Comments (44)
Ysurac
commented on June 12, 2024
Hi,
I will try to find the default interface for VPS script.
I added glorytun conf 30 minutes ago :)
If you can't ping from the router than it's not working. Did you enable ss-redir ? (I added this step in the doc).
Make sure you can ping all IPs router from the router.
On the interface page I think you are using french translation, I need to find how to fix this.
from openmptcprouter.
olaulau
commented on June 12, 2024
thanks for the doc update.
got a firefox plugin that forces local to en-us (https://addons.mozilla.org/fr/firefox/addon/quick-accept-language-switc/), now interface status column is working.
is it so obvious I'm french ?
glorytun is now properly starting.
but in shawdowsocks redir rules page, dropdown seems to be wrong, here is what I have :
- hi2 - tcp_and_udp
- hi3 - tcp_and_udp
- hi4 - tcp_and_udp
<unset>
still can't ping internet from the router term, neither from a computer configured to use the router.
from openmptcprouter.
Ysurac
commented on June 12, 2024
French translation will be fixed in next release. I'm french too and I had the same bug.
I will update screenshot for shadowsocks rules asap.
There is a bug with the failover script that put the correct default route. If gateway is on a down interface, the script do nothing... This will be fixed in next release.
Next release will be available when compiled by CircleCI so in about 3H...
from openmptcprouter.
olaulau
commented on June 12, 2024
I've just tried with 0.6 .vdi image, still doesn't work :-/
from openmptcprouter.
Ysurac
commented on June 12, 2024
Both wan are up ?
Did you try a reboot ?
What do you have in system log ?
from openmptcprouter.
olaulau
commented on June 12, 2024
just retried with router .vdi v0.6.2, still doesn't work.
Is the VPS install script updated ? do I have to reinstall it too ?
Yes, both ADSL links are up, and I tried to reboot.
in system / overview :
IPv4 WAN Status | ? Not connected | ? | Not connected
-- | -- | -- | --
? | Not connected
IPv6 WAN Status | ? Not connected | ? | Not connected
? | Not connected
Active Connections | 46 / 131072 (0%)
end of syslog :
Wed Feb 21 08:21:20 2018 daemon.warn dnsmasq[3085]: no servers found in /tmp/resolv.conf.auto, will retry
Wed Feb 21 08:21:20 2018 daemon.info dnsmasq[3085]: read /etc/hosts - 4 addresses
Wed Feb 21 08:21:20 2018 daemon.info dnsmasq[3085]: read /tmp/hosts/odhcpd - 0 addresses
Wed Feb 21 08:21:20 2018 daemon.info dnsmasq[3085]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
Wed Feb 21 08:21:20 2018 daemon.info dnsmasq-dhcp[3085]: read /etc/ethers - 0 addresses
Wed Feb 21 08:21:20 2018 user.notice unbound: iterator will use built-in root hints
Wed Feb 21 08:21:20 2018 daemon.notice unbound: [3168:0] notice: init module 0: iterator
Wed Feb 21 08:21:21 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:22 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:23 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:23 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.10.1 dev wan1
Wed Feb 21 08:21:24 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:26 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:26 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.11.1 dev wan2
Wed Feb 21 08:21:30 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:32 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:32 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.10.1 dev wan1
Wed Feb 21 08:21:35 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:37 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:37 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.11.1 dev wan2
Wed Feb 21 08:21:40 2018 daemon.info procd: Instance mptcp::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Wed Feb 21 08:21:41 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:43 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:43 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.10.1 dev wan1
Wed Feb 21 08:21:44 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:46 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:46 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.11.1 dev wan2
Wed Feb 21 08:21:49 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:50 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:51 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:52 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:21:52 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.10.1 dev wan1
