search

jamesmcm / vopono

Run applications through VPN tunnels with temporary network namespaces
GNU General Public License v3.0
813 stars 45 forks source link

NordVPN + NfTables = error #179

Open aniplayIt opened 2 years ago

aniplayIt commented 2 years ago 
vopono exec "curl ifconfig.co/country"
 2022-08-15T17:01:47.694Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-15T17:01:47.728Z INFO  vopono_core::util > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es204.ovpn
 2022-08-15T17:01:47.730Z INFO  vopono_core::network::netns > Created new network namespace: vopono_nordvpn_spain
 2022-08-15T17:01:48.003Z INFO  vopono_core::network::netns > IP address of namespace as seen from host: 10.200.1.2
 2022-08-15T17:01:48.003Z INFO  vopono_core::network::netns > IP address of host as seen from namespace: 10.200.1.1
Error: Could not process rule: No such file or directory
add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 2022-08-15T17:01:48.051Z INFO  vopono_core::network::netns > Shutting down vopono namespace - as there are no processes left running inside
Error: Failed to create nft postrouting chain in vopono_nat

Caused by:
    Command failed: nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }

My config:

firewall = "NfTables"
provider = "NordVPN"
protocol = "TCP"
server = "spain"

I obviously have a NordVPN active account. I wonder if I missed something in configuration. I tried also iptables but it gets stuck on Launching OpenVPN...

jamesmcm commented 2 years ago

Hey,

Could you add the verbose log please?

It seems it might be creating the nft chain with a different name than vopono_nat

aniplayIt commented 2 years ago

Hey,

Could you add the verbose log please?

It seems it might be creating the nft chain with a different name than vopono_nat

vopono --verbose exec "curl ifconfig.co/country"
 2022-08-19T13:53:57.280Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.281Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.281Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T13:53:57.281Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T13:53:57.281Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.281Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Existing namespaces: []
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T13:53:57.283Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T13:53:57.285Z DEBUG vopono::exec                            > Interface: eth0@if143
 2022-08-19T13:53:57.285Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.285Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.355Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es136.ovpn
 2022-08-19T13:53:57.363Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T13:53:57.363Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T13:53:57.365Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T13:53:57.369Z DEBUG vopono_core::util                       > Existing interfaces: 142: eth0@if143: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T13:53:57.369Z DEBUG vopono_core::util                       > Assigned IPs: [172.18.0.6/16]
 2022-08-19T13:53:57.369Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T13:53:57.509Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T13:53:57.602Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T13:53:57.603Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T13:53:57.603Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T13:53:57.608Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T13:53:57.654Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T13:53:57.756Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev nordvpn_spain_d
 2022-08-19T13:53:57.760Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.1.2/24 dev nordvpn_spain_s
 2022-08-19T13:53:57.908Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.1.1 dev nordvpn_spain_s
 2022-08-19T13:53:58.007Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2022-08-19T13:53:58.007Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2022-08-19T13:53:58.007Z DEBUG vopono_core::util                       > nft add table inet vopono_nat
 2022-08-19T13:53:58.014Z DEBUG vopono_core::util                       > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
Error: Could not process rule: No such file or directory
add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 2022-08-19T13:53:58.059Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:58.060Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:58.061Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:58.061Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:58.062Z INFO  vopono_core::network::netns             > Shutting down vopono namespace - as there are no processes left running inside
 2022-08-19T13:53:58.062Z DEBUG vopono_core::util                       > ip link delete nordvpn_spain_d
 2022-08-19T13:53:58.154Z DEBUG vopono_core::util                       > ip netns delete vopono_nordvpn_spain
Error: Failed to create nft postrouting chain in vopono_nat

Caused by:
    Command failed: nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
jamesmcm commented 2 years ago

Hmm which distro are you using? It might be an issue with the kernel flags - https://zigford.org/firewalld-kernel-requirements.html ?

Can you try with iptables ?

aniplayIt commented 2 years ago

Hmm which distro are you using? It might be an issue with the kernel flags - https://zigford.org/firewalld-kernel-requirements.html ?

