search

Control-D-Inc / ctrld

A highly configurable, multi-protocol DNS forwarding proxy
MIT License
405 stars 19 forks source link

Device ip #72

Closed maghuro closed 11 months ago

maghuro commented 1 year ago

Asus Merlin router. My router has the IP 10.0.0.1 When enabling a guest network, that network is behind the subnet 192.168.0.1 After that, queries from the router itself on activity log page start being recorded as the router main IP is 192.168.0.1 which is wrong - router's main IP still is 10.0.0.1

When getting ctrld clients list, router has both IPs assigned, and the ctrld app should use 10.0.0.1 IP instead, not the guest network Ip.

What happens is because of that I'm getting a duplicated device on ctrld webpage

yegors commented 1 year ago

Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24.

ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of ctrld clients list?

maghuro commented 1 year ago

Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24.

ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of ctrld clients list?

No sir, not double Nat. I get a direct external IP address from my provider. The 192.168.0.0/24 is the subnet created for the guest network. The subnet for my LAN Network is 10.0.0.1.

So the queries from router should always be from 10.0.0.1 (router main lan ip), not from 192.168.0.1 (router secondary lan IP only for guest network).

This problem only occurs when I have guest network enabled. When it's disabled, the queries come from 10.0.0.1. As soon as I enable it, ControlD gets them via 192.168.0.1, which is wrong.

I'll send you the output of my clients list via email, for privacy concerns.

Thanks for your attention.

cuonglm commented 1 year ago

Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24. ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of ctrld clients list?

No sir, not double Nat. I get a direct external IP address from my provider. The 192.168.0.0/24 is the subnet created for the guest network. The subnet for my LAN Network is 10.0.0.1.

So the queries from router should always be from 10.0.0.1 (router main lan ip), not from 192.168.0.1 (router secondary lan IP only for guest network).

This problem only occurs when I have guest network enabled. When it's disabled, the queries come from 10.0.0.1. As soon as I enable it, ControlD gets them via 192.168.0.1, which is wrong.

I'll send you the output of my clients list via email, for privacy concerns.

Thanks for your attention.

ctrld always use the default route interface for recording its self IP.

Could you provide output of ip r s (with sensitive information reducted)?

maghuro commented 1 year ago

Sounds like you have a double NAT situation. Likely, routers "WAN" IP is 10.0.0.1, and your LAN network is on 192.168.0.0/24. ctrld sees the source IPs of your clients on the LAN subnet. Can you post the output of ctrld clients list?

No sir, not double Nat. I get a direct external IP address from my provider. The 192.168.0.0/24 is the subnet created for the guest network. The subnet for my LAN Network is 10.0.0.1.

So the queries from router should always be from 10.0.0.1 (router main lan ip), not from 192.168.0.1 (router secondary lan IP only for guest network).

This problem only occurs when I have guest network enabled. When it's disabled, the queries come from 10.0.0.1. As soon as I enable it, ControlD gets them via 192.168.0.1, which is wrong.

I'll send you the output of my clients list via email, for privacy concerns.

Thanks for your attention.

ctrld always use the default route interface for recording its self IP.

Could you provide output of ip r s (with sensitive information reducted)?

Yes it should. But it's using randomly one of them.

Output:

admin GT-AX6000/tmp/home/root ip r s default via X.X.X.1 dev eth0 X.X.X.0/24 dev eth0 proto kernel scope link src X.X.X.X X.X.X.1 dev eth0 proto kernel scope link 10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1 10.6.1.0/24 dev tun21 proto kernel scope link src 10.6.1.1 10.6.3.2 dev wgs1 scope link 127.0.0.0/8 dev lo scope link 185.253.5.254 via X.X.X.X dev eth0 metric 1 192.168.101.0/24 dev br1 proto kernel scope link src 192.168.101.1 192.168.102.0/24 dev br2 proto kernel scope link src 192.168.102.1 193.110.81.254 via x.x.x.1 dev eth0 metric 1

maghuro commented 1 year ago

Also - note that 10.6.X.X are my vpn networks. I also discussed via email with Yegor that issue, without success solving it:

My toml file has a rule to redirect guest networks to a specific config id successfully. However, the lan from VPN goes - which I also have a rule in toml - is going to the "catch all" device I've configured. Seems like ctrld app can't see that subnet.

cuonglm commented 1 year ago

@maghuro Does your route table change after enabling guess network?

