tinyFecVPN with UDP Acceleration Support (Great for Gaming)

tinyFecVPN

A bidirectional network acceleration tool that works in VPN mode and can accelerate all traffic (TCP/UDP/ICMP).

image

Suppose your local host experiences high packet loss when connecting to a certain server. You only need to use tinyFecVPN to establish a VPN connection, and then access the server through this VPN, and your network quality will improve significantly. With proper parameter settings, it is easy to reduce the packet loss rate to below one in ten thousand. In addition to reducing packet loss, it can also significantly improve TCP response speed and increase TCP single-thread transfer speed.

TinyFecVPN uses the same lib as UDPSpeeder, and its functionality is similar to UDPspeeder. The difference is that TinyFecVPN works in VPN mode, while UDPspeeder works as a UDP
tunnel.

Note

UDPspeeder repo:

https://github.com/wangyu-/UDPspeeder

Note 2

For some carriers, using tinyFecVPN together with udp2raw can achieve better speeds. udp2raw is responsible for disguising UDP as TCP to bypass the carrier’s UDP speed limits.

udp2raw repo:

https://github.com/wangyu-/udp2raw-tunnel

Results

The test environment was a network with 100ms RTT
and 10% bidirectional packet loss (using UDPspeeder’s test results).

Brief Introduction to the Principle

The main principle is to combat network packet loss through redundant data. The methods for sending redundant data include FEC (Forward
Error Correction) and sending multiple copies of packets, and the FEC algorithm is Reed-Solomon.

Diagram:

For details, please see the UDPspeeder repo; they will not be repeated here:

https://github.com/wangyu-/UDPspeeder/

Brief Operating Instructions

Environment Requirements

A Linux host, which can be a desktop version, can be an Android phone/tablet, can be an OpenWrt router, or can be a Raspberry Pi. (Android currently has some issues)

It can be used stably on Windows and Mac with a virtual machine (tinyFecVPN runs in Linux, while other applications continue to run in Windows as usual; bridged mode has been tested and works). You can use this virtual machine image, which is only 7.5 MB, saving you the trouble of installing an operating system inside the virtual machine; the virtual machine comes with an SSH
server, supports copying files with scp, allows SSH access, supports copy and paste, and the root password is 123456.

Android needs to be run through the terminal.

Root or cap_net_admin permissions are required (because a tun device needs to be created).

Note

When using a virtual machine, it is recommended to manually specify which network card to bridge to rather than setting it to automatic. Otherwise, it may bridge to the wrong network card.

Brief Operating Instructions

Installation

Download the compiled binary files and extract them to any directory on the local machine and the server.

https://github.com/wangyu-/tinyFecVPN/releases

Run

Suppose you have a server with the IP 44.55.66.77, and a service listening on tcp/udp
0.0.0.0:7777.

# Run on the server side:
./tinyvpn -s -l0.0.0.0:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0

# Run on the client side:
./tinyvpn -c -r44.55.66.77:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0

Now, as long as you use 10.22.22.1:7777 on the client side, you can connect to your service, and traffic in both directions will be accelerated. Running ping
10.22.22.1 will also get a reply.

Notes:

-f20:10
means sending 10 redundant packets for every 20 original data packets. -f20:10
and -f 20:10 are both acceptable; the space can be omitted, and this is true for all single-byte options. For two-byte options, such as --mode 0 and --mtu 1200, the space cannot be omitted.

-k enables simple XOR encryption.

If you need lower latency, add --mode 1; the default parameter --mode 0 tends to save bandwidth / provide higher throughput.
UDPspeeder’s default parameter is --mode 1, while tinyFecVPN’s default parameter is --mode 0; note the difference.
--mode 0 does not require consideration of MTU issues, while --mode 1 does. If you don’t know what MTU is, it is recommended to use --mode 0.

Advanced Operation Instructions

Command Options

tinyFecVPN
git version: b03df1b586    build date: Oct 31 2017 19:46:50
repository: https://github.com/wangyu-/tinyFecVPN/

usage:
    run as client: ./this_program -c -r server_ip:server_port  [options]
    run as server: ./this_program -s -l server_listen_ip:server_port  [options]

