netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

Impossible to get P2P between two peers yet ports seems open

Open Silex opened this issue 4 months ago • 0 comments

Describe the problem

I have peer "arqivis" (arqivis-web, hetzner server), peer "pv" (stvs-pv-laptop1, windows machine) and peer "trb3" (pictet-trb3, openwrt 5G router). I get P2P between arqivis & pv, and between arqivis & trb3, but no matter what I try I cannot get P2P connexion between "pv" & "trb3".

To Reproduce

  • "pv" is a windows machine on home wifi with UDP port 51820 forwarded from WAN to laptop.
  • "arqivis" is a hetzner server directly connected to internet.
  • "trb3" is a Teltonika TRB 500 5G router that runs openwrt (arm), it is in the CGNAT range and has no public IP adddress (5G).

Expected behavior

Given the 5G router is able to get P2P with hetzner, it should be able to get P2P with the windows machine that has forwarded necessary ports.

Are you using NetBird Cloud?

No, self hosted.

NetBird version

netbird server 0.46.0 pv 0.45.3 arqivis 0.37.1 trb3 0.36.5

Is any other VPN software installed?

Zerotier on the router, as a plan B for if netbird fails.

Debug output

trb3-client.log trb3-status.log arqivis-client.log arqivis-status.log pv-client.log pv-status.log

In pv-client.log, both PIONS_LOG_DEBUG=all NB_LOG_LEVEL=debug are set. in trb-client.log, only NB_LOG_LEVEL=debug is set.

The interesting part is this:

arqivis:

 stvs-pv-laptop1.netbird.stvs:
  NetBird IP: 100.70.63.243
  Public key: BK1kwiMi55Vai1e1WhEtdal3sT2pueG5l1E+fCgurmg=
  Status: Connected
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): srflx/prflx
  ICE candidate endpoints (Local/Remote): 65.21.72.59:51820/194.230.140.133:51820

As we see, arqivis successfully uses 194.230.140.133:51820 which is pv public IP to establish P2P.

But on trb3:

 stvs-pv-laptop1.netbird.stvs:
  NetBird IP: 100.70.63.243
  Public key: BK1kwiMi55Vai1e1WhEtdal3sT2pueG5l1E+fCgurmg=
  Status: Connected
  -- detail --
  Connection type: Relayed
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-

Somehow it looks like it has trouble reaching 194.230.140.133:51820.

Screenshots

No screenshots.

Additional context

None.

Have you tried these troubleshooting steps?

  • [x] Reviewed client troubleshooting (if applicable)
  • [x] Checked for newer NetBird versions
  • [x] Searched for similar issues on GitHub (including closed ones)
  • [x] Restarted the NetBird client
  • [x] Disabled other VPN software
  • [x] Checked firewall settings

Related to #3949

Silex avatar Jun 10 '25 15:06 Silex