Btsync On Raspberry Pi Fails To Connect Outside-Lan Clients But Btsync On Pc Is Working

[prosciutboy]

Hello

 

I am facing a strange issue, I have BTSync running on a PC and and on a Raspberry Pi and I am behind a router with firewall activated:

 

#1 PC running linux 3.13.6-1-ARCH with BitTorrent Sync 1.2.92

Connected via Wifi to router

Listening port is set to 8086, this port is forwarded on my router (TCP/UDP)

 

As I am in China I force tracker and relay IPs in /etc/hosts

$ cat /etc/hosts...54.225.92.50	t.usyncapp.com67.215.231.242	r.usyncapp.com...

BTSync is running as --nodaemon 

/usr/bin/btsync --config /home/prosciutboy/.config/btsync/btsync.conf --nodaemon

 

Results

-> LAN access is working fine
-> It can access outside world and sync with other clients

 

#2 Raspberry Pi running raspbian (Linux raspbmc 3.10.24) with BitTorrent Sync 1.2.67

Connected via Ethernet to router

The listening port is 8082, this port is forwarded on my router (TCP/UDP)

Tracker and relay IPs are referenced in /etc/hosts

Port 8082 is opened in the firewall (port 3000 also but I don't think it is needed):

$ tail /etc/network/if-up.d/secure-rmc     iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT    iptables -A INPUT -i $IFACE -j DROP    # added for btsync    iptables -A INPUT -p tcp --dport 8082 -i $IFACE -j ACCEPT    iptables -A INPUT -p udp --dport 8082 -i $IFACE -j ACCEPT    iptables -A INPUT -p udp --dport 3000 -i $IFACE -j ACCEPTfi

$ sudo iptables --listChain INPUT (policy ACCEPT)target     prot opt source               destination         ACCEPT     all  --  192.168.1.0/24       anywhere            DROP       all  --  anywhere             anywhere            ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8082ACCEPT     udp  --  anywhere             anywhere             udp dpt:8082ACCEPT     udp  --  anywhere             anywhere             udp dpt:3000

BTSync is running as daemon but nodaemon gives the same results

/usr/bin/btsync --config /home/pi/.btsync/config.json

 

 

Results:

-> LAN access is working fine
-> Sync with outside world is failing

$ cat .btsync/sync.logtotal physical memory -1 max disk cache 2097152Using IP address 192.168.1.110Loading config file version 1.2.67Loaded folder /media/3a1d320b-c949-46dc-aa95-ed0414721543/video/doc/palettesLoaded folder /media/3a1d320b-c949-46dc-aa95-ed0414721543/video/MoviesLoaded folder /media/3a1d320b-c949-46dc-aa95-ed0414721543/btsync/testmtgoxLoaded folder /home/pi/cloud/testbtsNAT-PMP: Unable to map port with NAT-PMP.Incoming connection from 192.168.1.102:64790...

On my PC and Raspberry, the btsync config files have the same content (only "listening port" and "storage path" differs). I do not understand why I get the error "NAT-PMP: Unable to map port with NAT-PMP" and why I cannot sync with the clients outside the LAN with the Raspberry Pi.

 

Thanks in advance for your help !

 

 

[dms2013]

Is UPnP enabled on the router? Where is the device that's out in the world located?

Try adding the other 2 tracker IPs in your hosts file too.

I am also in China and often the connection gets "dropped". How long did you wait? (In a case I was monitoring it took 17minutes).

[prosciutboy]

Hi dms2013,

 

UPnP is not enabled on the router. The device with which I am syncing is provided by vrypan (https://github.com/vrypan/btsync-keys) and I am synching btsync-keys directory.

 

I noticed connection sometimes drop so I will add some IPs in the hosts. Nevertheless my PC get the sync very quickly (not even 1 min after btsync starts) whereas my Raspberry Pi have been on for 3 days already and still nothing (I can also see it from the log where I get the "Unable to map port with NAT-PMP" error message).

 

Any ideas?

[dms2013]

Hi dms2013,

 

UPnP is not enabled on the router. The device with which I am syncing is provided by vrypan (https://github.com/vrypan/btsync-keys) and I am synching btsync-keys directory.

