search

StreisandEffect / streisand

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
https://twitter.com/streisandvpn
Other
23.19k stars 1.99k forks source link

Extreme Packet Loss on OpenVPN Direct #1779

Open dvigne opened 4 years ago

dvigne commented 4 years ago

I have deployed about 3 fresh Streisand servers using the Bitlaunch service to run on DO and it appears that none of them let me reach out past the gateway. No packets are going through the gateway despite showing OpenVPN connected on my Ubuntu 19.10 desktop. The only address I can reach is the public interface of the DigitalOcean droplet as shown below:

PING 167.71.243.1 (167.71.243.1) 56(84) bytes of data.
64 bytes from 167.71.243.1: icmp_seq=1 ttl=45 time=50.0 ms
64 bytes from 167.71.243.1: icmp_seq=2 ttl=45 time=46.0 ms
64 bytes from 167.71.243.1: icmp_seq=3 ttl=45 time=46.1 ms
64 bytes from 167.71.243.1: icmp_seq=4 ttl=45 time=46.8 ms
^C
--- 167.71.243.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 45.953/47.210/50.031/1.659 ms

But reaching out to any other IP address fails:

PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4094ms

I've tried looking through configs, debugging in Wireshark, and I can not seem to find the issue. Any assistance would be greatly appreciated. Thanks

Expected behavior: TCP based OpenVPN direct connection forwards packets through the gateway.

Actual Behavior: 100% packet loss on all traffic minus that heading to the public interface of the DO droplet

Steps to Reproduce:

  1. Launch a DigitalOcean droplet
  2. Install Streisand
  3. Connect with OpenVPN Direct Settings for Ubuntu

streisand-diagnostics.md:

<!--

Please share the contents of this file when you open a new Streisand issue
https://github.com/StreisandEffect/streisand-discussions/issues/ 

It will help the developers reproduce your problem and provide a fix.
-->

### Ansible Information

* Ansible version: 2.8.4
* Ansible system: Linux
* Host OS: Ubuntu
* Host OS version:  16.04
* Python interpreter: /usr/bin/python
* Python version: 2.7.12

### Streisand Information

* Streisand Git revision: af5eb7dac157a2416ea64cba96cf32f7f505d9ff
* Streisand Git clone has untracked changes: no
* Genesis role: localhost
* Custom SSH key: False

### Enabled Roles

* Shadowsocks enabled:  True
* Wireguard enabled: True
* OpenVPN enabled: True
* stunnel enabled: True
* Tor enabled: False
* Openconnect enabled: True
* TinyProxy enabled: True
* SSH forward user enabled: True
* Configured number of VPN clients: 10

Additional Details:

*Log output from Ansible or other relevant services (link to Gist for longer output):

Here is the syslog output during VPN connection and dialup https://gist.github.com/dvigne/72177f4c9088b66bea787bd910e2e62b

*Target Cloud Provider:Localhost
*Operating System of target host: Ubuntu 16.04 Xenial
*Operating System of client: Ubuntu 19.10 Eoan
*Version of Ansible, using ansible --version : ansible 2.8.4
*Output from git rev-parse HEAD in your Streisand directory : af5eb7dac157a2416ea64cba96cf32f7f505d9ff
dvigne commented 4 years ago

Seems like it could be related to #1514 and #1519