For a brief status of the established connections, execute:
The output will look something like this:
Let's analyse this information.
Connection to the Base Server
The second line contains information about connection to the Base Server. Base server helps devices find each other over the internet.
Normally, you should see information about successful UDP connection.
If there is only TCP connection established, you won't be able to establish direct connection to other devices over the internet. The data will be tunnelled over the base server - this will negatively impact latency and performance.
In order to fix this, unblock UDP on the firewall. You need at least UDP port 5582, but it's recommended to allow all outgoing connections.
This message means that most likely there is no internet connection. You will be only to contact devices in your local network.
Connection to a peer
Important: Make sure to ping the peer before checking its information in
husarnet status - it is only updated when communication is attempted.
Peer fcXX:YYY section contains information about connection to a specific peer.
If the second line contains
tunnelled, that means that you have no direct connection to the peer - this negatively impacts latency and performance. This is most likely caused by restrictive firewall, symmetric NAT or beeing behing carrier-grade NAT (CGNAT). Here are some tips on how to fix it:
- allow all UDP traffic on the firewall
- change NAT type to Full-cone or Port-restricted in your router configuration (it is often called Open or Moderate in router settings)
- enable IPv6
- restart your router
conntrack -Fon Linux router or virtual machine host
Otherwise, there will be a line containing
target=XXXX, where XXXX is the internet address used for communication with this node.
Tunneled connection when behind CGNAT
Some ISPs, usually mobile carriers, utilise carrier-grade NAT. As a result it is impossible to establish peer-to-peer connection with device hidden behind it.
How to check if you are behind CGNAT:
The easiest way is to check IP address given to you by ISP:
- ICAAN allocated IP4 address block for CGNAT is
100.64.0.0/10, however some carriers utilise other private IP4 ranges, such as
- If there is a router in your network, login into its web panel and check IP on WAN.
- In case of LTE modem plugged directly into your computer execute command in the terminal 'ip a' - and check IP on outbound interface
If you verified, that you are behind CGNAT and are unable to achieve peer-to-peer connection there is solution. Most ISPs offer service to get public external IP - contact with your ISPs customer service to obtain it. Its important to note, that it does not have to be static address - just public.
Hostnames of the devices in Husarnet network are stored in
/etc/hosts in lines with
# managed by Husarnet comment. They are modified automatically by the Husarnet daemon.
SSH connection issue
On some machines, before accessing them over SSH (
$ssh user@husarnet_hostname command) you might see the following error:
To overcome that issue, execute in the terminal of the device you are trying to reach over SSH:
If you still have problems, you can report the problem by sending mail to
email@example.com. Please describe your problem and attach Husarnet log. You can retrieve the log using the following command:
The log will be saved as
log.txt in the current directory.
You can also report bugs on the public community forum.