Wed Feb 21 08:21:53 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:55 2018 daemon.err omr-tracker[2224]: ping: bad address ''
Wed Feb 21 08:21:55 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.11.1 dev wan2
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1720]: listening at 0.0.0.0:1100
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1718]: listening at 0.0.0.0:1100
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1720]: tcp port reuse enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1718]: tcp port reuse enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1718]: UDP relay enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1720]: UDP relay enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1720]: udp port reuse enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1718]: udp port reuse enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1720]: running from root user
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1718]: running from root user
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1719]: listening at 0.0.0.0:1100
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1719]: tcp port reuse enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1719]: UDP relay enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1719]: udp port reuse enabled
Wed Feb 21 08:21:58 2018 daemon.info /usr/bin/ss-redir[1719]: running from root user
Wed Feb 21 08:21:58 2018 daemon.info glorytun[2165]: INITIALIZED tun0
Wed Feb 21 08:21:58 2018 daemon.notice netifd: Interface 'glorytun' is enabled
Wed Feb 21 08:21:58 2018 daemon.notice netifd: Network device 'tun0' link is up
Wed Feb 21 08:21:58 2018 daemon.notice netifd: Interface 'glorytun' has link connectivity
Wed Feb 21 08:21:58 2018 daemon.notice netifd: Interface 'glorytun' is setting up now
Wed Feb 21 08:21:58 2018 daemon.notice netifd: Interface 'glorytun' is now up
Wed Feb 21 08:21:58 2018 kern.notice kernel: [ 49.430600] random: nonblocking pool is initialized
Wed Feb 21 08:21:58 2018 daemon.info unbound: [3168:0] info: start of service (unbound 1.6.8).
Wed Feb 21 08:21:58 2018 user.notice firewall: Reloading firewall due to ifup of glorytun (tun0)
Wed Feb 21 08:21:58 2018 user.notice multipath: master device tun0 has no gateway!
Wed Feb 21 08:21:58 2018 user.notice multipath: Faild to set default multipath device! Use glorytun as fallback...
Wed Feb 21 08:21:58 2018 user.notice multipath: device glorytun not fount!
Wed Feb 21 08:21:59 2018 daemon.info odhcpd[1847]: Using a RA lifetime of 0 seconds on eth0
Wed Feb 21 08:21:59 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:22:01 2018 daemon.err omr-tracker[2225]: ping: bad address ''
Wed Feb 21 08:22:01 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.10.1 dev wan1
end of kernel log :
[ 4.491124] kmodloader: done loading kernel modules from /etc/modules.d/*
[ 5.627554] ip_local_port_range: prefer different parity for start/end values.
[ 6.181406] IPv6: ADDRCONF(NETDEV_UP): lo: link is not ready
[ 6.182690] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 6.185964] 8021q: adding VLAN 0 to HW filter on device eth0
[ 6.188865] 8021q: adding VLAN 0 to HW filter on device wan1
[ 6.190411] 8021q: adding VLAN 0 to HW filter on device wan2
[ 49.430600] random: nonblocking pool is initialized
from openmptcprouter.
Ysurac
commented on June 12, 2024
VPS script not updated.
The state in system overview is not a problem.
Multipath should be set as disabled for glorytun interface. (same for lan interface)
You should check that shadowsocks key are the same on VPS and OpenMPTCProuter: You can check on the OpenMPTCProuter cat /tmp/etc/shadowsocks-libev/ss_redir.hi.json and cat /etc/shadowsocks-libev/config.json on the VPS, key should be the same.
from openmptcprouter.
olaulau
commented on June 12, 2024
shadowsocks key are identical.
disabled multipath on wan1 & wan2
-> now ping says "network unreachable" instead of doing nothing.
But I still don't have exactly "hi" in redir rules, but hi2, ui3, hi4, and unset in the dropdown.
I had to enable it in "local instance" tab of shadowsocks, then select "hi" in redir rules
-> no change.
from openmptcprouter.
Ysurac
commented on June 12, 2024
Only disabled for glorytun and lan interface, Multipath MUST be enabled for wan* interfaces.