 

I noticed connection sometimes drop so I will add some IPs in the hosts. Nevertheless my PC get the sync very quickly (not even 1 min after btsync starts) whereas my Raspberry Pi have been on for 3 days already and still nothing (I can also see it from the log where I get the "Unable to map port with NAT-PMP" error message).

 

Any ideas?

create a file in your .sync folder (where the sync.log file is) called debug.txt and inside it on one line write FFFF. (not sure if needed, but restart BTSync just to be on the safe side)

And the log will hopefully give you more information on what's going on.

 

So the RPi can connect to your windows box within a minute? Is your windows box connected to any other devices (using the same secret as the RPi) From my understanding is that Windows should tell your RPi about the other clients and the clients about your RPi.

 

Are you sure your firewall is forwarding the ports? Try running a simple service on them with BTS off, and connect to it from the outside. Also try again with UPnP enabled on your router.

[dms2013]

Might it be your RPi firewall dropping all packets that's not local? Shouldn't the drop rule be last?

[prosciutboy]

I disabled the firewall and activated UPnP. I can see that the port 8082 is opened in the UPnP status webpage of the router

ID	App Description	External Port	Protocol	Internal Port	IP Address	Status2	BitTorrent Sync (TCP)	8082	TCP	8082	192.168.1.110	Enabled3	BitTorrent Sync (UDP)	8082	UDP	8082	192.168.1.110	Enabled

I activated the logs with debug.txt and get the error message "Failed to get tracker ips".

...Found peer for folder /btsync/testmg 0___8 192.168.1.105:8086 direct:1Got ping (broadcast: 1) from peer 192.168.1.105:8086 (0___8) for share 5___EFound peer for folder /btsync/testbts 0___8 192.168.1.105:8086 direct:1Failed to get tracker ipsSending broadcast ping for share E___D...

My other PC (running linux) is behind the same router (its IP is 192.168.1.105), it can sync with clients outside the LAN.

My RPi (192.168.1.110) can only sync with local PC 192.168.1.105.

 

Both box are running btsync and are syncing btsync-keys directory from vrypan.

[dms2013]

This is interesting. I assume the RPi gets it IP from the routers DHCP server?

What does arp -a say? Is your router in the list?

Output of iptables -L

 

Can you access the internet from the RPi? 

 

I'm sure you can, but I have to ask. 

I sent you a PM about adding an external share with pre-defined host. (just to see if it works)

 

Not sure what "failed to get tracker ips really means".

It can't resolve? 

 

Did you add all 3 ips in /etc/hosts?

 

54.225.92.50 t.usyncapp.com

54.225.196.38 t.usyncapp.com

54.225.100.8 t.usyncapp.com

 

I am out of ideas for now.

[prosciutboy]

I think you are right a part of the problem comes from my firewall on the raspberry pi. I flushed the iptables rules and the logs looks better:

...Got 2 relay ips[20140321 22:59:58.171] ip 67.215.231.242:3000[20140321 22:59:58.171] ip 67.215.229.106:3000[20140321 22:59:58.197] Got 1 tracker ips[20140321 22:59:58.197] ip 59.24.3.173:3000[20140321 22:59:58.197] Got 1 tracker ips[20140321 22:59:58.197] ip 59.24.3.173:3000[20140321 22:59:58.222] Got 1 tracker ips[20140321 22:59:58.223] ip 59.24.3.173:3000[20140321 22:59:58.248] Got 1 tracker ips[20140321 22:59:58.248] ip 59.24.3.173:3000[20140321 22:59:58.248] Got 1 tracker ips[20140321 22:59:58.249] ip 59.24.3.173:3000[20140321 22:59:59.090] Sending broadcast ping for share E___D[20140321 22:59:59.091] Requesting peers from tracker 59.24.3.173:3000 via UDP...

$ sudo iptables -LChain INPUT (policy ACCEPT)target     prot opt source               destination         Chain FORWARD (policy ACCEPT)target     prot opt source               destination         Chain OUTPUT (policy ACCEPT)target     prot opt source               destination 

I have completed the hosts file with some redirections, but I doubt the mechanism can handle multiple IP for a singe host.