Can you try with iptables ?

iptables gets stuck on the last log: 

vopono --verbose exec "curl ifconfig.co/country"
 2022-08-19T21:53:41.013Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.018Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.018Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T21:53:41.018Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T21:53:41.018Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.018Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.083Z DEBUG vopono_core::util > Existing namespaces: []
 2022-08-19T21:53:41.083Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.083Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.084Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.084Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T21:53:41.102Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.102Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.137Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T21:53:41.138Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T21:53:41.149Z DEBUG vopono::exec                            > Interface: eth0@if143
 2022-08-19T21:53:41.149Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.149Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.622Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es171.ovpn
 2022-08-19T21:53:41.625Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T21:53:41.625Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T21:53:41.628Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T21:53:41.631Z DEBUG vopono_core::util                       > Existing interfaces: 142: eth0@if143: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T21:53:41.672Z DEBUG vopono_core::util                       > Assigned IPs: [172.18.0.6/16]
 2022-08-19T21:53:41.673Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T21:53:41.727Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T21:53:41.771Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T21:53:41.771Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T21:53:41.771Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T21:53:41.775Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T21:53:41.777Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T21:53:41.848Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev nordvpn_spain_d
 2022-08-19T21:53:41.851Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.1.2/24 dev nordvpn_spain_s
 2022-08-19T21:53:41.891Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.1.1 dev nordvpn_spain_s
 2022-08-19T21:53:41.951Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2022-08-19T21:53:41.951Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2022-08-19T21:53:41.951Z DEBUG vopono_core::util                       > iptables -t nat -A POSTROUTING -s 10.200.1.0/24 -o eth0@if143 -j MASQUERADE
 2022-08-19T21:53:41.971Z DEBUG vopono_core::util                       > iptables -I FORWARD -i nordvpn_spain_d -o eth0@if143 -j ACCEPT
 2022-08-19T21:53:41.973Z DEBUG vopono_core::util                       > iptables -I FORWARD -o nordvpn_spain_d -i eth0@if143 -j ACCEPT
 2022-08-19T21:53:41.976Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.ip_forward=1
 2022-08-19T21:53:41.982Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.982Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.982Z DEBUG vopono_core::config::vpn                > Read auth file: /root/.config/vopono/nordvpn/openvpn/auth.txt
 2022-08-19T21:53:41.989Z DEBUG vopono_core::network::dns_config        > Setting namespace vopono_nordvpn_spain DNS server to 103.86.96.100, 103.86.99.100
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:42.003Z INFO  vopono_core::network::openvpn           > Launching OpenVPN...
 2022-08-19T21:53:42.004Z DEBUG vopono_core::network::openvpn           > Detected IPv6 enabled in /sys/module/ipv6/parameters/disable
 2022-08-19T21:53:42.004Z DEBUG vopono_core::network::openvpn           > Found remotes: [Remote { host: IPv4(31.13.188.107), port: 443, protocol: TCP }]
 2022-08-19T21:53:42.004Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain openvpn --config /root/.config/vopono/nordvpn/openvpn/spain-es171.ovpn --machine-readable-output --log /root/.config/vopono/logs/vopono_nordvpn_spain_openvpn.log --auth-user-pass /root/.config/vopono/nordvpn/openvpn/auth.txt --pull-filter ignore block-outside-dns
 2022-08-19T21:53:42.295Z DEBUG vopono_core::network::openvpn           > 1660946022.295803 40 WARNING: file '/root/.config/vopono/nordvpn/openvpn/auth.txt' is group or others accessible
 2022-08-19T21:53:42.295Z DEBUG vopono_core::network::openvpn           > 1660946022.295814 1 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
 2022-08-19T21:53:42.295Z DEBUG vopono_core::network::openvpn           > 1660946022.295820 1 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
 2022-08-19T21:53:42.311Z DEBUG vopono_core::network::openvpn           > 1660946022.311880 40 WARNING: --ping should normally be used with --ping-restart or --ping-exit
 2022-08-19T21:53:42.311Z DEBUG vopono_core::network::openvpn           > 1660946022.311888 1 NOTE: --fast-io is disabled since we are not using UDP
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324587 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324596 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324913 1 TCP/UDP: Preserving recently used remote address: [AF_INET]31.13.188.107:443
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324943 2b000003 Socket Buffers: R=[131072->131072] S=[16384->16384]
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324947 1 Attempting to establish TCP connection with [AF_INET]31.13.188.107:443 [nonblock]

and then:

2022-08-19T21:55:42.335Z DEBUG vopono_core::network::openvpn           > 1660946142.335404 1000021 TCP: connect to [AF_INET]31.13.188.107:443 failed: Connection timed out
 2022-08-19T21:55:42.335Z DEBUG vopono_core::network::openvpn           > 1660946142.335451 1 SIGUSR1[connection failed(soft),init_instance] received, process restarting
 2022-08-19T21:55:42.335Z DEBUG vopono_core::network::openvpn           > 1660946142.335460 21000003 Restart pause, 5 second(s)
 2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335554 40 WARNING: --ping should normally be used with --ping-restart or --ping-exit
 2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335567 1 NOTE: --fast-io is disabled since we are not using UDP
 2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335671 1 TCP/UDP: Preserving recently used remote address: [AF_INET]31.13.188.107:443
 2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335685 2b000003 Socket Buffers: R=[131072->131072] S=[16384->16384]
 2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335688 1 Attempting to establish TCP connection with [AF_INET]31.13.188.107:443 [nonblock]

Distro info

cat /etc/os-release 
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
jamesmcm commented 2 years ago

Hmm can you try it with --no-killswitch just to see if it's a firewall issue?

aniplayIt commented 2 years ago

With NfTables:

vopono --verbose exec --no-killswitch "curl ifconfig.co/country"
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.344Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T22:05:54.344Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.345Z DEBUG vopono_core::util > Existing namespaces: ["vopono_nordvpn_spain"]
 2022-08-19T22:05:54.345Z DEBUG vopono_core::util > PIDs active in vopono_nordvpn_spain: []
 2022-08-19T22:05:54.345Z DEBUG vopono_core::util > Removing dead namespace: vopono_nordvpn_spain
 2022-08-19T22:05:54.346Z DEBUG vopono_core::util > ip netns delete vopono_nordvpn_spain
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T22:05:54.375Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T22:05:54.375Z WARN  vopono::exec                            > Multiple network interfaces are active: [
    "nordvpn_spain_d@if34",
    "eth0@if143",
], consider specifying the interface with the -i argument. Using nordvpn_spain_d@if34
 2022-08-19T22:05:54.375Z DEBUG vopono::exec                            > Interface: nordvpn_spain_d@if34
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.376Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.396Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es170.ovpn
 2022-08-19T22:05:54.397Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T22:05:54.397Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T22:05:54.398Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T22:05:54.399Z DEBUG vopono_core::util                       > Existing interfaces: 35: nordvpn_spain_d@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7a:b6:c5:bb:77:79 brd ff:ff:ff:ff:ff:ff link-netnsid unknown
    inet 10.200.1.1/24 scope global nordvpn_spain_d
       valid_lft forever preferred_lft forever
142: eth0@if143: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T22:05:54.399Z DEBUG vopono_core::util                       > Assigned IPs: [10.200.1.1/24, 172.18.0.6/16]
 2022-08-19T22:05:54.399Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T22:05:54.478Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T22:05:54.510Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T22:05:54.510Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T22:05:54.510Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T22:05:54.511Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T22:05:54.512Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T22:05:54.547Z DEBUG vopono_core::util                       > ip addr add 10.200.2.1/24 dev nordvpn_spain_d
 2022-08-19T22:05:54.547Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.2.2/24 dev nordvpn_spain_s
 2022-08-19T22:05:54.598Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.2.1 dev nordvpn_spain_s
 2022-08-19T22:05:54.650Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.2.2
 2022-08-19T22:05:54.650Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.2.1
 2022-08-19T22:05:54.650Z DEBUG vopono_core::util                       > nft add table inet vopono_nat
 2022-08-19T22:05:54.719Z DEBUG vopono_core::util                       > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
Error: Could not process rule: No such file or directory
add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.779Z INFO  vopono_core::network::netns             > Shutting down vopono namespace - as there are no processes left running inside
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > ip link delete nordvpn_spain_d
 2022-08-19T22:05:54.811Z DEBUG vopono_core::util                       > ip netns delete vopono_nordvpn_spain
Error: Failed to create nft postrouting chain in vopono_nat