What is the content of /etc/config/shadowsocks-libev (remove key before paste) ? Maybe I forget to put a default setting...
from openmptcprouter.
olaulau
commented on June 12, 2024
oh sorry for wan* mistake ... re-enabled multipath on them.
multipath was disabled for lan and glorytun.
content of /etc/config/shadowsocks-libev :
config ss_redir 'hi'
option server 'sss0'
option local_address '0.0.0.0'
option local_port '1100'
option mode 'tcp_and_udp'
option timeout '60'
option fast_open '1'
option verbose '1'
option reuse_port '1'
option mptcp '1'
option disabled 'false'
config ss_rules 'ss_rules'
option src_default 'forward'
option dst_default 'forward'
option local_default 'forward'
list dst_ips_forward '8.8.8.8'
option redir_tcp 'hi'
option redir_udp 'hi'
config server 'sss0'
option server_port '65101'
option method 'aes-256-cfb'
option server 'my_vps_ip'
option key 'my_shadowsocks_key'
config ss_tunnel 'dns'
option disabled '1'
option mode 'tcp_and_udp'
option server 'sss0'
option local_port '5353'
option tunnel_address '8.8.8.8:53'
config ss_redir 'hi2'
option server 'sss0'
option local_address '0.0.0.0'
option local_port '1100'
option mode 'tcp_and_udp'
option timeout '60'
option fast_open '1'
option reuse_port '1'
option mptcp '1'
config ss_redir 'hi3'
option server 'sss0'
option local_address '0.0.0.0'
option local_port '1100'
option mode 'tcp_and_udp'
option timeout '60'
option fast_open '1'
option reuse_port '1'
option mptcp '1'
config ss_redir 'hi4'
option server 'sss0'
option local_address '0.0.0.0'
option local_port '1100'
option mode 'tcp_and_udp'
option timeout '60'
option fast_open '1'
option reuse_port '1'
option mptcp '1'
from openmptcprouter.
Ysurac
commented on June 12, 2024
This configuration is ok.
Maybe a problem on the VPS part ? Shorewall (the firewall part) is running on the VPS ?
eth0 is replaced by enp2s0 in all shorewall conf files (interfaces and snat) ?
from openmptcprouter.
olaulau
commented on June 12, 2024
service shorewall status
● shorewall.service - Shorewall IPv4 firewall
Loaded: loaded (/lib/systemd/system/shorewall.service; enabled; vendor preset
Active: active (exited) since Wed 2018-02-21 13:39:37 CET; 10min ago
Process: 1747 ExecStop=/sbin/shorewall $OPTIONS clear (code=exited, status=0/S
Process: 1855 ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS (code=exi
Main PID: 1855 (code=exited, status=0/SUCCESS)
Feb 21 13:39:37 new2 shorewall[1855]: Starting Shorewall....
Feb 21 13:39:37 new2 shorewall[1855]: Initializing...
Feb 21 13:39:37 new2 shorewall[1855]: Setting up Route Filtering...
Feb 21 13:39:37 new2 shorewall[1855]: Setting up Martian Logging...
Feb 21 13:39:37 new2 shorewall[1855]: Setting up Accept Source Routing...
Feb 21 13:39:37 new2 shorewall[1855]: Preparing iptables-restore input...
Feb 21 13:39:37 new2 shorewall[1855]: Running /sbin/iptables-restore ...
Feb 21 13:39:37 new2 shorewall[1855]: IPv4 Forwarding Enabled
Feb 21 13:39:37 new2 shorewall[1855]: done.
Feb 21 13:39:37 new2 systemd[1]: Started Shorewall IPv4 firewall.
iptables -L shows many rules, so I think shorewall is working correctly.
on SSH login I have :
< OpenMPCTProuter VPS 0.2 >
I'm using a fresh debian9 install on an online.net dedicated server.
Just ran the VPS script, edit shorewall interface, and reboot.
Then I use the keys generated into the router config (shadowsocks & glorytun).
still cannot ping anything :
root@OpenMPTCProuter:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network unreachable
any idea ?
from openmptcprouter.
Ysurac
commented on June 12, 2024
Did you edit also shorewall snat ?
from openmptcprouter.
