search

zehome / MLVPN

Multi-link VPN (ADSL/SDSL/xDSL/Network aggregation / bonding)
http://www.mlvpn.fr/
BSD 2-Clause "Simplified" License
520 stars 126 forks source link

mlvpn server does not open ports #143

Open felartu opened 3 years ago

felartu commented 3 years ago

Hi,

We are seeing a situation where mlvpn does not open any of the UDP ports on the server side.

config:

[general]
statuscommand = "/etc/mlvpn/mlvpn0_updown.sh"
tuntap = "tun"
mode = "server"
interface_name = "mlvpn0"
timeout = 30
password = "pleasechangeme!"
reorder_buffer_size = 64
loss_tolerence = 50

[filters]

[isp1]
bindport = 5080

[isp2]
bindport = 5081

Netstat output

# netstat -tulpana
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      13426/systemd-resol
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      897/sshd
tcp        0   1080 172.31.111.23:22        2.2.2.2:54520    ESTABLISHED 25445/sshd: [accept
tcp        0    340 172.31.47.212:22        1.1.1.1:53580     ESTABLISHED 15836/sshd: ubuntu
tcp6       0      0 :::22                   :::*                    LISTEN      897/sshd
udp        0      0 127.0.0.53:53           0.0.0.0:*                           13426/systemd-resol
udp        0      0 172.31.47.212:68        0.0.0.0:*                           713/systemd-network

Strace shows that the process is stuck after binding the ports and running read()

socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET6, sin6_port=htons(5081), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = 0
getsockname(4, {sa_family=AF_INET6, sin6_port=htons(46710), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 0
connect(4, {sa_family=AF_UNSPEC, sa_data="\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
connect(4, {sa_family=AF_INET, sin_port=htons(5081), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
getsockname(4, {sa_family=AF_INET6, sin6_port=htons(58360), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, [28]) = 0
close(4)                                = 0
write(3, "\2\0\0\0\0\0\0\0", 8)         = 8
write(3, "\0\0\0\0", 4)                 = 4
write(3, "\n\0\0\0", 4)                 = 4
write(3, "\2\0\0\0", 4)                 = 4
write(3, "\21\0\0\0", 4)                = 4
write(3, "\34\0\0\0", 4)                = 4
write(3, "\n\0\23\331\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\0", 28) = 28
write(3, "\0\0\0\0", 4)                 = 4
write(3, "\2\0\0\0", 4)                 = 4
write(3, "\2\0\0\0", 4)                 = 4
write(3, "\21\0\0\0", 4)                = 4
write(3, "\20\0\0\0", 4)                = 4
write(3, "\2\0\23\331\177\0\0\1\0\0\0\0\0\0\0\0", 16) = 16
read(3,   <---- stuck here

mlvpn process is alive and shows both link as down, with an exclamation mark !

System information

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.5 LTS
Release:        18.04
Codename:       bionic
root@ip-172-31-47-212:/etc/mlvpn# uname -r
5.3.0-1035-aws
zehome commented 3 years ago

I think you need to specify bindhost=

felartu commented 3 years ago

added bindhost="IP" and no still no port is opened.

zehome commented 3 years ago

can you launch mlvpn on the command line with -vv --debug so see if a syscall failed ?

felartu commented 3 years ago

# mlvpn --user root -c /etc/mlvpn/mlvpn0.conf –debug -vv

Outputs nothing.

zehome commented 3 years ago

You need to specify --yes-run-as-root, otherwise mlvpn will exit when run as root

felartu commented 3 years ago

By outputs nothing I mean it runs but doesn't exit, strace still shows it gets stuck in read()

with --yes-run-as-root still gets stuck and doesn't output anything.

felartu commented 3 years ago

Any hint?