common options, must be the same on both sides:
    -k,--key              <string>        key for simple xor encryption. if not set, xor is disabled
main options:
    --sub-net             <number>        specify the subnet, for example: 192.168.1.0 , default: 10.22.22.0
    --tun-dev             <number>        specify the tun device name, for example: tun10, default: a random name such as tun987
    -f,--fec              x:y             forward error correction, send y redundant packets for every x packets
    --timeout             <number>        how long a packet can be held in the queue before applying fec, unit: ms, default: 8ms
    --mode                <number>        fec mode, available values: 0, 1; 0 uses less bandwidth, 1 has lower latency; default: 0)
    --report              <number>        enable send/recv reports, and set the reporting interval, unit: s
    --keep-reconnect                      reconnect after connection loss, client only.
advanced options:
    --mtu                 <number>        mtu. for mode 0, the program will split packets into segments smaller than mtu_value.
                                          for mode 1, no packets will be split; the program only checks whether the mtu is exceeded.
                                          default value: 1250
    -j,--jitter           <number>        simulated jitter. randomly delay the first packet by 0~<number> ms, default value: 0.
                                          do not use this if you don't know what it means.
    -i,--interval         <number>        spread each fec group over an interval of <number> ms, to protect against burst packet loss.
                                          default value: 0. do not use this if you don't know what it means.
    --random-drop         <number>        simulate packet loss, unit: 0.01%. default value: 0
    --disable-obscure     <number>        disable obscure, to save a bit of bandwidth and cpu
developer options:
    --tun-mtu             <number >       mtu of the tun interface; most of the time you shouldn't change this
    --disable-mssfix      <number >       disable mssfix for tcp connections
    -i,--interval         imin:imax       similar to -i above, but spreads randomly between imin and imax
    --fifo                <string>        use a fifo (named pipe) to send commands to the running program, so that you
                                          can change fec encoding parameters dynamically. check readme.md in the repository for
                                          supported commands.
    -j ,--jitter          jmin:jmax       similar to -j above, but creates jitter randomly between jmin and jmax
    -i,--interval         imin:imax       similar to -i above, but spreads randomly between imin and imax
    -q,--queue-len        <number>        maximum fec queue length, only for mode 0
    --decode-buf          <number>        buffer size of the fec decoder, unit: packets, default: 2000
    --fix-latency         <number>        try to stabilize latency, only for mode 0
    --delay-capacity      <number>        maximum number of delayed packets
    --disable-fec         <number>        completely disable fec, turning the program into a normal udp tunnel
    --sock-buf            <number>        socket buffer size, >=10 and <=10240, unit: kbyte, default: 1024
log and help options:
    --log-level           <number>        0: never    1: fatal   2: error   3: warn
                                          4: info (default)      5: debug   6: trace
    --log-position                        enable file name, function name, and line number in logs
    --disable-color                       disable log colors
    -h,--help                             print this help message

Options shared with UDPspeeder

TinyFecVPN supports all options of UDPspeeder. For details, please see the UDPspeeder repo:

https://github.com/wangyu-/UDPspeeder

New options added in tinyFecVPN

--tun-dev

Specify the name of the tun device. For example: –tun-dev tun100.

If not specified, tinyFecVPN will create a tun device with a random name, such as tun987.

--sub-net

Specify the VPN subnet in the format xxx.xxx.xxx.0. For example:
for –sub-net 10.10.10.0,
the server IP will be set to 10.10.10.1, and the client IP will be set to 10.10.10.2
.

The last number in the subnet should be 0. For example, 10.10.10.123 does not conform to the specification
and will be automatically corrected by the program to 10.10.10.0.

--keep-reconnect

Only valid for the client

TinyFecVPN
server accepts only one client connection; a later client connection will squeeze out the current one.

If –keep-reconnect is enabled, the client will try to regain the connection after it is disconnected or squeezed out.

Performance testing (focused on throughput)

The server is on vulr Japan, CPU 2.4GHz, memory 512mb. The client
is on BandwagonHost US, CPU 2.0GHZ, memory
96mb. An additional 10% packet loss was simulated on the network to increase the FEC load.

Test commands

On the server side:
./tinyvpn_amd64 -s -l 0.0.0.0:5533 --mode 0
iperf3 -s
On the client side:
./tinyvpn_amd64 -c -r 44.55.66.77:5533 --mode 0
iperf3 -c 10.22.22.1 -P10

Test Results

image

Usage Experience

Unable to connect normally

In the vast majority of cases, this is caused by improperly configured iptables. If you cannot connect properly, please clear the iptables rules on both ends and try again. After clearing them, remember to use iptable-save to check and make sure they have actually been cleared.

In some other cases, the service you want to access is not bound to 0.0.0.0. Please use netstat
-nlp to check the server’s binding status.

It is also possible that UDP is being blocked by your local ISP; adding udp2raw in front can solve this.

Error: open /dev/net/tun failed

You may not have root or cap_net_admin permissions.

Another possibility is that this file does not exist on your device. For example, on lede or openwrt, install kmod-tun with opkg, and it will appear automatically after installation.
You can also install openvpn with the package manager, because openvpn depends on kmod-tun, and the package manager will automatically set up this device as well.

On the vast majority of Linux distributions, /dev/net/tun is created by default. You would usually only encounter this issue on embedded distributions such as lede/openwrt. In the virtual machine I provide, /dev/net/tun is also included by default.

MTU Issues

In --mode 0, the encoder automatically splits packets into appropriate sizes, so you do not need to worry about MTU at all.