Ysurac
commented on June 12, 2024
What is the result if you stop shorewall ?
from openmptcprouter.
olaulau
commented on June 12, 2024
/etc/shorewall/interfaces :
###############################################################################
?FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
net enp2s0 dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags
/etc/shorewall/snat :
###############################################################################
?FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
net enp2s0 dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags
stopping shorewall :
# service shorewall stop
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
still cannot ping internet from router
restarting shorewall refills iptables with many rules :
root@new2:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
net-fw all -- anywhere anywhere
vpn-fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:"
reject all -- anywhere anywhere [goto]
Chain FORWARD (policy DROP)
target prot opt source destination
net_frwd all -- anywhere anywhere
vpn_frwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:"
reject all -- anywhere anywhere [goto]
Chain OUTPUT (policy DROP)
target prot opt source destination
fw-net all -- anywhere anywhere
fw-vpn all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:"
reject all -- anywhere anywhere [goto]
Chain Broadcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
Chain Drop (2 references)
target prot opt source destination
all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Broadcast all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
Chain Reject (4 references)
target prot opt source destination
all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Broadcast all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
reject udp -- anywhere anywhere [goto] multiport dports loc-srv,microsoft-ds /* SMB */
reject udp -- anywhere anywhere [goto] udp dpts:netbios-ns:netbios-ssn /* SMB */
reject udp -- anywhere anywhere [goto] udp spt:netbios-ns dpts:1024:65535 /* SMB */
reject tcp -- anywhere anywhere [goto] multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */
Chain dynamic (4 references)
target prot opt source destination
Chain fw-net (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain /* DNS */
ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* DNS */
ACCEPT icmp -- anywhere anywhere icmp echo-request /* Ping */
ACCEPT all -- anywhere anywhere
Chain fw-vpn (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request /* Ping */
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc /* DHCPfwd */
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain logflags (7 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info ip-options prefix "Shorewall:logflags:DROP:"
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain net-fw (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
smurfs all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
tcpflags tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp echo-request /* Ping */
ACCEPT tcp -- anywhere anywhere tcp dpts:65000:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:65222
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net-fw:DROP:"
DROP all -- anywhere anywhere
Chain net-vpn (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere ctstate INVALID
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net-vpn:DROP:"
DROP all -- anywhere anywhere
Chain net_frwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
smurfs all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
tcpflags tcp -- anywhere anywhere
net-vpn all -- anywhere anywhere
Chain reject (9 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- base-address.mcast.net/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain sha-lh-9c46be43bbecf53806f5 (0 references)
target prot opt source destination
Chain sha-rh-e606136400cb2b1558ca (0 references)
target prot opt source destination
Chain shorewall (0 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255
Chain smurflog (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:smurfs:DROP:"
DROP all -- anywhere anywhere
Chain smurfs (4 references)
target prot opt source destination
RETURN all -- default anywhere
smurflog all -- anywhere anywhere [goto] ADDRTYPE match src-type BROADCAST
smurflog all -- base-address.mcast.net/4 anywhere [goto]
Chain tcpflags (4 references)
target prot opt source destination
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere [goto] tcp flags:SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,RST/FIN,RST
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere [goto] tcp flags:FIN,PSH,ACK/FIN,PSH
logflags tcp -- anywhere anywhere [goto] tcp spt:0 flags:FIN,SYN,RST,ACK/SYN
Chain vpn-fw (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
smurfs all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
tcpflags tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request /* Ping */
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc /* DHCPfwd */
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:vpn-fw:REJECT:"
reject all -- anywhere anywhere [goto]
Chain vpn-net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain vpn_frwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
smurfs all -- anywhere anywhere ctstate INVALID,NEW,UNTRACKED
tcpflags tcp -- anywhere anywhere
vpn-net all -- anywhere anywhere
̀̀̀```
from openmptcprouter.
Ysurac
commented on June 12, 2024
All seems ok here.
You should have no more omr-tracker errors in the system log. If you have some, wait a little, a new image is compiling and should fix this...
Else
You could try to run ss-server manually on the VPS: ss-server -c /etc/shadowsocks-libev/config.json (do a systemctl stop shadowsocks-libev-server@config before) and check on the console if you have something displayed when doing a curl ifconfig.co on the router.