 

I added your the external share and pre-defined host, but it does not sync... In sync.log it gives this strange message:

...[20140322 00:41:40.097] Sending broadcast ping for share 14xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxssx65[20140322 00:41:40.098] Send ping to peer (0000000000000000000000000000000000000000) for share 14xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxssx65:[20140322 00:41:40.098] ping 0.0.0.0:0 directly[20140322 00:41:40.098] ping 0.0.0.0:0 via relay...

[dms2013]

The IP you get isn't one of the the trackers IPs. Maybe RomanZ can confirm this.

What does the log say when you add the pre defined host?

[prosciutboy]

Your are right, the IP does not seem to be a tracker, moreover I cannot ping it.

My /etc/hosts forces the following IPs:

$ cat /etc/hosts# btsync tracker and relay IP54.225.92.50	t.usyncapp.com54.225.196.38	t.usyncapp.com54.225.100.8	t.usyncapp.com54.225.196.38	t.usyncapp.com67.215.231.242	r.usyncapp.com67.215.229.106	r.usyncapp.com

A ping to t.usyncapp.com lead to a working IP

$ ping t.usyncapp.comPING t.usyncapp.com (54.225.92.50) 56(84) bytes of data.64 bytes from t.usyncapp.com (54.225.92.50): icmp_req=1 ttl=35 time=298 ms64 bytes from t.usyncapp.com (54.225.92.50): icmp_req=2 ttl=35 time=292 ms^C--- t.usyncapp.com ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1001msrtt min/avg/max/mdev = 292.746/295.641/298.537/2.946 ms

I did a test, in case /etc/hosts does not force any t.usyncapp.com IP a ping to t.usyncapp.com points to 59.24.3.173 (the wrong IP I see in my sync.log).

 

So what we should understand is why btsync does not point to the IP which are forced in the /etc/hosts? Is there any DNS cache in btsync? I rebooted the Raspberry Pi but it does not change anything.

 

Very strange issue...

[dms2013]

I didn't see this before. Try using a newer version on your RPi, 

go to the dir with btsync:

wget http://syncapp.bittorrent.com/1.2.92/btsync_arm-1.2.92.tar.gz

pkil btsync

tar -zxvf 1.2.92/btsync_arm-1.2.92.tar.gz

./btsync

[prosciutboy]

After updating btsync to 1.2.92 and an apt-get upgrade of the RPi, I see some improvements:

I get access to your share (hello file contents the world) and I even see a peer connected to the same shared directory.

 

But tracker IP in the log is always the wrong address 59.24.3.173. Really weird...

[prosciutboy]

I edited resolv.conf to use google DNS (8.8.8.8 and 8.8.4.4), the tracker IP is now sometimes 37.61.54.158 sometimes 59.24.3.173. Moreover this is what I get with nslookup.

pi@raspbmc:~$ nslookup t.usyncapp.comServer:		8.8.8.8Address:	8.8.8.8#53Non-authoritative answer:Name:	t.usyncapp.comAddress: 59.24.3.173pi@raspbmc:~$ nslookup t.usyncapp.comServer:		8.8.8.8Address:	8.8.8.8#53Non-authoritative answer:Name:	t.usyncapp.comAddress: 37.61.54.158

[dms2013]

That is the GFW changing the IP like a man in the middle. Take a closer look at /etc/hosts because it overrides dns servers. The problem must be there

[prosciutboy]

In fact the root DNS in China redirect to wrong IPs for "non harmonized" servers (such as btsync trackers it seems).

 

My hosts is as follows

cat /etc/hosts::1             raspbmc localhost6.localdomain6 localhost6127.0.1.1       raspbmc127.0.0.1       localhost::1             localhost ip6-localhost ip6-loopbackfe00::0         ip6-localnetff00::0         ip6-mcastprefixff02::1         ip6-allnodesff02::2         ip6-allrouters# btsync tracker and relay IP54.225.92.50	t.usyncapp.com54.225.196.38	t.usyncapp.com54.225.100.8	t.usyncapp.com54.225.196.38	t.usyncapp.com67.215.231.242	r.usyncapp.com67.215.229.106	r.usyncapp.com23.21.106.161	syncapp.bittorrent.com

I don't see any problem in my /etc/hosts (but I don't understand too much the ipv6 stuff). Do you see anything wrong?

