Open ErrorNoInternet opened 1 year ago
sg-qwt
commented
11 months ago I tried to unpack the deb and steam-run the binary, and it complains something about program asproxy need privilege. Are you able to at least steam-run the software somehow on NixOS?
ErrorNoInternet
commented
11 months ago Ran strace on the binary and found the --noasproxycheck flag, which allowed me to at least get past that error and log in. I haven't been able to connect yet, I'll update with more info later.
Update 1: It seems like asproxy needs to be owned by root and have the setuid bit (chmod u+s asproxy), since asproxy is the one calling iptables (at least for OpenWeb). Haven't been able to reach the internet yet, but it connects without errors that I can see.
FabienGadet0
commented
10 months ago Hello , I'm also trying to make this work . I made a service in my configuration.nix that replicate the one the installation script is doing , I also copied the . application file . The problem I have right now is that I can't find the right gtk2 package in nixos , it just tells me that it can't find it when I try to launch the app . Also I contacted astrill , they told me that in china using the app is the only way , you can't generate OpenVPN or wire guard configurations and use a 3rd party app (maybe you didn't know that ) Did you get any update ?
ErrorNoInternet
commented
10 months ago Hello , I'm also trying to make this work . I made a service in my configuration.nix that replicate the one the installation script is doing , I also copied the . application file . The problem I have right now is that I can't find the right gtk2 package in nixos , it just tells me that it can't find it when I try to launch the app . Also I contacted astrill , they told me that in china using the app is the only way , you can't generate OpenVPN or wire guard configurations and use a 3rd party app (maybe you didn't know that ) Did you get any update ?
I am using MullvadVPN comfortably which is why I haven't been testing Astrill. Mullvad connects with regular WireGuard without any obfuscation (but they do offer SSH, Shadowsocks, and V2ray).
I don't seem to have dependency issues when I run it (at least with steam-run). I have steam installed and maybe it also installed some GTK-related stuff.
FabienGadet0
commented
10 months ago You said earlier that you can't successfully connect through astrill , did you succeed since ? Are you in china right now ? Is mullvad better there ?
ErrorNoInternet
commented
10 months ago You said earlier that you can't successfully connect through astrill , did you succeed since ? Are you in china right now ? Is mullvad better there ?
Astrill has been having issues lately, but overall the speed is still much better. I haven't been able to connect on NixOS yet (but it works on where its supposed to work). Yes, I am in China right now and Mullvad seems to work fine except for when its late (like right now) where I get 20-80 KB/s only.
FabienGadet0
commented
10 months ago Ok thanks for the informations
jon-peel
commented
7 months ago Hello everyone. Has anyone been able to get Astrill working in NixOS?
I have been wanting to see if anyone knows how, because I have not been able to.
Remember, to try as a fall back, The Astrill website will let you create and download WireGaurd profiles. This might work if another way cannot be found.
FabienGadet0
commented
7 months ago didn't retry on my side . also if you live in china , it seems that you can't use wireguard or any protocol without the application for Astrill , confirmed by their team throught their online chat.
jon-peel
commented
7 months ago didn't retry on my side . also if you live in china , it seems that you can't use wireguard or any protocol without the application for Astrill , confirmed by their team throught their online chat.
I am not in China anymore, so I never realised that. That is interesting to know, because the Astrill App on Windows breaks WSL.
FabienGadet0
commented
7 months ago Oh that's why my WSL keep crashing ??
ahahah damn i didn't know
ErrorNoInternet
commented
6 months ago Got a bit further today and started working on a module for it, but I haven't been able to connect even after adding the setuid bit to astrill and giving the cap_net_admin,cap_net_raw+ep capabilities to asproxy (which is what the sh installer does).
asproxy keeps saying "This program cannot be called directly" even when astrill is the one invoking it. I tried reverse engineering the check and patched a few instructions out of the binary (which successfully removed the check) but it still doesn't appear to connect correctly (maybe because it's confused about being called .asproxy-wrapped and being ran as a symlink from /run/wrappers/bin)
I also noticed that asproxy --init (invoked by astrill when you connect) is copying liblsp.so to /lib and making a bunch of folders there, while also adding it to /etc/ld.so.preload, which is extremely suspicious (every single app you run will have liblsp.so injected into it; they even have a /etc/lsp.exclude to exclude apps that break; and the Astrill installers disable SELinux) but it doesn't seem to do any harm. Probably a layered service provider (but Linux? can't seem to find any documentation).
https://github.com/ErrorNoInternet/nixpkgs/tree/astrillvpn
services.astrillvpn.enable = true;
Doesn't connect yet, but feel free to experiment. You'll need --noasproxycheck when invoking astrill.
