Closed bsapwindows closed 9 years ago
wss://127.0.0.1
didn't work because the websockproxy
script doesn't implement an SSL websocket server. To enable that you need to set up a reverse proxy server like nginx to handle SSL for you.
I need a bit more info to be certain, but chances are you are running as a user which doesn't have permissions to create a TAP device. Please be advised that this will not work on OS X, even w/ the OSX TUN/TAP driver.
If you are on Linux, after you start the service, run ifconfig
in another terminal and look for a new tapX
device. It should have IP address 10.5.0.1
. If that doesn't exist, then chances are you need to do something like what's advised in this Unix StackExchange answer.
Note that you can safely run websockproxy
as root for testing purposes just to make sure that the issue is creation of the TAP device, but I'd strongly advise against running it as root in any environment that is accessible to the public.
(Note that this has been edited from the original to improve the value of this response to other readers)
@benjamincburns Thanks for the reply! I run ifconfig
and this is what I got:
tap0 Link encap:Ethernet HWaddr 76:45:50:43:10:36
inet addr:10.5.0.1 Bcast:10.5.255.255 Mask:255.255.0.0
inet6 addr: fe80::7445:50ff:fe43:1036/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:508 (508.0 B)
Still no luck.
And thanks for the security advice. I'm actually running a Ubuntu box locally, with Bridged networking. Does that make any difference?
Sorry, I didn't explain very well and I munged a few details.
It looks like in your setup websockproxy.py
is already doing everything which it is intended to do.
websockproxy.py
is a very simple virtual switch. It exposes a network interface (tap0
) on a statically assigned IP (10.5.0.1
, but can be changed by editing the script). It does not provide things like DNS, DHCP or NAT routing. You need to bring that yourself, I'm afraid.
On the relay I use dnsmasq for DHCP and DNS, and I've set up NAT forwarding from tap0
to the public interface via IPTables.
Closing, as there appears to be no issue to solve here.
I see. Thank you :)
@benjamincburns Hi Ben! Sorry to bother you again. I just want to say that I finally make the relay work today! Thank you so much, I've learned a lot about networking through the process. Now I can use jor1k with my own network, so happy right now :laughing:
The new problem is, on my own computer I run Windows and I understand your script is for Linux only, I do wish I don't have to run a virtual machine to set up a relay :confused: The ideal situation would be jor1k using host's own network stack, do you think it's possible?
Rather than trying to cater to the lowest common denominator (the Windows network stack, in this case), have you thought about porting what you have into a docker image, @bsapwindows? This would allow you to use a local installation on windows easily, and distribute it to other users regardless of OS.
@erronjason Thanks for the advise! After some googling about docker, I fell it might be less meaningful to run jor1k in a browser if the user already has docker installed on his machine (btw, it seems creating a tun device and the use of iptables
require docker to use --privileged
flag, which sounds a bit more complicated to people at my level :sweat: ). Anyway, I'm still a beginner in terms of programming and computer science, I'll try to explain what I'm trying to do here.
The initial idea was to let a user have a Linux CLI on any platform. VMs can do that, but one wouldn't want to install and run a virtual machine just to use some of his favorite GUN tools. Then I found about jor1k and busybox it's using, I thought jor1k (as an extension, a plugin or even a userscript which can be easily installed to a modern browser) could enable users to have a Linux command line interface once they started their browser. While jor1k currently uses Ben's network resources, which means it costs Ben's money, it depends on the server's availability and it might be abused in some way even it's throttled by limiter.py
, it's centralized if you sum all these up. So I decided to run a relay by myself. After that I think running my own relay still consumes too much resources unnecessarily since all I did is to run a virtual switch and a websocket(?) server. And now I realize jor1k could be a tiny multi-purpose server in a browser if it uses local network stack. It's gonna be like Opera Unite or WebRTC in some scenarios, but not only that, to me it means a more powerful browser-based P2P network with many GNU utils, gcc, python and a filesystem in a sandbox which could be accessed by javascript.
That's why I'm here to bother Ben again, to find out if it's possible and If it is, how complex the solution is going to be.
Well, it might sound meaningless to others, but it sounds fun to me :laughing: Two days ago when I finally got my local relay to work and successfully SSHed into a jor1k machine, I hummed Free Bird.
The CPU speed is still a problem though, I'm not skilled enough to understand how the code of jor1k works yet, I only know that the CPU's architecture is OpenRISC which sounds more open than x86 to me, but less supported software out there. And I assume it's less efficient to transfer data through all these. As you mentioned, it may not be a good idea to cater different OS network stacks as well.
@bsapwindows I've been (slowly) working on a rewrite of this switch. I'm not sure what windows supports for virtual ethernet interfaces (if it has any support at all). However, I do intend to provide a docker container at some point, as @erronjason has recommended.
@erronjason I remember at one point you said that you were intending to self host this as well - have you done that? By any chance do you have a Dockerfile
you'd be willing to contribute? If not, I may try to whip something up in the next few weeks (feel free to remind me, both of you - reminders that I have real live users is all kinds of motivating).
Also, feel free to reach out to me via Hangouts/e-mail at benjamin.c.burns@gmail.com or via skype at "benjamin.burns". Just bear in mind that I'm located in New Zealand, so I may only respond during our evenings/weekends.
On the relay I use dnsmasq for DHCP and DNS, and I've set up NAT forwarding from tap0 to the public interface via IPTables.
Hello Ben!
Can you share the configuration file of your dnsmasq and the rules used by your iptables ?
Great work ;)
Hi @WebSSH, I'll just share what I did in case Ben is not available.
# add these lines into dnsmasq.conf
dhcp-range=10.5.0.1,10.5.1.1,72h
dhcp-host=10.5.0.1,36h
dhcp-option=option:router,10.5.0.1
sudo service dnsmasq start
sudo iptables -t nat -A POSTROUTING -s 10.5.0.0/24 -j MASQUERADE -o eth0
net.ipv4.ip_forward = 1
in /etc/sysctl.conf
sudo sysctl -p
sudo python switchedrelay.py
It's a crude solution, but it works on my relay. Hope it helps :)
Hi @bsapwindows !
This is the best solution ;)
Works like a charm without hassle !
Have a nice day.
@WebSSH - @bsapwindows has the jist of it. If you want your DNS config to come from DNSMasq, you might want to set something like dhcp-option=6,0.0.0.0,8.8.8.8,8.8.4.4
. I believe 0.0.0.0
will be substituted with your relay's address, and adding 8.8.8.8,8.8.4.4
lets it fall back to the Google DNS servers should your dnsmasq instance fail to respond for some reason (makes it possible to restart dnsmasq without causing service interruptions to the relay clients).
@benjamincburns hi Benjamin, I was trying to run my own relay on my own computer, but couldn't get it to work. This is what I've done so far:
I set relayURL to
wss://127.0.0.1/
, there were several error warnings likeWebsocket closed. Reopening. Websocket error:
in the Chrome console log. Then I set it tows://127.0.0.1/
, error warnings in Chrome console are gone, but in jor1k terminal window it still shows three times ofSending discover...
thenNo lease, failing
. I set the relayURL back to your serverwss://relay.widgetry.org/
, it works great.Please help me figure out what I did wrong.