EasyVPN client causes a Dos attack on my router

EasyVPN on Vista SP1, Enterprise, x32 - Normal User.

Yesterday i logged on to EasyVPN and there was one user in my list online, this caused EasyVPN to go crazy on the network traffic:

It send 2644 udp packets in 21 seconds, that relates to 125 packets per second fired at my router (and nat tables).
Destination packets where 3 private ip’s on 192.168.x and one public number.

I had to use CIS to block that traffic because it killed my router, and as that’s provided by my ISP i’m afraid their not going to fix that “thing”, think i’ll put me a Cisco in between that :-))

If you need more data, i have a packet trace, please PM me if needed.

Forgot, this was just during logon to EasyVPN i could see who was online and then my router died…
Tried it 5 times and 5 times i had to pull the plug in the router to get it back to work.

Haven’t had that on the previous version…

Appreciate your data packets check.
It is necessary to send some data to establish the P2P connection with quicker speed between two peers.
The sending process begins when two peers try to establish the connect and ends when the P2P is done or failed.
It will last for 20 seconds in the worst case.

Sorry for five times pulling.
It didn’t happen to us until now.
We just send normal data packets by socket, nothing is special.

After you have succeed in login EasyVpn, your contacts&networks information and status will be sent to you.
There is a time lag of about several seconds depending on your net speed.

Well are you sure a packet rate of 125 per second is normal ?

I tend to find it a bit on the high side, it wouldn’t be a problem if the “logged on user” had only registered on one network but in this case the user is known on EasyVPN on at least 4 networks, and it still goes to Relay connection.

So for every call to the socket you get this multiplied by the x number of networks the “remote” user(s) are known…

The screenshot shows what happens for one of the networks the remote user uses/used.
31 packets per second per network known to EasyVPN active users with 10 users online this would result int 310 packets per second udp traffic… I’d like to see some sort of “slow start” probing in that behavior :-))

[attachment deleted by admin]

As there are some NAT types , we have to add the tactics to increase the P2P connection’s success rate. One method is sending data to NAT between NAT port and NAT port number plused 30. So when one users in contacts or networks is online ,the easyvpn will send data to 30 ports to the get fastest reply.
If there are 10 online users when easyvpn become online, easyvpn will send data to 30*10 ports at least.All p2p data(UDP) are processed in another thread and by sequence.

Are you sure you want 300 calls per second on a large number of ip addresses ?
I don’t think this will make EasyVPN very scalable with a lot of users…

easyvpn send the p2p request data(such 30 ports) in limited times(for example 20 sec).
We have tried to get as high success rate as possible.
We will make some progress to reduce the redundancy.

For a user having been active on multiple ip segments, it’s not very effective trying to reach them on a segment he/she is not connected on at the time of the login, could you reduce that also ?

If i logon i will be on max 2 ip segments to p2p, a local lan ip and the “external” ip from my internet connection, so it looks a bit redundant to “search” for connection on all other segments i have ever been active on…

EasyVpn tried all host’s ips and internet ips.
The host have the only host ip and the only internet ip normally.
Sometimes Easyvpn have more than one IP and some of them are useful.
For example in the picture.
Host A has four real network adapters:

  1. ip address(192.168.1.*)
  2. ip address(172.0.0.*)
  3. ip address(10.0.0.*)
  4. LAN to WAN

Easyvpn has been installed into the HOST1,2,3 and A.
The hostA’s account is in the firends list of other three accounts.
If Host1,2,3 and A became online, the every ip of hostA is useful to p2p connection.

[attachment deleted by admin]

Hi LiuBo,

I think that’s not what i tried to explain, i can understand this, however i would replace Host A for a real router :wink:

What i meant was that when i logged on there was only 1 user online, it caused traffic to 5 ip segments for that one specific user.

  1. Private IP 192.168.a.b
  2. Private IP 192.168.c.d
  3. Private IP 192.168.e.f
  4. Public NAT IP g.h.i.j
  5. Public Relay 91.k.l.m

But the first 3 Private IP’s must be ranges that the “online user” has been active on in the Past, he could only be active on one of the 3 at the time he’s online, right ?

So traffic should be 1 of the 1/2/3 Private IP’s, 4 Public NAT, 5 Relay, that will at least reduce it with 60pps.

I really don’t think that user was active on a multihomed server…

If you’d like to know who it was PM me, he is somewhere close to you :wink: (staff)

Yes,one of 3 private ips is our ideal aim. Easyvpn don’t know which one is the ideal one, Easyvpn have to send request and wait for response to decide which is ideal, even some request packet is unreachable. We didn’t find other method to pick up the one. We do appreciate if you give us some advice to locate the ideal one.
When easyvpn host have 2+ ips, it is possible that contact A connects to ip 1 and the contact B connect to ip 2.Whe a contact is online, easyvpn don’t know which one is the best. Trying all is reasonable.