after going through the source code and reading the Nat Traversal thing and that's what actually complicate stuffs as I haven't understood the source code that much yet. But I'm working on it. In the source code it just run 4 threads to connect for vpn over tcp, udp, icmp and dns and breaks the loop when one can be used. that's what I think.

To what I understand if you enable Nat Traversal which is enabled by default then you don't have to start the listening port to it. Just like right now you are using port tcp 443 which is listening by default. Try to stop tcp port 443 in the server manager and try connecting with the same port. At least it's what it says. I tested it and I was able to connect using VPN over UDP with NAT-T (IPv4) and UDP acceleration is used. I did not test it's speed and leniency difference with standard VPN over TCP but it does warn me of it being unstable. :P

Sorry for complicating stuffs a bit. xD

[tina_ne]

Hi,

Thanks for helping if you could just make me connect using the same method like you did.

How do we make sure we have NAT Traversal is enabled? do we just need to enable secure NAT on the server? My client is also CentOS, and for some reason its not getting IP from DHCP, so i gave it static IP, and its able to ping the server. I didnt assign the servers router IP as its gateway i hope that doesn't make any difference. Apart from that which UDP port does it try to connect, do i need to to allow all ports from my servers internal iptables or a range like 10000-20000 udp would do it? (i had tried connecting with iptables off but that didnt work either)
I am using remote client manager on windows to configure my client, so over there it asks for tcp port only so do i put tcp 443 there?

[onyx]

tina_ne wrote:
> Hi,
>
> Thanks for helping if you could just make me connect using the same method
> like you did.
>
> How do we make sure we have NAT Traversal is enabled? do we just need to
> enable secure NAT on the server? My client is also CentOS, and for some
> reason its not getting IP from DHCP, so i gave it static IP, and its able
> to ping the server. I didnt assign the servers router IP as its gateway i
> hope that doesn't make any difference. Apart from that which UDP port does
> it try to connect, do i need to to allow all ports from my servers internal
> iptables or a range like 10000-20000 udp would do it? (i had tried
> connecting with iptables off but that didnt work either)
> I am using remote client manager on windows to configure my client, so over
> there it asks for tcp port only so do i put tcp 443 there?

it is enabled by default but just in case you can check it by using ConfiGet command and see to it that DisableNatTraversal is set to false. If your using server manager in windows then you'll find the settings in hub extended option and make sure that the value is set to 0.

My setup was pretty simple in centos server. I'm using Local Bridge though but I think it doesn't matter if your using Secure Nat in your side. Make sure that virtual dhcp is enable for clients to obtain IP under Secure Nat. You don't have to mess with iptables as far as I know. I just use the iptables for POSTROUTING rules in local bridge. And for the port I think you can use any but to be safe just use one that you disabled for listening like tcp 443.

I just read few details from here and made a quick test and that's what I came up with.
https://www.softether.org/1-features/1. ... _Traversal

To add up. UDP acceleration can still be active even though the underlying protocol is TCP. I just don't know how to do it. It doesn't activate when I'm in TCP but works under UDP.

[tina_ne]

Which upd ports to allow from IPtables on the server?

[onyx]

nothing as you don't have to when Nat-T is enabled.
can you post you server and client config?