Caused by:
    Command failed: nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }

With IpTables:

vopono --verbose exec --no-killswitch "curl ifconfig.co/country"
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.145Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T22:12:07.145Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Existing namespaces: []
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T22:12:07.149Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.149Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T22:12:07.149Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T22:12:07.152Z DEBUG vopono::exec                            > Interface: eth0@if151
 2022-08-19T22:12:07.152Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.152Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.170Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es191.ovpn
 2022-08-19T22:12:07.171Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T22:12:07.171Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T22:12:07.171Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T22:12:07.172Z DEBUG vopono_core::util                       > Existing interfaces: 150: eth0@if151: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T22:12:07.173Z DEBUG vopono_core::util                       > Assigned IPs: [172.18.0.6/16]
 2022-08-19T22:12:07.173Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T22:12:07.255Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T22:12:07.287Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T22:12:07.287Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T22:12:07.287Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T22:12:07.291Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T22:12:07.293Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T22:12:07.336Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev nordvpn_spain_d
 2022-08-19T22:12:07.339Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.1.2/24 dev nordvpn_spain_s
 2022-08-19T22:12:07.415Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.1.1 dev nordvpn_spain_s
 2022-08-19T22:12:07.459Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2022-08-19T22:12:07.459Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2022-08-19T22:12:07.459Z DEBUG vopono_core::util                       > iptables -t nat -A POSTROUTING -s 10.200.1.0/24 -o eth0@if151 -j MASQUERADE
 2022-08-19T22:12:07.462Z DEBUG vopono_core::util                       > iptables -I FORWARD -i nordvpn_spain_d -o eth0@if151 -j ACCEPT
 2022-08-19T22:12:07.465Z DEBUG vopono_core::util                       > iptables -I FORWARD -o nordvpn_spain_d -i eth0@if151 -j ACCEPT
 2022-08-19T22:12:07.467Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.ip_forward=1
 2022-08-19T22:12:07.481Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.481Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.481Z DEBUG vopono_core::config::vpn                > Read auth file: /root/.config/vopono/nordvpn/openvpn/auth.txt
 2022-08-19T22:12:07.482Z DEBUG vopono_core::network::dns_config        > Setting namespace vopono_nordvpn_spain DNS server to 103.86.96.100, 103.86.99.100
 2022-08-19T22:12:07.486Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.486Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.491Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.491Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.491Z INFO  vopono_core::network::openvpn           > Launching OpenVPN...
 2022-08-19T22:12:07.491Z DEBUG vopono_core::network::openvpn           > Detected IPv6 enabled in /sys/module/ipv6/parameters/disable
 2022-08-19T22:12:07.491Z DEBUG vopono_core::network::openvpn           > Found remotes: [Remote { host: IPv4(185.199.100.3), port: 443, protocol: TCP }]
 2022-08-19T22:12:07.491Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain openvpn --config /root/.config/vopono/nordvpn/openvpn/spain-es191.ovpn --machine-readable-output --log /root/.config/vopono/logs/vopono_nordvpn_spain_openvpn.log --auth-user-pass /root/.config/vopono/nordvpn/openvpn/auth.txt --pull-filter ignore block-outside-dns
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532718 40 WARNING: file '/root/.config/vopono/nordvpn/openvpn/auth.txt' is group or others accessible
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532734 1 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532741 1 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532849 40 WARNING: --ping should normally be used with --ping-restart or --ping-exit
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532854 1 NOTE: --fast-io is disabled since we are not using UDP
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533106 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533125 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533230 1 TCP/UDP: Preserving recently used remote address: [AF_INET]185.199.100.3:443
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533280 2b000003 Socket Buffers: R=[131072->131072] S=[16384->16384]
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533284 1 Attempting to establish TCP connection with [AF_INET]185.199.100.3:443 [nonblock]
aniplayIt commented 2 years ago