If you use --mode 1, the encoder will no longer split packets, so MTU issues are introduced.
For TCP, you still do not need to worry about MTU, because tinyFecVPN will automatically apply mssfix; but for UDP, the upper-layer program needs to ensure that the data it sends does not exceed the MTU value (games generally do not send huge packets, so this is not a problem for gaming; programs that may send huge packets usually provide an option to adjust MTU, such as KCPTUN). If you are a beginner, it is recommended to use the default –mode
0 parameter without changing it, which will ensure you do not run into MTU issues.

If you are a developer, for --mode 1 you can try –tun-mtu and set the device MTU to the same value as –mtu (if you have not set –mtu, then set –tun-mtu to the default value of 1250). This allows the kernel to fragment IP packets (only for packets that allow fragmentation), making it possible to transmit huge UDP packets. Not recommended for beginners.

Speed up the network through tinyFecVPN without modifying iptables

Because many people don’t know how to configure iptables, and even experienced users can easily make mistakes with it. Here I recommend a method that doesn’t require iptables, which can basically handle any situation, and is recommended for beginners. If you can configure iptables and routing rules proficiently, you can skip this section.

Suppose the tinyFecVPN client
is running on a local Linux machine, and there is now a service on the VPS listening on TCP and UDP at 0.0.0.0:443. How can I access this service from the local Linux machine? (Assume the IP assigned by the tinyFecVPN
server is 10.22.22.1)

Just access 10.22.22.1:443 directly.

Suppose the tinyFecVPN
client is running on a router/virtual machine, and suppose the tinyFecVPN
Server is running on the VPS. There is now a service on the VPS listening on TCP and UDP at 0.0.0.0:443. How can I access this service from my local Windows machine?

Assume the IP assigned by the tinyFecVPN server is
10.22.22.1, and the IP of the router/virtual machine is 192.168.1.105.

First install
tinyPortMapper on the router/virtual machine, then run the following command:

./tinymapper_x86 -l0.0.0.0:443 -r10.22.22.1:443 -t -u

Then you only need to access 192.168.1.105:443 on your local Windows machine, which is equivalent to accessing port 443 on the VPS.

Suppose the tinyFecVPN client
is running on a local Linux machine, and suppose the tinyFecVPN
Server is running on VPS A. Now there is another VPS,
B (assume its IP is 123.123.123.123), with a service listening on 123.123.123.123:443. How can I access this service from the local Linux machine through tinyFecVPN?

Install
tinyPortMapper on VPS A, then run the following command:

./tinymapper_x86 -l0.0.0.0:443 -r123.123.123.123:443 -t -u

Then port 443 on VPS
B will be mapped to 10.22.22.1:443. In this way, accessing 10.22.22.1:443 on Linux is equivalent to accessing 123.123.123.123:443.

Suppose the tinyFecVPN
client is running on a router/virtual machine, and suppose the tinyFecVPN
Server is running on VPS A. Now there is a service on another VPS
B (assuming its IP is 123.123.123.123) listening on 123.123.123.123:443. How can I access this service from my local Windows machine through tinyFecVPN?

Just combine the previous two scenarios. Run tinyPortMapper on the router/virtual machine, and also run tinyPortMapper on the VPS, then you can map this port to your local machine.

No disconnection after restarting the client or server

Use the following command to create a persistent tun device called tun100

ip tuntap add tun100 mode tun

Then use this persistent tun device in tinyFecVPN with --dev-tun tun100.

Encryption

tinyFecVPN is an extremely lightweight VPN, even lighter than l2tp, and only comes with simple xor encryption. If you need AES encryption, you can chain udp2raw in front of it, which also gives you anti-replay protection.

Other usage tips

Please refer to the usage tips section of UDPspeeder. Nearly all of UDPspeeder’s practical experience also applies here.

https://github.com/wangyu-/UDPspeeder/blob/master/doc/README.zh-cn.md#使用经验

Limitations

Currently, there is an intentional restriction in the server-side code: as an accelerator, tinyFecVPN only allows (direct) access to services on the server itself, and cannot be used (directly) for bypassing internet restrictions. Even if you enable ipforward and
MASQUERADE, it still will not work. There is additional handling in the code, and packets that directly access third-party servers through tinyFecVPN will be dropped. The effect is shown below:

image

Ways to bypass this restriction include: 1.
Set up a proxy on the server, such as socks5, access this proxy through tinyFecVPN, and then use the proxy to access third-party servers.
 2.
Find the relevant restriction code yourself, modify it, and compile an unrestricted version for personal use (do not distribute it).

Application Examples

Use a Raspberry Pi as a router to set up a transparent proxy and speed up the network for gaming consoles

https://github.com/wangyu-/UDPspeeder/wiki/Use a Raspberry Pi as a router to set up a transparent proxy and speed up the network for gaming consoles

Leave a Comment

Your email address will not be published. Required fields are marked *

中文 EN
🚀

RedGate VPN

免费节点太挤太慢?
升级高速稳定专线

立即体验 →

告别卡顿

RedGate VPN
全球高速节点

免费下载 →
Scroll to Top