c0nn3ct / badvpn

Automatically exported from code.google.com/p/badvpn
Other
0 stars 0 forks source link

Need source IP passing to SOCKS #10

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
I appreciate that this is not an issue as such and more of a request but I am 
not sure how to submit requests to the system.

I am running tun2socks on a server and routing all VPN traffic through. This 
works great and I am very happy.

Each user that connects to my VPN is allocated a unique internal IP, for 
example 192.168.1.100, the next user getting 192.168.1.101. 

For logging purposes I need to have that IP address passed onto my SOCKS 
server. I was hoping that tun2socks would use that same address to connect to 
the SOCKS so I could just log the source IP but it always comes through as 
127.0.0.1 which is to be expected I suppose.

My question is, is there any way to send over that IP with the connection? 
Either by 1) using the source IP as the IP to connect to the SOCKS or 2) 
sending the source IP as part of the user/pass info?

Thanks

Original issue reported on code.google.com by mike...@gmail.com on 2 May 2013 at 12:41

GoogleCodeExporter commented 8 years ago
I believe it is not possible to make the connections originate from the source 
IP, due to the way IP works (maybe it's possible with advanced configuration in 
Linux i.e. policy routing...).

However it will be very easy to include the source IP to the SOCKS. Actually, 
putting it in the username/password seems like a great idea, because it doesn't 
involve extending the SOCKS protocol.

I propose that the source be encoded into the username by appending 
@ip_address:port to the username specified on command line. Is this acceptable 
for you?

Original comment by ambr...@gmail.com on 2 May 2013 at 1:10

GoogleCodeExporter commented 8 years ago

Original comment by ambr...@gmail.com on 2 May 2013 at 1:11

GoogleCodeExporter commented 8 years ago
That would be perfect.. so if I understand the command line would be something 
like:

badvpn-tun2socks --tundev tun0 --netif-ipaddr 10.0.0.2 --netif-netmask 
255.255.255.0 --socks-server-addr 127.0.0.1:8880 --username=@ip_address:port 
--password=whatever

Then my socks would get the username as '192.168.0.100:1234' as user and 
'whatever' as password?

?

Original comment by mike...@gmail.com on 2 May 2013 at 1:14

GoogleCodeExporter commented 8 years ago
No, there would be an --append-source-to-username option; no need to complicate 
with substitutions. If you have "--username foo", you'd get usernames like 
foo@1.2.3.4:54321.

Original comment by ambr...@gmail.com on 2 May 2013 at 1:24

GoogleCodeExporter commented 8 years ago
sounds great!

Original comment by mike...@gmail.com on 2 May 2013 at 1:25

GoogleCodeExporter commented 8 years ago
It's commited. Please test, as I didn't have a setup handy.

Original comment by ambr...@gmail.com on 2 May 2013 at 2:49

GoogleCodeExporter commented 8 years ago
Loaded and compiled.. I can't run it though, using the same setup as before 
with same command line I now get:

root@84-16-252-204:/badvpn/build# badvpn-tun2socks --tundev tun0 --netif-ipaddr 
10.0.0.2 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:8880
NOTICE(tun2socks): initializing BadVPN tun2socks 1.999.127
ERROR(BTap): error configuring device
ERROR(tun2socks): BTap_Init failed
NOTICE(tun2socks): exiting

The tun0 device is there and configured as 10.0.0.1 as before.

Any ideas? Before updating I was using the download from the zip 
badvpn-1.999.127.tar.bz2 so it might be another change apart from the username 
thing?

Original comment by mike...@gmail.com on 2 May 2013 at 3:04

GoogleCodeExporter commented 8 years ago
The new version is in there as I can see the new command option in the help:

--append-source-to-username

Original comment by mike...@gmail.com on 2 May 2013 at 3:08

GoogleCodeExporter commented 8 years ago
Ignore me, had another instance running doh!

testing now..

Original comment by mike...@gmail.com on 2 May 2013 at 3:10

GoogleCodeExporter commented 8 years ago
Works great!

thank you very much!

Original comment by mike...@gmail.com on 3 May 2013 at 8:43

GoogleCodeExporter commented 8 years ago

Original comment by ambr...@gmail.com on 3 May 2013 at 11:20

GoogleCodeExporter commented 8 years ago
I'm wondering if there is a possible thread safety issue with the change. I've 
noticed a couple of times the app hangs and I have to kill it with killall and 
I wonder if this could explain it.

Looking at the change I see you are changing the socks_auth_info per connection 
if the options.append_source_to_username option is set. But from what I see 
that structure is shared with all connections so if two connections come at the 
same time and they both try to change that struct.. 1) the info might be 
incorrect and 2) the OS might throw a fit.

Or maybe I'm not seeing something here?

Original comment by mike...@gmail.com on 7 May 2013 at 11:47

GoogleCodeExporter commented 8 years ago
This is definitely not a thread safety issue, because there are no threads. 
Please open another issue about the problem and provide as much info as 
possible. This includes:

- What happens - i.e. "it hangs" is not very descriptive. Do existing 
connections stop working, or just new ones? What is tun2socks writing to the 
console?
- What you were doing (is this specific to some web site or kind of traffic 
etc).
- Output of tun2socks when you pass "--loglevel debug".
- Output when you run tun2socks via strace.

Can you reproduce this with the 1.999.127 version? The problem is almost 
certainly not related to this source address change, but might be related to 
the lwIP update that tun2socks received recently (along with IPv6 support).

Original comment by ambr...@gmail.com on 7 May 2013 at 1:35

GoogleCodeExporter commented 8 years ago
Oh, and add "valgrind output" to that list.

Original comment by ambr...@gmail.com on 7 May 2013 at 1:36

GoogleCodeExporter commented 8 years ago
OK will do.. I'm still setting up my system so have not had chance to play 
around with it properly yet.

Will have a good look in the next day or so and get back to you if the problem 
continues.

Original comment by mike...@gmail.com on 7 May 2013 at 1:38