Closed maghuro closed 11 months ago
Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24.
ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of ctrld clients list
?
Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24.
ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of
ctrld clients list
?
No sir, not double Nat. I get a direct external IP address from my provider. The 192.168.0.0/24 is the subnet created for the guest network. The subnet for my LAN Network is 10.0.0.1.
So the queries from router should always be from 10.0.0.1 (router main lan ip), not from 192.168.0.1 (router secondary lan IP only for guest network).
This problem only occurs when I have guest network enabled. When it's disabled, the queries come from 10.0.0.1. As soon as I enable it, ControlD gets them via 192.168.0.1, which is wrong.
I'll send you the output of my clients list via email, for privacy concerns.
Thanks for your attention.
Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24. ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of
ctrld clients list
?No sir, not double Nat. I get a direct external IP address from my provider. The 192.168.0.0/24 is the subnet created for the guest network. The subnet for my LAN Network is 10.0.0.1.
So the queries from router should always be from 10.0.0.1 (router main lan ip), not from 192.168.0.1 (router secondary lan IP only for guest network).
This problem only occurs when I have guest network enabled. When it's disabled, the queries come from 10.0.0.1. As soon as I enable it, ControlD gets them via 192.168.0.1, which is wrong.
I'll send you the output of my clients list via email, for privacy concerns.
Thanks for your attention.
ctrld
always use the default route interface for recording its self IP.
Could you provide output of ip r s
(with sensitive information reducted)?
Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24. ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of
ctrld clients list
?No sir, not double Nat. I get a direct external IP address from my provider. The 192.168.0.0/24 is the subnet created for the guest network. The subnet for my LAN Network is 10.0.0.1.
So the queries from router should always be from 10.0.0.1 (router main lan ip), not from 192.168.0.1 (router secondary lan IP only for guest network).
This problem only occurs when I have guest network enabled. When it's disabled, the queries come from 10.0.0.1. As soon as I enable it, ControlD gets them via 192.168.0.1, which is wrong.
I'll send you the output of my clients list via email, for privacy concerns.
Thanks for your attention.
ctrld
always use the default route interface for recording its self IP.Could you provide output of
ip r s
(with sensitive information reducted)?
Yes it should. But it's using randomly one of them.
Output:
admin GT-AX6000/tmp/home/root ip r s default via X.X.X.1 dev eth0 X.X.X.0/24 dev eth0 proto kernel scope link src X.X.X.X X.X.X.1 dev eth0 proto kernel scope link 10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1 10.6.1.0/24 dev tun21 proto kernel scope link src 10.6.1.1 10.6.3.2 dev wgs1 scope link 127.0.0.0/8 dev lo scope link 185.253.5.254 via X.X.X.X dev eth0 metric 1 192.168.101.0/24 dev br1 proto kernel scope link src 192.168.101.1 192.168.102.0/24 dev br2 proto kernel scope link src 192.168.102.1 193.110.81.254 via x.x.x.1 dev eth0 metric 1
Also - note that 10.6.X.X are my vpn networks. I also discussed via email with Yegor that issue, without success solving it:
My toml file has a rule to redirect guest networks to a specific config id successfully. However, the lan from VPN goes - which I also have a rule in toml - is going to the "catch all" device I've configured. Seems like ctrld app can't see that subnet.
@maghuro Does your route table change after enabling guess network?
FYI, ctrld
use default route inteface as the source of queries from router. And this is recorded once when ctrld start, so it's strange that it's changed then. Unless your br*
interfaces use the same mac address as default route interface.
Here's an example from my Merlin:
cuonglm@RT-AX56U-4F98:/jffs/controld# ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
valid_lft forever preferred_lft forever
...
12: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.70/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
...
22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.1/24 brd 192.168.50.255 scope global br0
valid_lft forever preferred_lft forever
...
30: br2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether a0:36:bc:46:4f:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.102.1/24 brd 192.168.102.255 scope global br2
valid_lft forever preferred_lft forever
I removed lines which are not relevant. My setup:
clients => (WiFi 192.168.50.x) Merlin (Cable 192.168.1.70) => router => ISP
Queries from my Merlin is always recorded as from 192.168.1.70
, because it's the default route interface:
cuonglm@RT-AX56U-4F98:/jffs/controld# ip r s
default via 192.168.1.1 dev eth0
8.8.4.4 via 192.168.1.1 dev eth0 metric 1
8.8.8.8 via 192.168.1.1 dev eth0 metric 1
127.0.0.0/8 dev lo scope link
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.70
192.168.1.1 dev eth0 proto kernel scope link
192.168.50.0/24 dev br0 proto kernel scope link src 192.168.50.1
192.168.102.0/24 dev br2 proto kernel scope link src 192.168.102.1
239.0.0.0/8 dev br0 scope link
You can see that the br2
Mac is different with main default route eth0
Mac.
