zehome / MLVPN

Multi-link VPN (ADSL/SDSL/xDSL/Network aggregation / bonding)
http://www.mlvpn.fr/
BSD 2-Clause "Simplified" License
523 stars 130 forks source link

How do I set up in a reverse scenario? (The Server have 2 links with 2 IPs, the client have 1 link) #133

Open freemangl opened 4 years ago

freemangl commented 4 years ago

I have been studying MLVPN for several days, But I never figured out how to set up routing and configuration in this scenario: I tried, but never works.

My network topology: https://i.imgur.com/0uwNmF6.png

Any one can help?

zehome commented 4 years ago

mlvpn don't really care who is the server and who is the client. Just configure the server where you don't have the NAT.

freemangl commented 4 years ago

mlvpn don't really care who is the server and who is the client. Just configure the server where you don't have the NAT.

Thanks! Really fast reply.

I'm testing the server&client in a same subnet Clinet config:

[general]
statuscommand = "/etc/mlvpn/mlvpn0_updown.sh"
tuntap = "tun"
mode = "client"
interface_name = "mlvpn0"
timeout = 30
password = "321ewq"
reorder_buffer_size = 64
loss_tolerence = 50

[filters]

[adsl1]
bindhost = "192.168.0.119"
remotehost = "192.168.0.250"
remoteport = 5080

[adsl2]
bindhost = "192.168.0.119"
remotehost = "192.168.0.250"
remoteport = 5081

Server config:

[general]
statuscommand = "/etc/mlvpn/mlvpn0_updown.sh"
tuntap = "tun"
mode = "server"
interface_name = "mlvpn0"
timeout = 30
password = "321ewq"
reorder_buffer_size = 64
loss_tolerence = 50

[filters]

[adsl1]
bindport = 5080

[adsl2]
bindport = 5081

It seems to be working Client output:

root@ubcloud:~# mlvpn -u freeman -c /etc/mlvpn/mlvpn0.conf --debug -v
2020-07-31T14:32:05 [ DBG] absolute maximum mtu: 1444
2020-07-31T14:32:05 [INFO/config] new password set
2020-07-31T14:32:05 [INFO/config] reorder_buffer_size changed from 0 to 64
2020-07-31T14:32:05 [INFO/config] adsl1 tunnel added
2020-07-31T14:32:05 [INFO/config] adsl2 tunnel added
2020-07-31T14:32:05 [INFO] created interface `mlvpn0'
2020-07-31T14:32:05 [INFO] adsl1 bind to 192.168.0.119
2020-07-31T14:32:05 [ DBG/protocol] adsl1 mlvpn_rtun_challenge_send
2020-07-31T14:32:05 [INFO] adsl2 bind to 192.168.0.119
2020-07-31T14:32:05 [ DBG/protocol] adsl2 mlvpn_rtun_challenge_send
2020-07-31T14:32:05 [ DBG/net] > adsl2 sent 46 bytes (size=2, type=0, seq=0, reorder=1)
2020-07-31T14:32:05 [ DBG/net] > adsl1 sent 46 bytes (size=2, type=0, seq=0, reorder=1)
2020-07-31T14:32:06 [ DBG/protocol] adsl1 mlvpn_rtun_challenge_send
2020-07-31T14:32:06 [ DBG/protocol] adsl2 mlvpn_rtun_challenge_send

server output:

root@ubcloud:~# mlvpn -u freeman -c /etc/mlvpn/mlvpn0.conf --debug -v
2020-07-31T14:31:58 [ DBG] absolute maximum mtu: 1444
2020-07-31T14:31:58 [INFO/config] new password set
2020-07-31T14:31:58 [INFO/config] reorder_buffer_size changed from 0 to 64
2020-07-31T14:31:58 [INFO/config] adsl1 tunnel added
2020-07-31T14:31:58 [INFO/config] adsl2 tunnel added
2020-07-31T14:31:58 [INFO] created interface `mlvpn0'

The link is still down, how Can I debug?

root@ubcloud:~# ps -ef|grep mlvpn
root      10017   9878  0 14:39 pts/2    00:00:00 mlvpn: mlvpn [priv]
freeman   10018  10017  0 14:39 pts/2    00:00:00 mlvpn: mlvpn !adsl2 !adsl1

root@ubcloud:/var/log# cat /var/log/mlvpn_commands.log
cat: /var/log/mlvpn_commands.log: No such file or directory
zehome commented 4 years ago
freeman   10018  10017  0 14:39 pts/2    00:00:00 mlvpn: mlvpn !adsl2 !adsl1

! means it's not connected.

2020-07-31T14:32:05 [ DBG/net] > adsl2 sent 46 bytes (size=2, type=0, seq=0, reorder=1)
2020-07-31T14:32:05 [ DBG/net] > adsl1 sent 46 bytes (size=2, type=0, seq=0, reorder=1)

That means we are sending packets, but without any response. Check what packets exits / enters mlvpn, using tcpdump. (Firewall problem?)

You should disable reordering (reorder_buffer_size=0), it doesn't work properly.

freemangl commented 4 years ago

Check what packets exits / enters mlvpn, using tcpdump. (Firewall problem?)

