Skip to main content

Understanding Husarnet Status and Troubleshooting

In this document we describe problems Husarnet users stumbled into in the past. You might find the solution to your problem here, and also it is good resource to gain deeper understanding of the Husarnet system. If you do not see a solution you want, please let us know. Describe your problem and post it on Husarnet Community Forums.

What information to provide while posting problem report?

  • description of the problem
  • husarnet status -v output
  • husarnet log, which can be obtained e.g. from journalctl (e.g. journalctl --unit husarnet --since=yesterday > log.txt). On Windows it is saved in %PROGRAMDATA%\Husarnet
  • screenshots, OS/distro information, additional remarks

No base connection

If you don't have base connection you will be only to contact devices in your local network, and the reason for this could one of following:

  1. You don't have internet connection altogether
  2. Your firewall is blocking Husarnet
  3. Entire Husarnet Infrastructure is down

If your internet connection seems to work fine, but still you don't have base connection (and it does not recover after a minute or so), please let us know on Community Forums.

Connection to the Base Server is TCP-only

🟡 Base Server:               188.165.23.196:443 (TCP)
🟡 TCP is a fallback connection method. You'll get better results on UDP

If there is only TCP connection established, you won't be able to establish direct connection to other devices over the internet. The data will be tunneled over the base server - this will negatively impact latency and performance.

In order to fix this, unblock UDP on the firewall. You need at least UDP port 5582, but it's recommended to allow all outgoing connections.

CLI and Husarnet Daemon versions differ

🔴 CLI and Husarnet Daemon versions differ! If you updated recently, restart the Daemon

This will happen if you installed Husarnet via Homebrew (without sudo) and after updating you forgot executing sudo husarnet daemon restart. Old version of the Daemon is still working in the system. Aside from Homebrew setups, this is rather rare. The error might be caused by some problem in automatic software update mechanism in your OS (apt, pacman, etc.), for example unexpected exit while upgrading. To fix this, first try restarting the daemon (sudo husarnet daemon restart). If it does not help, you can also try reinstalling Husarnet. Error messages from your package manager might be helpful.

Husarnet Daemon has crashed and won't come up

There likely is some more information in the journal. Please collect the info and post on the Community Forums. If you can't obtain version information because of the crash, type:

husarnet-daemon version

which is special command to obtain version information from the binary whitout running whole Husarnet stack.

Connection to a peer is 🟡 tunelled

Important: Make sure to ping the peer before checking its information in husarnet status - it is only updated when communication is attempted.

If you see this, that means that you have no direct connection to the peer - this negatively impacts latency and performance. This is most likely caused by restrictive firewall, symmetric NAT or being behind carrier-grade NAT (CGNAT). Here are some tips on how to fix it:

  • allow all UDP traffic on the firewall
  • change NAT type to Full-cone or Port-restricted in your router configuration (it is often called Open or Moderate in router settings)
  • enable IPv6
  • restart your router
  • execute conntrack -F on Linux router or virtual machine host

Tunneled connection when behind CGNAT

Some ISPs, usually mobile carriers, utilise carrier-grade NAT. As a result it is impossible to establish peer-to-peer connection with device hidden behind it.

How to check if you are behind CGNAT:

The easiest way is to check IP address given to you by ISP:

  • ICAAN allocated IP4 address block for CGNAT is 100.64.0.0/10, however some carriers utilise other private IP4 ranges, such as 10.0.0.0/8 or 172.16.0.0/12
  • If there is a router in your network, login into its web panel and check IP on WAN.
  • In case of LTE modem plugged directly into your computer execute command in the terminal 'ip a' - and check IP on outbound interface

If you verified, that you are behind CGNAT and are unable to achieve peer-to-peer connection there is solution. Most ISPs offer service to get public external IP - contact with your ISPs customer service to obtain it. Its important to note, that it does not have to be static address - just public.