search

Freekers / ansible-tunsafe

Ansible Playbook to setup a dual stack (IPv4/IPv6) TunSafe VPN with obfuscation
GNU Affero General Public License v3.0
54 stars 11 forks source link

No internet access after successful connection #10

Open Louie-ru opened 1 year ago

Louie-ru commented 1 year ago

I hosted my own server on Debian 10. Client is connected successfully and everything seems correct, but there is no internet connection available.

hosts file (without comments):

[tunsafe]
127.0.0.1 ansible_connection=local
[tunsafe:vars]
udp=995
tcp=443
dns=8.8.8.8
ufw=false
ansible_python_interpreter=/usr/bin/python3

Server configuration after tunsafe start on server:

root@hostname:~# tunsafe --version
TunSafe 1.5-rc2

root@hostname:~/ansible-tunsafe# ip a
1: lo: ...
2: eth0: ...
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 10.100.100.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 x::x:x:x:x/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

root@hostname:~/ansible-tunsafe# ip link
1: lo: ...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500
    link/none 

root@hostname:~/ansible-tunsafe# ip route
default via x.x.x.1 dev eth0 onlink 
10.100.100.0/24 dev tun0 proto kernel scope link src 10.100.100.1 
x.x.x.0/24 dev eth0 proto kernel scope link src x.x.x.90 
root@hostname:~/ansible-tunsafe# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

root@hostname:~/ansible-tunsafe# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

root@hostname:~/ansible-tunsafe# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE

root@hostname:~/ansible-tunsafe# tunsafe show
interface: tun0
  public key: eaRHE5boMhDi2RdXO1sSF7kYupb97163cEAbHy1oWxA=
  private key: (hidden)
  listening port: 995
  address: 10.100.100.1/24

peer: eMkANZxk7kgeGm1o0CYPXwvvMqDZxcc44cJ5BB3rJXo=
  preshared key: (hidden)
  endpoint: x.x.x.x:51350
  allowed ips: 10.100.100.2/24
  latest handshake: 1 minute, 50 seconds ago
  transfer: 64.64 KiB received, 2.00 KiB sent

Client's log:

[09:40:09] Loading file: C:\Program Files\TunSafe\Config\TCP.conf
[09:40:09] TAP Driver Version 9.21 
[09:40:09] Blocking standard DNS on all adapters
[09:40:09] Added Route 0.0.0.0/1  =>  10.100.100.2
[09:40:09] Added Route 128.0.0.0/1  =>  10.100.100.2
[09:40:09] Added Route x.x.x.x/32  =>  10.0.2.2
[09:40:09] Sending handshake...
[09:40:09] Connecting to tcp://x.x.x.x...
[09:40:10] Connection established. IP 10.100.100.1

What I tried:

Where could be the problem and why I can not access internet using my hosted server?

Freekers commented 1 year ago

Thanks for the elaborate issue report, I appreciate it.

Are you able to ping your DNS from the client? I.e. ping 8.8.8.8 from the client?

Louie-ru commented 1 year ago

No, ping does not pass. I wanted to try to ping another client inside vpn (10.100.100.x), but failed to make correct second peer config. I tried commands

root@chinatest:~# tunsafe genkey
<private_key>
root@chinatest:~# echo "<private_key>" | tunsafe pubkey
<public_key>
root@chinatest:~# tunsafe genpsk
<preshared_key>

Then I modified PrivateKey, PublicKey, PresharedKey inside config - handshake failed. Also tried changing ip from 10.100.100.1 to 10.100.100.2 and still fail.

cheasonxie commented 1 year ago

I have met the same problem, no internet after connected