 

On my linux I am sure btsync get the tracker IP from /etc/hosts but I am wondering whether btsync for ARM uses DNS service to connect to tracker. If it is the case it would explain why modifying /etc/hosts on RPi does not have any effect on btsync.

[RomanZ]

prosciutboy,

 

You are getting wrong tracker IPs. Here are correct IPs:

 

Non-authoritative answer:

Name: t.usyncapp.com

Address: 54.225.92.50

Name: t.usyncapp.com

Address: 54.225.196.38

Name: t.usyncapp.com

Address: 54.225.100.8

 

All versions (including ARM) of BTSync refer to DNS name t.usyncapp.com, not the IP. In Linux, it is not necessary that your DNS resolver goes to hosts file first. I'd advise to check how resolver is working on Raspbian.

[prosciutboy]

Hi RomanZ, your advice is good but I don't really know to check how the DNS resolver works... and I wonder if there is any easy way to modify the way it works. 

 

Anyway, I manage to bypass this issue and I can now sync with peers outside my network !

As already stated, the problem is due to the DNS Poisoning performed by the Chinese Great Firewall (the famously terrible GFW). To prevent this alteration, I compiled and configured DNSCrypt on my RPi and the IP of t.usyncapp.com is now resolved perfectly.

 

That might be useful for others so I will write a tutorial in the next days.

 

Thanks again to dms2013 and RomanZ for their help.

[RomanZ]

prosciutboy,

 

Glad to hear you've found a workaround and now it works for you!

[cz2000]

Currently, I have encountered the same problem with you, do I also need to install DNSCrypt in my windows server? 

BTW, I am wondering how to do by GFW, it actually can be a priority of my local hosts file, and misled me into 59.24.3.173

 

 

[2014-05-07 00:29:49.157] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.157] Sending broadcast ping for share

[2014-05-07 00:29:49.162] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.162] Sending broadcast ping for share

[2014-05-07 00:29:49.167] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.167] Sending broadcast ping for share

[2014-05-07 00:29:49.173] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.173] Sending broadcast ping for share

[2014-05-07 00:29:49.178] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.179] Sending broadcast ping for share

[2014-05-07 00:29:49.183] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.183] Sending broadcast ping for share

[2014-05-07 00:29:49.188] Requesting peers from tracker 59.24.3.173:3000 via UDP

Hi RomanZ, your advice is good but I don't really know to check how the DNS resolver works... and I wonder if there is any easy way to modify the way it works. 

 

Anyway, I manage to bypass this issue and I can now sync with peers outside my network !

As already stated, the problem is due to the DNS Poisoning performed by the Chinese Great Firewall (the famously terrible GFW). To prevent this alteration, I compiled and configured DNSCrypt on my RPi and the IP of t.usyncapp.com is now resolved perfectly.

 

That might be useful for others so I will write a tutorial in the next days.

 

Thanks again to dms2013 and RomanZ for their help.

[cz2000]

prosciutboy,

 

Glad to hear you've found a workaround and now it works for you!

Currently, I have encountered the same problem with you, do I also need to install DNSCrypt in my windows server? 

BTW, I am wondering how to do by GFW, it actually can be a priority of my local hosts file, and misled me into 59.24.3.173

 

 

[2014-05-07 00:29:49.157] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.157] Sending broadcast ping for share

[2014-05-07 00:29:49.162] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.162] Sending broadcast ping for share

[2014-05-07 00:29:49.167] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.167] Sending broadcast ping for share

[2014-05-07 00:29:49.173] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.173] Sending broadcast ping for share

[2014-05-07 00:29:49.178] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.179] Sending broadcast ping for share

[2014-05-07 00:29:49.183] Requesting peers from tracker 59.24.3.173:3000 via UDP

[2014-05-07 00:29:49.183] Sending broadcast ping for share

[2014-05-07 00:29:49.188] Requesting peers from tracker 59.24.3.173:3000 via UDP