As I can see, you are behind a double nat. My eth0 gets an external IP directly from provider.
So my Merlin router queries are being made either from br0 (10.0.0.1) or br1/br2 (192.168.101.1, 192.168.102.1) when guest network is on (br1 for 2.4ghz and br2 for 5ghz). I can confirm all 3 have different Mac addresses.
adminGT-AX6000/tmp/home/root ip r s
default via 2.80.55.1 dev eth0
2.80.55.0/24 dev eth0 proto kernel scope link src 2.80.55.86
2.80.55.1 dev eth0 proto kernel scope link
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1
10.6.1.0/24 dev tun21 proto kernel scope link src 10.6.1.1
10.6.3.2 dev wgs1 scope link
127.0.0.0/8 dev lo scope link
185.253.5.254 via 2.80.55.1 dev eth0 metric 1
192.168.101.0/24 dev br1 proto kernel scope link src 192.168.101.1
193.110.81.254 via 2.80.55.1 dev eth0 metric 1
Non relevant lines stripped also:
adminGT-AX6000/tmp/home/root ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
valid_lft forever preferred_lft forever
...
21: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
...
27: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
valid_lft forever preferred_lft forever
...
58: br1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
link/ether 04:42:1a:5c:d2:19 brd ff:ff:ff:ff:ff:ff
inet 192.168.101.1/24 brd 192.168.101.255 scope global br1
valid_lft forever preferred_lft forever
@maghuro Does your route table change after enabling guess network?
FYI,
ctrld
use default route inteface as the source of queries from router. And this is recorded once when ctrld start, so it's strange that it's changed then. Unless yourbr*
interfaces use the same mac address as default route interface.Here's an example from my Merlin:
cuonglm@RT-AX56U-4F98:/jffs/controld# ip a 1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo valid_lft forever preferred_lft forever inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0 valid_lft forever preferred_lft forever ... 12: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff inet 192.168.1.70/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever ... 22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff inet 192.168.50.1/24 brd 192.168.50.255 scope global br0 valid_lft forever preferred_lft forever ... 30: br2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether a0:36:bc:46:4f:9d brd ff:ff:ff:ff:ff:ff inet 192.168.102.1/24 brd 192.168.102.255 scope global br2 valid_lft forever preferred_lft forever
I removed lines which are not relevant. My setup:
clients => (WiFi 192.168.50.x) Merlin (Cable 192.168.1.70) => router => ISP
Queries from my Merlin is always recorded as from
192.168.1.70
, because it's the default route interface:cuonglm@RT-AX56U-4F98:/jffs/controld# ip r s default via 192.168.1.1 dev eth0 8.8.4.4 via 192.168.1.1 dev eth0 metric 1 8.8.8.8 via 192.168.1.1 dev eth0 metric 1 127.0.0.0/8 dev lo scope link 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.70 192.168.1.1 dev eth0 proto kernel scope link 192.168.50.0/24 dev br0 proto kernel scope link src 192.168.50.1 192.168.102.0/24 dev br2 proto kernel scope link src 192.168.102.1 239.0.0.0/8 dev br0 scope link
You can see that the
br2
Mac is different with main default routeeth0
Mac.
As soon as I disable guest wifi, br1 and br2 disappear, but on analytics page logs from queries from router are still recorded as being made from br1 or br2 interface (192.168.101.1, 192.168.102.1). Solution is restart controld and everything goes fine again.
Guest wifi disabled:
adminGT-AX6000/tmp/home/root ip r s
default via 2.80.55.1 dev eth0
2.80.55.0/24 dev eth0 proto kernel scope link src 2.80.55.86
2.80.55.1 dev eth0 proto kernel scope link
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1
10.6.1.0/24 dev tun21 proto kernel scope link src 10.6.1.1
10.6.3.2 dev wgs1 scope link
127.0.0.0/8 dev lo scope link
185.253.5.254 via 2.80.55.1 dev eth0 metric 1
193.110.81.254 via 2.80.55.1 dev eth0 metric 1
With guest network disabled, query from router before restart controld:
With guest network disabled, query from router after restarted ControlD:
Hmm, this is weird, I can see your default route is:
default via 2.80.55.1 dev eth0
So the default route should be recorded as eth0. Not sure why it could get it as br0
.
@maghuro Oh, could you please share your /proc/net/route
, with any sensitive information reducted?
@maghuro Oh, could you please share your
/proc/net/route
, with any sensitive information reducted?
With both guest wifi enabled (br1 and br2).
Don't worry about sensitive info. I can change my wan ip anytime I want, luckily. Btw, I changed it since the last comment here, so don't strange it is different right now.
Here they are:
adminGT-AX6000/tmp/home/root cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 00000000 01B29B52 0003 0 0 0 00000000 0 0 0
br0 0000000A 00000000 0001 0 0 0 00FFFFFF 0 0 0
tun21 0001060A 00000000 0001 0 0 0 00FFFFFF 0 0 0
wgs1 0203060A 00000000 0005 0 0 0 FFFFFFFF 0 0 0
eth0 00B29B52 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 01B29B52 00000000 0005 0 0 0 FFFFFFFF 0 0 0
lo 0000007F 00000000 0001 0 0 0 000000FF 0 0 0
eth0 FE05FDB9 01B29B52 0007 0 0 1 FFFFFFFF 0 0 0
br1 0065A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
br2 0066A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 FE516EC1 01B29B52 0007 0 0 1 FFFFFFFF 0 0 0
adminGT-AX6000/tmp/home/root route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 82.155.178.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.6.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun21
10.6.3.2 0.0.0.0 255.255.255.255 UH 0 0 0 wgs1
82.155.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
82.155.178.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
185.253.5.254 82.155.178.1 255.255.255.255 UGH 1 0 0 eth0
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
192.168.102.0 0.0.0.0 255.255.255.0 U 0 0 0 br2
193.110.81.254 82.155.178.1 255.255.255.255 UGH 1 0 0 eth0
@maghuro Thanks for your information.
I think I was able to identify the problem with queries from router. This will be fixed in next release.
@maghuro Thanks for your information.
I think I was able to identify the problem with queries from router. This will be fixed in next release.
Is there, or will be, a test build available on .dev domain that I can try?
@maghuro Thanks for your information. I think I was able to identify the problem with queries from router. This will be fixed in next release.
Is there, or will be, a test build available on .dev domain that I can try?
Yes, there is.
Will notify you once this is fixed and dev installer is updated.
@maghuro You can try a dev build installer:
sh -c 'sh -c "$(curl -sSL https://api.controld.dev/dl)"'
This build will fix the problem with queries from router. We are still fixing/testing the problem with wireguard/vpn.
@maghuro You can try a dev build installer:
sh -c 'sh -c "$(curl -sSL https://api.controld.dev/dl)"'
This build will fix the problem with queries from router. We are still fixing/testing the problem with wireguard/vpn.
Not fixed sir.
Just tested dev installer. Queries still exiting from 192.168.101.1 or 192.168.102.1 when guest wifi is on.
When guest wifi off, all ok and queries exit from 10.0.0.1 as expected.
Please tell me if you need some debug with Dev version
Could paste the output of ctrld --version
?
do your br0 interface have the same mac address with your eth0?
Could paste the output of
ctrld --version
?do your br0 interface have the same mac address with your eth0?
adminGT-AX6000/tmp/home/root ctrld --version
ctrld version dev-fa865f1
Yes... they have as I can see:
21: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
81: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
valid_lft forever preferred_lft forever
But also I see in your Merlin example, your br0 and eth0 also have same mac
Could paste the output of
ctrld --version
? do your br0 interface have the same mac address with your eth0?adminGT-AX6000/tmp/home/root ctrld --version ctrld version dev-fa865f1
Yes... they have as I can see:
21: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff 81: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global br0 valid_lft forever preferred_lft forever
But also I see in your Merlin example, your br0 and eth0 also have same mac
Yes, that's expected. Becaus we use default route interface private IP as the IP for router queries. In v1.3.0, if default route does not have a private IP, ctrld will see an empty string and use last processed private IP (guess network) as router queries.
The dev build will try finding br0 instead and use br0 as IP for router queries (because br0 has the same MAC address with eth0).
Are you sure the old ctrld process is terminated correctly?
Do you have Discord account? If yes, we could chat there for further diagnostic.
Absolutely sure. I even restarted router to make sure it was terminated.
I do have discord. @maghuro it is
This is fixed in v1.3.1 release.
Asus Merlin router. My router has the IP 10.0.0.1 When enabling a guest network, that network is behind the subnet 192.168.0.1 After that, queries from the router itself on activity log page start being recorded as the router main IP is 192.168.0.1 which is wrong - router's main IP still is 10.0.0.1
When getting ctrld clients list, router has both IPs assigned, and the ctrld app should use 10.0.0.1 IP instead, not the guest network Ip.
What happens is because of that I'm getting a duplicated device on ctrld webpage