If no, do the same on the router, killall -9 ss-redir, ss-redir -c /etc/var/shadowsocks-libev/ss_redir.hi.json and curl ifconfig.co and check if there is something somewhere.
from openmptcprouter.
olaulau
commented on June 12, 2024
tried with router v0.7 vdi image this morning, still doesn't work :
no more omr-tracker errors in syslog, but it is full of lines like this :
Thu Feb 22 09:40:46 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.10.1 dev wan1
Thu Feb 22 09:40:51 2018 user.notice post-tracking-post-tracking: Replace default route by 192.168.11.1 dev wan2
I don't understand on which host:port I should query the curl ifconfig.co.
from openmptcprouter.
Ysurac
commented on June 12, 2024
Strange...
Can you paste the /etc/config/network of the router ?
from openmptcprouter.
olaulau
commented on June 12, 2024
root@OpenMPTCProuter:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option multipath 'off'
config globals 'globals'
option ula_prefix 'fdae:7104:30d0::/48'
option multipath 'enable'
option mptcp_path_manager 'fullmesh'
option mptcp_scheduler 'default'
option congestion 'olia'
config interface 'lan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
option ip6assign '60'
option multipath 'off'
option ip4table 'lan'
config rule 'lan_rule'
option lookup 'lan'
option priority '100'
config interface 'wan1'
option proto 'static'
option type 'macvlan'
option ip4table 'wan'
option multipath 'master'
option defaultroute '0'
option ifname 'wan1'
option label 'crystal'
option interface 'eth0'
option ipaddr '192.168.10.2'
option netmask '255.255.255.0'
option gateway '192.168.10.1'
option metric '1'
config interface 'wan2'
option proto 'static'
option type 'macvlan'
option ip4table 'wan'
option multipath 'on'
option defaultroute '0'
option ifname 'wan2'
option label 'revolution'
option interface 'eth0'
option ipaddr '192.168.11.2'
option netmask '255.255.255.0'
option gateway '192.168.11.1'
option metric '2'
config device 'wan1_dev'
option name 'wan1'
option type 'macvlan'
option ifname 'eth0'
option macaddr 'auto1519287461'
config device 'wan2_dev'
option name 'wan2'
option type 'macvlan'
option ifname 'eth0'
option macaddr 'auto1519287461'
config interface 'glorytun'
option ifname 'tun0'
option proto 'none'
option ip4table 'vpn'
option multipath 'off'
option defaultroute '0'
from openmptcprouter.
Ysurac
commented on June 12, 2024
All seems ok here too. At least if your box have ip 192.168.11.1 and 192.168.10.1.
You should be able to ping 192.168.11.1 -I 192.168.11.2 and ping 192.168.10.1 -I 192.168.10.2 without problems (and without any packets lost) on the router.
If true, you should also be able to ping 8.8.8.8 -I 192.168.11.2, on the router, even if packets are lost because of routes changes by the script.
If true, on the router, wget -O - https://github.com/Ysurac/openmptcprouter-feeds/raw/master/openmptcprouter/files/etc/uci-defaults/1940-omr-dns | sh, this will fix a bug with DNS that is solved but not if you used a saved config. Then reboot and try on the router curl ifconfig.co, this will give you your ip.
from openmptcprouter.
olaulau
commented on June 12, 2024
no, can't ping my boxes from router :
root@OpenMPTCProuter:~# ping 192.168.11.1 -I 192.168.11.2
PING 192.168.11.1 (192.168.11.1) from 192.168.11.2: 56 data bytes
^C
--- 192.168.11.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root@OpenMPTCProuter:~# ping 192.168.10.1 -I 192.168.10.2
PING 192.168.10.1 (192.168.10.1) from 192.168.10.2: 56 data bytes
^C
--- 192.168.10.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
My boxes have been set to 192.168.10.1 and 192.168.11.1, DHCP disabled, plugged on the same network.
They are working correctly, I'm using them with manual IP addressing on my computer (which hosts virtualbox, running the router with bridged network) :
$ ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=3.67 ms
^C
--- 192.168.10.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.677/3.677/3.677/0.000 ms
from openmptcprouter.
Ysurac
commented on June 12, 2024
OK, so it's the problem.