(not ready for upstreaming yet, I'm directly including the deb package (they're putting downloads behind a login page so I can't curl it from Nix, but we do have requireFile), it's not properly formatted, not following commit conventions, blah blah)
Oh-noodles
commented
2 months ago Install Astrill in distrobox, and your host NixOS also been proxied, work like a charm!
jon-peel
commented
2 months ago @Oh-noodles, I have been wanting to give NixOS another try, and I was wondering if distrobox would work in it (also being one of the reasons I wanted to try it again).
Out of interest, which distro do you use for distrobox, and do you have that separate home directory option set up?
Oh-noodles
commented
2 months ago @Oh-noodles, I have been wanting to give NixOS another try, and I was wondering if distrobox would work in it (also being one of the reasons I wanted to try it again).
Out of interest, which distro do you use for distrobox, and do you have that separate home directory option set up?
I tried only Ubuntu in distrobox (used to be a Manjaro fan, but unfortunately not in distrobox's guest distro list). Actually I haven't use it in depth, have not set a separate home for it, or find a nix way to manage it. I had just test some features which crucial to me: graphical apps support, Astrill, etc. All exceed my expectation. You can even export apps from distrobox to the host. I think you should really give distrobox a try, a escape hatch for NixOS currently.
jon-peel
commented
2 months ago I have tried Distrobox out once or twice on my current Debian install, but I have not seen to much use for it over-all, as most things I want to use just work.
It is actually learning about Distrobox that makes me want to try NixOS again, as there were a few things I needed I could just not get working.
egr-smart
commented
1 week ago Install Astrill in distrobox, and your host NixOS also been proxied, work like a charm!
sorry to hijack the issue, but @Oh-noodles would you be able to explain exactly how you setup your distrobox container for Astrill to work inside it? I've installed Astrill on an ubuntu image in distrobox, but when i try to connect to servers it fails - it seems to require some kind of elevated privileges to access tun/tap on the host machine. i've tried running the container with the --priviliged flag but no dice.
did you do anything in particular when you set up your container in distrobox?
UPDATE: For anyone who might end up with the same problems that I was having, it turns out the issue was pretty much entirely caused by using podman as the backend for distrobox. I switched to just using docker and everything pretty much worked out of the box.
Oh-noodles
commented
1 week ago Hi, @egr-smart , 恐怕爱莫能助😂。我只是参照 distrobox 的官方文档进行了最基本的安装,之后在 ubuntu 容器内以常规方式安装了 Astrill,并没有出现任何问题,也没有做过任何特殊操作。 如果你的 Astrill 能够正常运行,却无法连上 server,会不会是所处的网络环境受到了限制? ( I checked your profile, and found that you are learning Chinese!! 😜 )
egr-smart
commented
1 week ago @Oh-noodles 其实我的中文水平还不足能讨论技术概念,但我可以试试!我可以连上server, 我的问题好像是在我的 ubuntu 容器内,我不能接入我的主机里的 /dev/net/tun。它每次会说“ioctl(TUNSETIFF): Operation not permitted” 我猜是跟我的distrobox creation有关,比如权限不足之类的。 另外一个可能性是我的nixos config是缺乏一些重要的设置。 但既然你似乎没有遇到这个问题那没关系,无论如何谢谢你的回复。我也很抱歉让你读我特别差的中文!
Oh-noodles
commented
1 week ago @egr-smart 你的中文很棒!But apologizing for my poor English, haha😄. Hope you don't give up NixOS. I'm currently trying to enjoy a consistent environment among NixOS, Mac(Nix-Darwin), and Windows(NixOS-WSL). Generally satisfied, I think. Feel free to contact me whenever you want. Chinese, culture, or tech(not a master, but willing to share).
Project description AstrillVPN is one of the only VPNs that still work reliably in China. It supports the OpenWeb, WireGuard, and StealthVPN protocols. Unfortunately, their client hasn't been updated since late 2020, uses GTK2, and doesn't work with
systemd-resolved. They only offer .rpms, .debs, and a CLI installer.AUR: https://aur.archlinux.org/packages/astrill
Metadata