wenewzhang
commented
1 year ago i want to know the same, phantun 's readme show the example of work on Lan, but the internet is very different.
Open lfznnzq opened 1 year ago
wenewzhang
commented
1 year ago i want to know the same, phantun 's readme show the example of work on Lan, but the internet is very different.
terrytw
commented
1 year ago Check this out: https://www.vinoca.org/openwrtpei-zhi-tou-ming-dai-li/ It worked for me.
ibeange
commented
1 year ago @vincascm 首先感谢帮助。
我主要是想使用phantun伪装wireguard的UDP流量,实现不限速远程访问局域网,希望你能解答一些我的疑惑,感谢。
vincascm
commented
1 year ago @ibeange as you mentioned, I think frp and other similar tools are more suitable. to connect to the peer of WireGuard, the premise is that the peer has an internet ip.
ibeange
commented
1 year ago @vincascm I have an internet IP and a domain that points to that IP. I can use wireguard normally, but the connection speed is not high enough due to the Internet carrier's QOS policy,so I want to use phantun to disguise TCP traffic.
vincascm
commented
1 year ago @ibeange Phantun is a tunnel, and its server and WireGuard's "server" are on the same machine. The client needs to be installed on another machine, because this special data packet requires a specific program to process.
As I wrote in my blog, x.com points to this server machine.
By convention, the binary file after the program is installed is generally in /usr/bin, and /usr/local/bin is used here for the convenience of distinguish whether it is installed manually.
When you configure the nft rules related to Phantun, the nft list... will not report an error
xiaoun001
commented
11 months ago I am one of the earliest users of phantun and a firm supporter of her. The author also gave me very detailed and patient answers to my questions. I am very grateful and sincerely hope that this software will get better and better. . A long time ago, I spent a long time implementing phantun connection with the server in arm architecture and x86 architecture openwrt. It was also a process of repeated failures. Indeed, it is much more difficult to implement phantun connection on openwrt. Currently in use. The phantun in my openwrt has been running stably for at least a year. The phantun + wireguard based on ipv6 is, in one word, stable and fast. Based on incomplete memory, there are several points to note (pit points). For the phantun interface in openwrt to run stably, it needs to be started before the wireguard interface is started, otherwise wg0 will have no data. The method I took was to write a phantun system daemon in /etc/init.d and let its system network be executed before. After more than a year, it became very stable. In addition, our home broadband and IP dynamically change, which may cause problems and require reconnection. I tried to write an automatic detection script in cron, which automatically detects regularly and rebuilds immediately after failure. It's also possible that it's a firewall port problem, a NAT problem, or a port mapping problem. I put both the phantun interface and wg0 in the lan area of the firewall, and it's much simpler.
vincascm
commented
11 months ago @xiaoun001 As a gateway, when the IP is reassigned (which could be after 7 days, depending on the ISP), it may change the NAT mapping address and indeed cause connection issues. In such cases, restarting the client is the only solution. If you can clearly describe the problem, I suggest opening a separate issue to address it.
dndx
commented
11 months ago @vincascm This won't be an issue if the NAT device actually sends RST after connection tracking is broken and terminates unknown TCP mappings.
Maybe this could be improved with heartbeat support like #93. I can take a closer look at that PR later.
vincascm
commented
11 months ago Indeed, very much looking forward to it.
MisakaMikoto-35c5
commented
6 months ago Finally I found a solution for my environment. My network structure:
(OpenWRT 23.05) <-> (Phantun Client) <-> (ISP with CGNAT) <-> (Phantun Server) <-> (Ubuntu server)On Ubuntu, I'm using this script to install Phantun and use firewalld to manage NAT rules.
On OpenWRT, I created following firewall rules:
cat >> /etc/config/firewall << EOF
config nat
option name 'Phantun NAT'
list proto 'all'
option src '*'
option src_ip '169.254.0.0/16'
option target 'MASQUERADE'
config zone
option name 'Phantun'
option input 'DROP'
option output 'DROP'
option forward 'ACCEPT'
list subnet '169.254.0.0/16'
option auto_helper '0'
config forwarding
option src 'Phantun'
option dest 'wan'
EOFAnd add this command to /etc/rc.local then reboot your router:
nohup /usr/sbin/phantun_client --local 127.114.51.4:1919 --remote <change it> --tun-local 169.254.0.0 --tun-peer 169.254.0.1 --ipv4-only > /dev/null 2>&1 &Finally I can see some network activities in a configured wireguard interface. So I think this work for me. I'm using 169.254.0.0/16 because this IP range is can't be route in internet, so you can change it for yourself.
Gitfoe
commented
6 months ago I've encountered my own challenges while attempting to configure Phantun + WireGuard on my OpenWrt router. Most of the resources I discovered were tailored to establishing a site-to-site VPN, rather than a full-tunnel VPN. Nevertheless, I managed to devise a working configuration and have compiled a guide to assist others in setting this up on their own. You can find my guide on GitHub Gist here. I hope anyone finds it useful.
I am a novice and I don’t know much about these things. I hope everyone can understand the English translated by Google. Thanks.
The official openwrt 21.02.5 firmware used by the two routers, the separate configuration of wireguard has successfully connected and achieved mutual access between the two LANs, but the connection cannot be successful after adding phantun.
Below is my configuration
A router's wireguard
A router's phantun
RUST_LOG=info phantun_server --local 10240 --remote 127.0.0.1:20480B router's wireguard
B router's phantun
RUST_LOG=info phantun_client --local 127.0.0.1:20480 --remote example.com:10240Now, how should I use the iptables command? Or a full configuration tutorial?
Thanks again