Your computer don't use same IPs ? You have promiscuous mode activated for virtualbox ?
from openmptcprouter.
olaulau
commented on June 12, 2024
no IP addressing conflict.
I've tried with and without promiscuous mode, which do you recommend ?
from openmptcprouter.
Ysurac
commented on June 12, 2024
with full promiscuous mode.
from openmptcprouter.
olaulau
commented on June 12, 2024
root@OpenMPTCProuter:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.11.1 0.0.0.0 UG 0 0 0 wan2
192.168.10.0 0.0.0.0 255.255.255.0 U 1 0 0 wan1
192.168.11.0 0.0.0.0 255.255.255.0 U 2 0 0 wan2
strange, no ?
from openmptcprouter.
Ysurac
commented on June 12, 2024
no. No problem here, I've the same.
from openmptcprouter.
olaulau
commented on June 12, 2024
also tried with 0.7.2 images, this time under windows (I was under ubuntu), with virtualbox and vmware player.
also tried the img format on another computer, with qemu/KVM.
=> same problem : can't ping my boxes.
a friend of mine has little more success with his rPi3.
are you sure other images are working ?
from openmptcprouter.
Ysurac
commented on June 12, 2024
I'm always working on the virtualbox images. So they are working.
You can test official openwrt images: https://downloads.openwrt.org/releases/17.01.4/targets/x86/64/
If you have the same problem then it's on your side, else it's on my side (and I will have to reproduce it...).
from openmptcprouter.
Ysurac
commented on June 12, 2024
Do you have a firewall on your computer ? if yes, this may be the problem.
from openmptcprouter.
dougalito
commented on June 12, 2024
Hello,
I work with Olaulau to test your project.
I use a Pi3 and the same VPS as Olaulau.
When i used the 0.5.3 version it was nearly to work correctly. (going throw the VPN with shadowsocks but no additionnal on bandwith, seem to use only one, but my output IP is the same as the VPS).
Since i use 0.7.3 version nothing work, when i finished to configure my Pi3 i have no network on my computer and no internet. But I have an IP gave by Pi3 but nothing.
I can ping something like 8.8.8.8 but it seem to be a DNS problem. (I tried to fix it by put google DNS on my network card but still down).
Tell me if you want some LOG.
from openmptcprouter.
Ysurac
commented on June 12, 2024
This will be fixed in next release (in about 30 minutes).
Server in dnsmasq is set to 127.0.0.1 instead of 127.0.0.1#5353 to relay DNS to unbound.
from openmptcprouter.
Ysurac
commented on June 12, 2024
VPS script was also updated to version 0.4 that add "mode":"tcp_and_udp", in /etc/shorewall-libev/config.json. This allow UDP over shadowsocks, I forget this...
from openmptcprouter.
dougalito
commented on June 12, 2024
I tried few minutes ago the new release 0.8.1.
after first installation i reboot the PI3 and got this message :
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: sendto failed: Permission denied
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: remote address is 2001:7fd::1 port 53
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: sendto failed: Permission denied
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: remote address is 2001:503:c27::2:30 port 53
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: sendto failed: Permission denied
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: remote address is 2001:7fd::1 port 53
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: sendto failed: Permission denied
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: remote address is 2001:500:1::53 port 53
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: sendto failed: Permission denied
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: remote address is 2001:500:a8::e port 53
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: sendto failed: Permission denied
Sun Feb 25 18:32:05 2018 daemon.notice unbound: [1525:0] notice: remote address is 2001:500:200::b port 53
again and again.
Got an local IP from PI3 but no DNS on firefox for going to website.
can ping 8.8.8.8
VPS script is up to date
from openmptcprouter.
Ysurac
commented on June 12, 2024
Unbound notice are not a problem, only that there is no IPv6.