I'm testing the server & client in a same subnet Server ip: 192.168.0.250/24 Client ip: 192.168.0.119/24

Thanks, both udp 5080 & 5081 recieved packets on Server side:

root@ubcloud:~# tcpdump -c 2 -q -XX -vvv -nn -i ens33 udp dst port 5080
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 by                                                                    tes
15:10:31.540265 IP (tos 0x0, ttl 64, id 20518, offset 0, flags [DF], proto UDP (                                                                    17), length 74)
    192.168.0.119.37660 > 192.168.0.250.5080: [bad udp cksum 0x8309 -> 0x1097!]                                                                     UDP, length 46
        0x0000:  000c 298b abf7 000c 29ef e29d 0800 4500  ..).....).....E.
        0x0010:  004a 5026 4000 4011 67bb c0a8 0077 c0a8  .JP&@.@.g....w..
        0x0020:  00fa 931c 13d8 0036 8309 0012 0104 b474  .......6.......t
        0x0030:  ffff 4ffb b2f3 0000 0000 0000 003c 0000  ..O..........<..
        0x0040:  0000 0000 0000 d695 e81e 725a 5fe1 6b61  ..........rZ_.ka
        0x0050:  fa22 acb8 e82f 8121                      .".../.!
15:10:32.540526 IP (tos 0x0, ttl 64, id 20567, offset 0, flags [DF], proto UDP (                                                                    17), length 74)
    192.168.0.119.37660 > 192.168.0.250.5080: [bad udp cksum 0x8309 -> 0x4afe!]                                                                     UDP, length 46
        0x0000:  000c 298b abf7 000c 29ef e29d 0800 4500  ..).....).....E.
        0x0010:  004a 5057 4000 4011 678a c0a8 0077 c0a8  .JPW@.@.g....w..
        0x0020:  00fa 931c 13d8 0036 8309 0012 0104 b85c  .......6.......\
        0x0030:  ffff 4ffb b2f3 0000 0000 0000 003d 0000  ..O..........=..
        0x0040:  0000 0000 0000 e38e 9d3c 9556 7f90 a27d  .........<.V...}
        0x0050:  dac3 a1e7 296a efe8                      ....)j..
2 packets captured
3 packets received by filter
0 packets dropped by kernel
root@ubcloud:~# tcpdump -c 2 -q -XX -vvv -nn -i ens33 udp dst port 5081
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
15:10:55.539751 IP (tos 0x0, ttl 64, id 23837, offset 0, flags [DF], proto UDP (17), length 74)
    192.168.0.119.49794 > 192.168.0.250.5081: [bad udp cksum 0x8309 -> 0xb29f!] UDP, length 46
        0x0000:  000c 298b abf7 000c 29ef e29d 0800 4500  ..).....).....E.
        0x0010:  004a 5d1d 4000 4011 5ac4 c0a8 0077 c0a8  .J].@.@.Z....w..
        0x0020:  00fa c282 13d9 0036 8309 0012 0104 1233  .......6.......3
        0x0030:  ffff 4dd8 1ea1 0000 0000 0000 0054 0000  ..M..........T..
        0x0040:  0000 0000 0000 ea3f be32 392f e055 237c  .......?.29/.U#|
        0x0050:  1182 05ca 894c eda1                      .....L..
15:10:56.539955 IP (tos 0x0, ttl 64, id 23906, offset 0, flags [DF], proto UDP (17), length 74)
    192.168.0.119.49794 > 192.168.0.250.5081: [bad udp cksum 0x8309 -> 0xa8fc!] UDP, length 46
        0x0000:  000c 298b abf7 000c 29ef e29d 0800 4500  ..).....).....E.
        0x0010:  004a 5d62 4000 4011 5a7f c0a8 0077 c0a8  .J]b@.@.Z....w..
        0x0020:  00fa c282 13d9 0036 8309 0012 0104 161b  .......6........
        0x0030:  ffff 4dd8 1ea1 0000 0000 0000 0055 0000  ..M..........U..
        0x0040:  0000 0000 0000 3a50 8fa8 644c bcc5 51b2  ......:P..dL..Q.
        0x0050:  7cb8 7b13 44d4 000b                      |.{.D...
2 packets captured
4 packets received by filter
0 packets dropped by kernel

Server mlvpn0_updown.sh:

root@ubcloud:~# vim /etc/mlvpn/mlvpn0_updown.sh
#!/bin/bash

error=0; trap "error=$((error|1))" ERR
tuntap_intf="$1"
newstatus="$2"
rtun="$3"
[ -z "$newstatus" ] && exit 1
(
if [ "$newstatus" = "tuntap_up" ]; then
    echo "$tuntap_intf setup"
    /sbin/ip link set dev $tuntap_intf mtu 1400 up
    # NAT thru our server (eth0 is our output interface on the server)
    # LAN 192.168.0.0/24 from "client"
    /sbin/ip route add 192.168.0.0/24 dev $tuntap_intf
    /sbin/iptables -t nat -A POSTROUTING -o ens33 -s 192.168.0.0/24 -j MASQUERADE
elif [ "$newstatus" = "tuntap_down" ]; then
    /sbin/iptables -t nat -D POSTROUTING -o ens33 -s 192.168.0.0/24 -j MASQUERADE
fi
) >> /var/log/mlvpn_commands.log 2>&1
exit $errors