How to route

[lexesv]

Hello! I run command ./xiringui xxxx@xxx.xxx 10.0.0.0/8 192.168.0.0/16 and got

But my current internet connection is

How can I connect through the created tunnel?

[ivanilves]

Hi there!

Sorry for a delay in response... 😊

Could you please specify what OS/kernel versions are you using? and could you please provide complete route table output here? 🙏

Thank U!

[lexesv]

Linux main 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3 (2019-02-02) x86_64 GNU/Linux

Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.1.1 0.0.0.0 UG 100 0 0 enp0s31f6 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s31f

[ivanilves]

Yeah, strange that routes are not added... Could U please run export DEBUG=true, then run the command "./xiringuito xxxx@xxx.xxx 10.0.0.0/8 192.168.0.0/16" and paste its output here?

[lexesv]

export DEBUG=true
alex@main:~/app/xiringuito$ ./xiringuito xxxx@xxx.xxx 10.0.0.0/8 192.168.0.0/16
[ (client) sudo check ] 
[ (server) sudo check ] 
TUNNEL ID: 43 (local: 43)
PermitTunnel yes
SERVER: xxx@xxx
> ROUTE: 10.0.0.0/8
> ROUTE: 192.168.0.0/16

* Will now replace your DNS config with one fetched from the SSH server.
* Set enviromental variable 'NO_DNS', if you do not want this to happen.
--- resolv.conf ---
# Added by xiringuito
nameserver 127.0.0.1
nameserver ::1
nameserver 8.8.8.8
--- resolv.conf ---

sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    100    0        0 enp0s31f6
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 tun43
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 tun43
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp0s31f6
192.168.245.170 0.0.0.0         255.255.255.255 UH    0      0        0 tun43

curl https://httptest.tk/ip
{
  "origin": "MY_REAL_IP"
}

[ivanilves]

Thank you! Now I got it! 💃

I see the routes are added. The ones you specified 10.0.0.0/8 & 192.168.0.0/16:

10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 tun43
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 tun43

curl https://httptest.tk/ip

this should return your real IP indeed, as httptest.tk is not inside 10.0.0.0/8 or 192.168.0.0/16 networks 🙂 xiringuito is designed to provide routing only to networks you specify or ones discovered by cloud provider.

[lexesv]

Okay, how to route all the traffic via the tunnel? :wink:

openvpn example:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         vps             0.0.0.0         UG    50     0        0 tun0
default         192.168.1.1     0.0.0.0         UG    100    0        0 enp0s31f6
10.8.0.0        0.0.0.0         255.255.255.0   U     50     0        0 tun0
static.234.96.2 192.168.1.1     255.255.255.255 UGH   100    0        0 enp0s31f6
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp0s31f6
192.168.1.1     0.0.0.0         255.255.255.255 UH    100    0        0 enp0s31f6

[ivanilves]

Well. It's possible. Not automatically though, cause xiringuito was designed to do "split routing" to connect you to your protected private resources over the Internet, not to do default routing. 😄

How to route all the traffic?

1. Add /32 route to your SSH server via your default gateway:

   ip route add your.ssh.server/32 via your.default.gateway

2. Connect xiringuito: ./xiringuito xxxx@your.ssh.server 0.0.0.0/0

If you find it useful - we could also automate "step 1" in case of 0.0.0.0/0 routing 🤔

[lexesv]

Yes, that would be very useful.Thanks

[movsb]

And don't forget to add some firewall rules ( https://github.com/ivanilves/xiringuito/issues/73#issuecomment-606813795 ):

$ iptables -A FORWARD -i tun0 -j ACCEPT
$ iptables -A FORWARD -o tun0 -j ACCEPT
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE