Skip to content

server: cockroach connect does not negotiate peers across NAT properly #61238

Open
Open
server: cockroach connect does not negotiate peers across NAT properly#61238
Labels
A-authenticationPertains to authn subsystemsA-securityA-server-networkingPertains to network addressing,routing,initializationC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.T-server-and-securityDB Server & Security
@knz

Description

@knz
knz
opened on Feb 28, 2021

Part of #60632

During the initial handshake, the trust leader receives the address of each peer as part of the trust handshake.

However, each peer populates the acknowledgement for the challenge using its listening address, not its advertised address.

So if the connection is happening across a NAT boundary, the trust leader will be unable to connect back to its the trusted peers.

Jira issue: CRDB-3049
Epic: CRDB-6663

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-authenticationPertains to authn subsystemsA-securityA-server-networkingPertains to network addressing,routing,initializationC-bugCode not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.T-server-and-securityDB Server & Security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions