zehome
commented
3 years ago can you share your configuration files with passwords stripped ?
Closed gpontis closed 2 years ago
zehome
commented
3 years ago can you share your configuration files with passwords stripped ?
gpontis
commented
3 years ago [general] statuscommand = "/etc/mlvpn/mlvpn_updown.sh" mode = "server" ip4 = "10.44.43.2/30" ip4_gateway = "10.44.43.1" mtu = 1444 tuntap = "tun" interface_name = "tun0" timeout = 30 password = "password" cleartext_data = 0 reorder_buffer_size = 64
[filters] dsl1 = udp port 5060 dsl2 = udp port 5060
[dsl1] bindhost = "server public IPv4 addr" bindport = 65202 bandwidth_upload = 1687500 bandwidth_download = 143250 timeout = 25
[dsl2] bindhost = "server public IPv4 addr" bindport = 65203 bandwidth_upload = 1687500 bandwidth_download = 143250 timeout = 25`
[general] statuscommand = "/etc/mlvpn/mlvpn_updown.sh" mode = "client" ip4 = "10.44.43.1/30" ip4_gateway = "10.44.43.2" mtu = 1444 tuntap = "tun" interface_name = "tun0" timeout = 30 password = "password" cleartext_data = 0 reorder_buffer_size = 64
[filters] dsl1 = udp port port 5060 dsl2 = udp port port 5060
[dsl1] remotehost = "server's public IPv4 addr" remoteport = 65202 bindfib = 1
[dsl2] remotehost = "server's public IPv4 addr" remoteport = 65203 bindfib = 2'
zehome
commented
3 years ago ok I don't know, can you run in debug mode (mlvpn -u _mlvpn -c /etc/mlvpn/mlvpn.conf --debug -v)
gpontis
commented
3 years ago The example above was from running in debug mode. In the last couple of days, OpenBSD 6.9 came out. I tried a fresh install with mlvpn and saw the same error messages. I made other changes to the system, mostly to pf.conf, and later noticed that mlvpn connected without error. But I did not do it carefully enough to isolate the specific change and it might have been elsewhere.
zehome
commented
2 years ago self fixed?
gpontis
commented
2 years ago I found what led to the write error, but was never able to get good performance. It looked like there might have been some problems or configuration issue related to MTU as I was seeing a lot of duplicates. Eventually I migrated to OpenMPTCProuter and got good performance. However, in my network it came at the cost of requiring an additional computer and living with double NAT. If you were to release an updated MLVPN I would certainly give it another try.
From: Laurent Coustet @.> Sent: Thursday, October 28, 2021 9:28 AM To: zehome/MLVPN @.> Cc: GPontis @.>; Author @.> Subject: Re: [zehome/MLVPN] write error on physical interfaces (#156)
self fixed?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/zehome/MLVPN/issues/156#issuecomment-954007176 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIAOY3TGTHHZ5CCA5C6B63UJGB25ANCNFSM43WGTNVA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub . https://github.com/notifications/beacon/AAIAOYZ46MUELI72DUFZGG3UJGB25A5CNFSM43WGTNVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOHDOP5CA.gif
OpenBSD 6.8 mlvpn-2.3.5p1 ( from OpenBSD 6.9 packages ) Followed Solene's helpful article to install it.
hostname.ix2: rdomain 1 dhcp
hostname.ix3: rdomain 2 dhcp
p/o mlvpn.conf: [dsl1] remotehost=x.x.x.x remoteport=y bindfib=1
[dsl2] remotehost=x.x.x.x remoteport=z bindfib=2
Debugging on the client side:
mlvpn --user _mlvpn --debug -c mlvpn.conf
new password set reorder_buffer_size changed from 0 to 64 dsl1 tunnel added dsl2 tunnel added created interface tun0 dsl1 mlvpn_rtun_challenge_send dsl2 mlvpn_rtun_challenge_send dsl2 write error: Permission denied dsl1 write error: Permission denied ( repeated )
I noticed the write errors happening while configuring the initial installation, but then they went away. I thought that it was fixed by the config file edits. Eventually I had it working without error and pf configured to support my environment. Everything was looking good until I rebooted the client, now seeing these errors again.
Suggestions for where to look ?