On the PI3 can you do curl ifconfig.co if you have the VPS ip as result, it's ok.
from openmptcprouter.
dougalito
commented on June 12, 2024
couldn't resolve host 'ifconfig.co'
and
Sun Feb 25 18:34:23 2018 daemon.err /usr/bin/ss-tunnel[2892]: [udp] server_recv_sendto: Network unreachable
Sun Feb 25 18:34:26 2018 daemon.err /usr/bin/ss-redir[2888]: fast_open_connect: Network unreachable
Sun Feb 25 18:35:07 2018 daemon.info odhcpd[635]: Using a RA lifetime of 0 seconds on eth0
Sun Feb 25 18:35:08 2018 daemon.err omr-tracker[5227]: RTNETLINK answers: No such process
from openmptcprouter.
dougalito
commented on June 12, 2024
Ok with the 0.8.2
curl give me VPS ip.
Got a DHCP ip from PI3
Internet working Well
I just have to test if i got both connections input and output
from openmptcprouter.
Ysurac
commented on June 12, 2024
Cool :)
from openmptcprouter.
dougalito
commented on June 12, 2024
What Kind of différences betwween 0.8.2 and 0.8.3 ?
from openmptcprouter.
Ysurac
commented on June 12, 2024
In fact it's 0.8-3, only a new compilation. Nothing major: I removed example tunnel in shadowsocks.
from openmptcprouter.
dougalito
commented on June 12, 2024
At first time it seem to be ok, ...
but my connections are not reconized with their max bandwith.
My first alone Got nearly 6Mb/s and my second is about 5 Mbs test without MPTCP Router and one by one and with wy Overthebox from OVH got the good addition of it.
but on MPTCP Router one is 3.8 and the other is 2.8 and got 6 with Shadowsocks.
So i got a great difference in perf and its better for me to get only one active than both with MPTCP.
Do you have an idea about this problem ?
from openmptcprouter.
Ysurac
commented on June 12, 2024
How do you get speed of each connection on the router ?
With Shadowsocks you always loose a little bandwidth because of encryption.
from openmptcprouter.
dougalito
commented on June 12, 2024
Sync stats on Freebox, and verified directly with RJ45 from the box on m'y computer, one n'y one connection.
I should try just to desactivate each connecrion on Pi3 to know if is it because of openwrite or shadowsocks
from openmptcprouter.
olaulau
commented on June 12, 2024
HI ;
Just tried last build on VPS and on an rPi3, works pretty great !
I'll try again from virtualbox later, and let you know in the other ticket.
perfs are not as good as expected, especially concerning upload and ping (download is good). I'll open a ticket later with more infos.
I think we can close this ticket.
thanks for the good work, looks very promising.
Laurent.
from openmptcprouter.
olaulau
commented on June 12, 2024
just a small message to tell you that last versions seems to work well, I'm seeing huge improvements in term of download speed and responsiveness in web browsing.
great job ! thank you.
from openmptcprouter.
Related Issues (20)
- Qnap Qhora 301-W HOT 19
- [offtop] Simple script build custom kernel like Openwrt build.sh, but for regular Debian HOT 1
- Challenges with Achieving Expected Aggregate Throughput HOT 38
- Public IPs from Cloud provider routed to cisco router HOT 2
- openvpntcp cannt connect on RC1 kernel 6.1 HOT 2
- OMR 0.60-RC1 DNSMASQ/OMR-BYPASS problems with NFTABLE HOT 8
- Can't get public IP from ShadowSocks Rust HOT 3
- Irregular Timeout HOT 8
- openmptcprouter v0.60rc1-6.1 running perfect! HOT 2
- OMR disconnects from the backup VPS if the master comes online later.
- Interface metric assingnment is wrong HOT 5
- VPN tunnel down, Cant get public ip address from shadowsocks, cant contact server admin (no token yet available) HOT 15
- OMR Congestion Detection Mechanisms HOT 1
- install openmptcprouter on a mini PC hard drive ? HOT 5
- OMR is trafficing a large amount of data just to connect to the VPS. HOT 4
- StarLink compatibility ? HOT 18
- opkg update error in RC1 HOT 20
- Lots of ss-server connection reset errors on VPS HOT 2
- Addressing MPTCP Tunnel Challenges: Raspberry Pi to Google Cloud VM Connectivity HOT 10
- Kernel panic - not syncing HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openmptcprouter.