Closed AnonymousWebHacker closed 2 years ago
when I read the documentation, it is sent to create a table in the system paths, or add it as default. IF I do this, the captive portal that enters through the default route of eth0 does not load
@xjasonlyu Thank you for answering me, I appreciate your time Excuse my questions, the wiki is not entirely clear
I can use direct tun2sock to connect to a remote server?
tun2socks -device tun://tun0 -proxy ss://method:password@server_host:port
My case
tun2socks -device tun://tun0 -proxy ss://chacha20-ieft-poly1305:password@10.0.0.1:4444
This should create a tun0 interface, then, it is necessary, give it an ip range, and up.
The last step would be to add the routes for the system to use that interface.
Would all the traffic from my PC be going out through that interface? as if using normal outline-client.appimage?
I can use direct tun2sock to connect to a remote server?
Yes.
Would all the traffic from my PC be going out through that interface? as if using normal outline-client.appimage?
It depends your route tables which are configured on your own.
If I create a tun0 interface that redirects traffic to a shadowsocks server, can that tun0 interface be used by other machines in my internal network, as a gateway to exit through it?
Yes, by enabling ip forwarding.
@xjasonlyu I can't get it to work for me . Lab: VM Ubuntu eth0 ip: 144.100.1.4
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 144.100.1.4 netmask 255.255.248.0 broadcast 144.100.7.255
inet6 fe80::9c54:d4ff:fe59:67d0 prefixlen 64 scopeid 0x20<link>
ether 9e:54:d4:59:67:d0 txqueuelen 1000 (Ethernet)
RX packets 8762473 bytes 981174718 (981.1 MB)
RX errors 0 dropped 497690 overruns 0 frame 0
TX packets 294952 bytes 178551451 (178.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions
1 - tun2socks-linux-amd64 -device tun://tun0 -proxy ss://chacha20-ietf-poly1305:password@ip-server:port -loglevel debug
2 - ip addr add 144.100.1.30/21 dev tun0
tun create and up ifconfig tun0 up
tun0: flags=4240<POINTOPOINT,NOARP,MULTICAST> mtu 1500
inet 144.100.1.30 netmask 255.255.248.0 destination 144.100.1.30
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
without having added the route, it is already there when I check with route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 144.100.3.9 0.0.0.0 UG 0 0 0 eth0
144.100.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
144.100.0.0 0.0.0.0 255.255.248.0 U 0 0 0 tun0
3 - Add route ip route add 144.100.1.30/21 dev tun0
ip route add 144.100.1.30/21 dev tun0
Error: Invalid prefix for given prefix length.
and
route add -net 144.100.1.30 netmask 255.255.248.0 tun0
route: netmask doesn't match route address
Why would you want your TUN ip in the same subnet with your gateway?
I want it to have an IP subnet of the same network, because the objective is to connect a mikrotik to that tun0 interface and go to the internet through that gateway
try use multi interfaces, but don't assign that subnet ip to TUN
Hold on, you already have the eth0 in the same network.
Hold on, you already have the eth0 in the same network.
yes, eth0 is 144.100.1.4 and tun0 144.100.1.30 are on the same network
The idea is that the other PCs and mikrotik that are in the 144.100.1. * range can use tun0 144.100.1.30 of the gateway to go to the internet
Yes, that's what I do in my home-lab. But I use different network namespace for that and assign a reversed ip for TUN.
your tun2sock repo doesn't have a discussion channel on matrix.org? it is somewhat uncomfortable to speak for comments.
Anyway, you mean, you have 144.100.1. In your network and you give tun 100.144.1. For example?
The problem that happens to me is that tun0 is where tun0 would connect to the external server, and through eth0, is the captive portal.
If you do not log in to the eth0 portal, tun0 cannot connect to the external server. That's why I can't put it in the system paths as the default route
your tun2sock repo doesn't have a discussion channel on matrix.org? it is somewhat uncomfortable to speak for comments.
Hmm, what is that?
Anyway, you mean, you have 144.100.1. In your network and you give tun 100.144.1. For example?
My network subnet is 10.0.0.0/16
and my tun2socks is running in an isolated namespace (eth0 is 10.0.0.2/16
, tun0 is 198.18.0.1/15
)
The problem that happens to me is that tun0 is where tun0 would connect to the external server, and through eth0, is the captive portal.
If you do not log in to the eth0 portal, tun0 cannot connect to the external server. That's why I can't put it in the system paths as the default route
Why tun0 need to connect to external server? that's not how it works. You don't have to make it as the default route, just customize the routes as you need.
@xjasonlyu https://matrix.to/#/#tun2socks:matrix.org register, to give you the administration of the room and you can add it to your repository as discussions
@xjasonlyu https://matrix.to/#/#tun2socks:matrix.org register, to give you the administration of the room and you can add it to your repository as discussions
But GitHub already have discussion feature for repos
hahaha seriously don't you know what is Matrix or Element? It is a chat that allows public and private rooms, discussions ... etc, I was surprised that tun2sock did not have its room.
tun0 needs to connect to an external shadowsock server
hahaha seriously don't you know what is Matrix or Element? It is a chat that allows public and private rooms, discussions ... etc, I was surprised that tun2sock did not have its room.
Something like Discord? I don't think every repo would have their discussion room either.
tun0 needs to connect to an external shadowsock server
No, tun0 is only for LAN packets send/receive, it's not responsible for connecting servers.
You should try it, most of the repositories have a room and it is easier when solving problems, it is more practical.
According to the wiki, I can run this, so that tun0 connects to an external shadowsock server
tun2socks-linux-amd64 -device tun://tun0 -proxy ss://chacha20-ietf-poly1305:password@ip-server:port -loglevel debug
No, it’s just command line arguments, it means little
No, son solo argumentos de línea de comando, significa poco
so? I do not understand, with this line tun2sock, did not redirect the traffic to an external shadowsock? ip-server:port
tun2socks-linux-amd64 -device tun://tun0 -proxy ss://chacha20-ietf-poly1305:password@ip-server:port -loglevel debug
In general, it "redirects" the traffic from tun0 to remote server, but in code implementation, it uses tun0 to receive lan packets and uses another interface like eth0 to connect server.
@xjasonlyu VM Ubuntu etho 1.4 and tun0 1.30 [(already activate the enabling ip forwarding)]
tun2socks-linux-amd64 -device tun://tun0 -proxy ss://chacha20-ietf-poly1305:pass@ip-server:port-loglevel debug
ip addr add 144.100.1.30/21 dev tun0
ifconfig tun0 up
ifconfig
root@outline:/home/proxmox# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 144.100.1.4 netmask 255.255.248.0 broadcast 144.100.7.255
inet6 fe80::9c54:d4ff:fe59:67d0 prefixlen 64 scopeid 0x20<link>
ether 9e:54:d4:59:67:d0 txqueuelen 1000 (Ethernet)
RX packets 10217455 bytes 1159604996 (1.1 GB)
RX errors 0 dropped 581920 overruns 0 frame 0
TX packets 555644 bytes 253654783 (253.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 12073 bytes 74307471 (74.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12073 bytes 74307471 (74.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 144.100.1.30 netmask 255.255.248.0 destination 144.100.1.30
inet6 fe80::3d2f:1348:8f8d:17d3 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 48 (48.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
route add -net 144.100.1.30 netmask 255.255.255.255 gw 144.100.1.30 dev tun0
root@outline:/home/proxmox# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 144.100.3.9 0.0.0.0 UG 0 0 0 eth0
144.100.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
144.100.0.0 0.0.0.0 255.255.248.0 U 0 0 0 tun0
144.100.1.30 144.100.1.30 255.255.255.255 UGH 0 0 0 tun0
testing curl on interface tun0 on this PC [successful] tun0 has internet, checked by curl test
curl -C - -O https://website/uploads/d89x298.png --interface tun0
** Resuming transfer from byte position 18418
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 190 100 190 0 0 114 0 0:00:01 0:00:01 --:--:-- 114
On another PC with this configuration ip: 144.100.1.5 gateway: 144.100.1.30 netmask: 255.255.255.255 or 255.255.248.0
that PC 1.5, does not have internet, or tun0 is not working for the network :(
you're not doing it right, see this how to config routes and others: https://github.com/xjasonlyu/tun2socks/blob/main/docker/entrypoint.sh
Mi subred de red es
10.0.0.0/16
y mi tun2socks se está ejecutando en un espacio de nombres aislado (eth0 es10.0.0.2/16
, tun0 es198.18.0.1/15
)
If any of your machines on your 10.0.0.0/16 network want to go internet? Can you use eth0 10.0.0.2/16 as a gateway? If so, how would the routes or rules of iptables look like?
If any of your machines on your 10.0.0.0/16 network want to go internet? Can you use eth0 10.0.0.2/16 as a gateway?
Of course, that's the whole purpose
If so, how would the routes or rules of iptables look like?
I believe it's pretty much obvious in the entrypoint.sh script, there're two tables and it uses fwmark to prevent route loop. And you can even use the script to setup your own environment without docker.
What happens in my case is that this VM has an interface eth0 and tun0
To browse the internet, there is a captive portal that you have to set up an account, that captive portal, I get to it through eth0 and gateway of 144.100.3.9.
According to the tutorials that I have seen, they eliminate the route by defualt, and add the one of the tun, example https://rucore.net/en/tun2socks-vpn-via-proxy/
ip route del default
ip route add default dev tun
I cannot delete my default route, because it would not reach the captive portal
root@outline:/tmp# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 144.100.3.9 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.248.0 U 0 0 0 tun0
144.100.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
You can add your portal ip as an exception, e.g. ip route add $portal_ip via 144.100.3.9 dev eth0
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
I have an Ubuntu VM with shadosock server and a Ubutnu VM with a client
VM Ubuntu - Shadowsock Server - 10.0.0.1 VM Ubuntu - Shadowsock Client - [eth0 -192.0.0.1 & tun0-192.0.0.2]
1 - In the VM Client , I have a shadowsock client running perfect, it creates a local proxy for me localhost:1080 So my idea was to use tun2sock, to create a tun0 interface
tun2socks --device tun://tun0 -proxy socks5://127.0.0.1:1080 --interface tun0
thistun0-192.0.0.2
So reading the wiki, I see this, but I don't know if i was use
socks5://
orss://
what is it supposed to be
;obfs-host=xxx>
and/<?obfs=http;obfs-host=xxx>
any example?2 - In client Ubuntu VM, I have those two interfaces eth0 and tun0 eth0 - It is a captive portal, I have to authenticate myself tun0 - supposedly the interface to connect to the external shadowsock server
supposedly the interface to connect to the external shadowsock server