UDP reverse proxying for OpenVPN isn't working using Nginx streams
Roman Arutyunyan
arut at nginx.com
Wed Apr 26 13:32:29 UTC 2017
Hi,
On Wed, Apr 26, 2017 at 08:32:08AM -0400, akb-nginx wrote:
> Hi.
>
> I was just wondering whether UDP stream proxying on Nginx is in its infacy
> or there is something which I am doing wrong. I have this simple config:
>
> events { worker_connections 1024; }
>
> worker_processes 1;
> error_log /dev/stderr debug;
> daemon off;
>
> stream {
> server {
> listen X.X.X.X:1194 udp;
> proxy_pass 127.0.0.1:1195;
> }
> }
>
> to make Nginx a reverse proxy for my OpenVPN server listening on UDP port
> 1195 on localhost. But it just doesn't work. When a client connects, Nginx
> keeps logging these lines on stderr:
>
> 2017/04/26 12:14:43 [notice] 17125#0: using the "epoll" event method
> 2017/04/26 12:14:43 [notice] 17125#0: nginx/1.11.13
> 2017/04/26 12:14:43 [notice] 17125#0: built by gcc 4.9.2 (Debian 4.9.2-10)
> 2017/04/26 12:14:43 [notice] 17125#0: OS: Linux 3.16.0-4-amd64
> 2017/04/26 12:14:43 [notice] 17125#0: getrlimit(RLIMIT_NOFILE): 1024:4096
> 2017/04/26 12:14:43 [notice] 17125#0: start worker processes
> 2017/04/26 12:14:43 [notice] 17125#0: start worker process 17126
> 2017/04/26 12:14:47 [info] 17126#0: *1 udp client Y.Y.Y.Y:40332 connected to
> X.X.X.X:1194
> 2017/04/26 12:14:47 [info] 17126#0: *1 udp proxy 127.0.0.1:55424 connected
> to 127.0.0.1:1195
> 2017/04/26 12:14:47 [info] 17126#0: *3 udp client Y.Y.Y.Y:40332 connected to
> X.X.X.X:1194
> 2017/04/26 12:14:47 [info] 17126#0: *3 udp proxy 127.0.0.1:48958 connected
> to 127.0.0.1:1195
> 2017/04/26 12:14:47 [info] 17126#0: *5 udp client Y.Y.Y.Y:40332 connected to
> X.X.X.X:1194
> 2017/04/26 12:14:47 [info] 17126#0: *5 udp proxy 127.0.0.1:56732 connected
> to 127.0.0.1:1195
Stream UDP proxy creates a session for every client packet.
That packet is proxied separately from other client packets with a new
proxy client port each time and a response for this packet is proxied back.
While this works fine for protocols like DNS, long sessions with multiple
client packets will not work properly.
[..]
--
Roman Arutyunyan
More information about the nginx
mailing list