FYI, ctrld use default route inteface as the source of queries from router. And this is recorded once when ctrld start, so it's strange that it's changed then. Unless your br* interfaces use the same mac address as default route interface.

Here's an example from my Merlin:

cuonglm@RT-AX56U-4F98:/jffs/controld# ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
       valid_lft forever preferred_lft forever
...
12: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.70/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
...
22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.1/24 brd 192.168.50.255 scope global br0
       valid_lft forever preferred_lft forever
...
30: br2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether a0:36:bc:46:4f:9d brd ff:ff:ff:ff:ff:ff
    inet 192.168.102.1/24 brd 192.168.102.255 scope global br2
       valid_lft forever preferred_lft forever

I removed lines which are not relevant. My setup:

clients => (WiFi 192.168.50.x) Merlin (Cable 192.168.1.70) => router => ISP

Queries from my Merlin is always recorded as from 192.168.1.70, because it's the default route interface:

cuonglm@RT-AX56U-4F98:/jffs/controld# ip r s
default via 192.168.1.1 dev eth0 
8.8.4.4 via 192.168.1.1 dev eth0 metric 1 
8.8.8.8 via 192.168.1.1 dev eth0 metric 1 
127.0.0.0/8 dev lo scope link 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.70 
192.168.1.1 dev eth0 proto kernel scope link 
192.168.50.0/24 dev br0 proto kernel scope link src 192.168.50.1 
192.168.102.0/24 dev br2 proto kernel scope link src 192.168.102.1 
239.0.0.0/8 dev br0 scope link

You can see that the br2 Mac is different with main default route eth0 Mac.

maghuro commented 1 year ago

As I can see, you are behind a double nat. My eth0 gets an external IP directly from provider.

So my Merlin router queries are being made either from br0 (10.0.0.1) or br1/br2 (192.168.101.1, 192.168.102.1) when guest network is on (br1 for 2.4ghz and br2 for 5ghz). I can confirm all 3 have different Mac addresses.

adminGT-AX6000/tmp/home/root ip r s
default via 2.80.55.1 dev eth0
2.80.55.0/24 dev eth0 proto kernel scope link src 2.80.55.86
2.80.55.1 dev eth0 proto kernel scope link
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1
10.6.1.0/24 dev tun21 proto kernel scope link src 10.6.1.1
10.6.3.2 dev wgs1 scope link
127.0.0.0/8 dev lo scope link
185.253.5.254 via 2.80.55.1 dev eth0 metric 1
192.168.101.0/24 dev br1 proto kernel scope link src 192.168.101.1
193.110.81.254 via 2.80.55.1 dev eth0 metric 1

Non relevant lines stripped also:

adminGT-AX6000/tmp/home/root ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
       valid_lft forever preferred_lft forever
...
21: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
...
27: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
    link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
       valid_lft forever preferred_lft forever
...
58: br1: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
    link/ether 04:42:1a:5c:d2:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.1/24 brd 192.168.101.255 scope global br1
       valid_lft forever preferred_lft forever

@maghuro Does your route table change after enabling guess network?

FYI, ctrld use default route inteface as the source of queries from router. And this is recorded once when ctrld start, so it's strange that it's changed then. Unless your br* interfaces use the same mac address as default route interface.