Any idea? @jamesmcm

jamesmcm commented 2 years ago

Can you test just nftables alone, like:

sudo ip netns add testnetns2
sudo ip netns exec testnetns2 ip addr add ::1/8 dev lo
sudo ip netns exec testnetns2 ip link set lo up
sudo ip link add testnetns2_d type veth peer name testnetns2_s
sudo ip link set testnetns2_d up
sudo ip link set testnetns2_s netns testnetns2 up
sudo ip addr add 10.200.3.1/24 dev testnetns2_d
sudo ip netns exec testnetns2 ip addr add 10.200.3.2/24 dev testnetns2_s
sudo ip netns exec testnetns2 ip route add default via 10.200.3.1 dev testnetns2_s
sudo ip netns exec testnetns2 ip -6 route add default via fe80::c418:42ff:fec9:62b6 dev testnetns2_s
sudo nft add table inet testnetns2_nat
sudo nft add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ; }
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip saddr 10.200.3.0/24 counter masquerade
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip6 saddr fe80::c418:42ff:fec9:62b6/24 counter masquerade
sudo nft add table inet testnetns2_bridge
sudo nft add chain inet testnetns2_bridge forward { type filter hook forward priority -10 ; }
sudo nft add rule inet testnetns2_bridge forward iifname testnetns2_d oifname enp3s0f3u1 counter accept
sudo nft add rule inet testnetns2_bridge forward oifname testnetns2_d iifname enp3s0f3u1 counter accept
sudo sysctl -q net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 bash

Then run: 

ping 8.8.8.8

Inside that test network namespace?

aniplayIt commented 2 years ago

Can you test just nftables alone, like:

sudo ip netns add testnetns2
sudo ip netns exec testnetns2 ip addr add ::1/8 dev lo
sudo ip netns exec testnetns2 ip link set lo up
sudo ip link add testnetns2_d type veth peer name testnetns2_s
sudo ip link set testnetns2_d up
sudo ip link set testnetns2_s netns testnetns2 up
sudo ip addr add 10.200.3.1/24 dev testnetns2_d
sudo ip netns exec testnetns2 ip addr add 10.200.3.2/24 dev testnetns2_s
sudo ip netns exec testnetns2 ip route add default via 10.200.3.1 dev testnetns2_s
sudo ip netns exec testnetns2 ip -6 route add default via fe80::c418:42ff:fec9:62b6 dev testnetns2_s
sudo nft add table inet testnetns2_nat
sudo nft add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ; }
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip saddr 10.200.3.0/24 counter masquerade
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip6 saddr fe80::c418:42ff:fec9:62b6/24 counter masquerade
sudo nft add table inet testnetns2_bridge
sudo nft add chain inet testnetns2_bridge forward { type filter hook forward priority -10 ; }
sudo nft add rule inet testnetns2_bridge forward iifname testnetns2_d oifname enp3s0f3u1 counter accept
sudo nft add rule inet testnetns2_bridge forward oifname testnetns2_d iifname enp3s0f3u1 counter accept
sudo sysctl -q net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 bash

Then run:

ping 8.8.8.8

Inside that test network namespace?

Mmm... I got stuck at: sudo nft 'add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ;}' Error: Could not process rule: No such file or directory add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ;} ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

jamesmcm commented 2 years ago

Can you please check your version of nftables:

$ nft --version
  nftables v1.0.5 (Lester Gooch #4)

And Linux kernel:

$ uname -a
  Linux vivobook 5.19.5-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Mon, 29 Aug 2022 15:51:08 +0000 x86_64 GNU/Linux
aniplayIt commented 2 years ago

nftables v0.9.3 (Topsy) Linux 7662bcca328e 4.19.0-21-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64 x86_64 x86_64 GNU/Linux

jamesmcm commented 1 year ago

Try to update if you're able to, I think the issue is that that version lacks support for postrouting.