Here's an example from my Merlin:

cuonglm@RT-AX56U-4F98:/jffs/controld# ip a
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet 127.0.1.1/8 brd 127.255.255.255 scope host secondary lo:0
       valid_lft forever preferred_lft forever
...
12: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.70/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
...
22: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether a0:36:bc:46:4f:98 brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.1/24 brd 192.168.50.255 scope global br0
       valid_lft forever preferred_lft forever
...
30: br2: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether a0:36:bc:46:4f:9d brd ff:ff:ff:ff:ff:ff
    inet 192.168.102.1/24 brd 192.168.102.255 scope global br2
       valid_lft forever preferred_lft forever

I removed lines which are not relevant. My setup:

clients => (WiFi 192.168.50.x) Merlin (Cable 192.168.1.70) => router => ISP

Queries from my Merlin is always recorded as from 192.168.1.70, because it's the default route interface:

cuonglm@RT-AX56U-4F98:/jffs/controld# ip r s
default via 192.168.1.1 dev eth0 
8.8.4.4 via 192.168.1.1 dev eth0 metric 1 
8.8.8.8 via 192.168.1.1 dev eth0 metric 1 
127.0.0.0/8 dev lo scope link 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.70 
192.168.1.1 dev eth0 proto kernel scope link 
192.168.50.0/24 dev br0 proto kernel scope link src 192.168.50.1 
192.168.102.0/24 dev br2 proto kernel scope link src 192.168.102.1 
239.0.0.0/8 dev br0 scope link

You can see that the br2 Mac is different with main default route eth0 Mac.

maghuro commented 1 year ago

As soon as I disable guest wifi, br1 and br2 disappear, but on analytics page logs from queries from router are still recorded as being made from br1 or br2 interface (192.168.101.1, 192.168.102.1). Solution is restart controld and everything goes fine again.

Guest wifi disabled:

adminGT-AX6000/tmp/home/root ip r s
default via 2.80.55.1 dev eth0
2.80.55.0/24 dev eth0 proto kernel scope link src 2.80.55.86
2.80.55.1 dev eth0 proto kernel scope link
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1
10.6.1.0/24 dev tun21 proto kernel scope link src 10.6.1.1
10.6.3.2 dev wgs1 scope link
127.0.0.0/8 dev lo scope link
185.253.5.254 via 2.80.55.1 dev eth0 metric 1
193.110.81.254 via 2.80.55.1 dev eth0 metric 1

With guest network disabled, query from router before restart controld: Screenshot_2023-08-23-12-12-05-443_com.android.chrome-edit.jpg

With guest network disabled, query from router after restarted ControlD: Screenshot_2023-08-23-12-13-10-588_com.android.chrome-edit.jpg

cuonglm commented 1 year ago

Hmm, this is weird, I can see your default route is:

default via 2.80.55.1 dev eth0

So the default route should be recorded as eth0. Not sure why it could get it as br0.

cuonglm commented 1 year ago

@maghuro Oh, could you please share your /proc/net/route, with any sensitive information reducted?

maghuro commented 1 year ago

@maghuro Oh, could you please share your /proc/net/route, with any sensitive information reducted?

With both guest wifi enabled (br1 and br2).

Don't worry about sensitive info. I can change my wan ip anytime I want, luckily. Btw, I changed it since the last comment here, so don't strange it is different right now.

Here they are:

adminGT-AX6000/tmp/home/root cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
eth0    00000000        01B29B52        0003    0       0       0       00000000        0       0       0
br0     0000000A        00000000        0001    0       0       0       00FFFFFF        0       0       0
tun21   0001060A        00000000        0001    0       0       0       00FFFFFF        0       0       0
wgs1    0203060A        00000000        0005    0       0       0       FFFFFFFF        0       0       0
eth0    00B29B52        00000000        0001    0       0       0       00FFFFFF        0       0       0
eth0    01B29B52        00000000        0005    0       0       0       FFFFFFFF        0       0       0
lo      0000007F        00000000        0001    0       0       0       000000FF        0       0       0
eth0    FE05FDB9        01B29B52        0007    0       0       1       FFFFFFFF        0       0       0
br1     0065A8C0        00000000        0001    0       0       0       00FFFFFF        0       0       0
br2     0066A8C0        00000000        0001    0       0       0       00FFFFFF        0       0       0
eth0    FE516EC1        01B29B52        0007    0       0       1       FFFFFFFF        0       0       0
adminGT-AX6000/tmp/home/root route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         82.155.178.1    0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 br0
10.6.1.0        0.0.0.0         255.255.255.0   U     0      0        0 tun21
10.6.3.2        0.0.0.0         255.255.255.255 UH    0      0        0 wgs1
82.155.178.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
82.155.178.1    0.0.0.0         255.255.255.255 UH    0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
185.253.5.254   82.155.178.1    255.255.255.255 UGH   1      0        0 eth0
192.168.101.0   0.0.0.0         255.255.255.0   U     0      0        0 br1
192.168.102.0   0.0.0.0         255.255.255.0   U     0      0        0 br2
193.110.81.254  82.155.178.1    255.255.255.255 UGH   1      0        0 eth0
cuonglm commented 1 year ago

@maghuro Thanks for your information.

I think I was able to identify the problem with queries from router. This will be fixed in next release.

maghuro commented 1 year ago

@maghuro Thanks for your information.

I think I was able to identify the problem with queries from router. This will be fixed in next release.

Is there, or will be, a test build available on .dev domain that I can try?

cuonglm commented 1 year ago

@maghuro Thanks for your information. I think I was able to identify the problem with queries from router. This will be fixed in next release.

Is there, or will be, a test build available on .dev domain that I can try?

Yes, there is.

Will notify you once this is fixed and dev installer is updated.

cuonglm commented 1 year ago

@maghuro You can try a dev build installer:

sh -c 'sh -c "$(curl -sSL https://api.controld.dev/dl)"'

This build will fix the problem with queries from router. We are still fixing/testing the problem with wireguard/vpn.

maghuro commented 1 year ago

@maghuro You can try a dev build installer:

sh -c 'sh -c "$(curl -sSL https://api.controld.dev/dl)"'

This build will fix the problem with queries from router. We are still fixing/testing the problem with wireguard/vpn.

Not fixed sir.

Just tested dev installer. Queries still exiting from 192.168.101.1 or 192.168.102.1 when guest wifi is on.

When guest wifi off, all ok and queries exit from 10.0.0.1 as expected.

Please tell me if you need some debug with Dev version Screenshot_2023-08-25-13-16-34-461_com.android.chrome.jpg

cuonglm commented 1 year ago

Could paste the output of ctrld --version?

do your br0 interface have the same mac address with your eth0?

maghuro commented 1 year ago

Could paste the output of ctrld --version?

do your br0 interface have the same mac address with your eth0?

adminGT-AX6000/tmp/home/root ctrld --version
ctrld version dev-fa865f1

Yes... they have as I can see:

21: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
81: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
    link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
       valid_lft forever preferred_lft forever

But also I see in your Merlin example, your br0 and eth0 also have same mac

cuonglm commented 1 year ago

Could paste the output of ctrld --version? do your br0 interface have the same mac address with your eth0?

adminGT-AX6000/tmp/home/root ctrld --version
ctrld version dev-fa865f1

Yes... they have as I can see:

21: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
81: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
group default qlen 1000
    link/ether 04:42:1a:5c:d2:18 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
       valid_lft forever preferred_lft forever

But also I see in your Merlin example, your br0 and eth0 also have same mac

Yes, that's expected. Becaus we use default route interface private IP as the IP for router queries. In v1.3.0, if default route does not have a private IP, ctrld will see an empty string and use last processed private IP (guess network) as router queries.

The dev build will try finding br0 instead and use br0 as IP for router queries (because br0 has the same MAC address with eth0).

Are you sure the old ctrld process is terminated correctly?

Do you have Discord account? If yes, we could chat there for further diagnostic.

maghuro commented 1 year ago

Absolutely sure. I even restarted router to make sure it was terminated.

I do have discord. @maghuro it is

cuonglm commented 11 months ago

This is fixed in v1.3.1 release.