Open Knoppix1 opened 8 years ago
zehome
commented
8 years ago Pour avoir les traces en lançant a la main, il faut rajouter: --debug -v -Dprotocol
par exemple pour avoir les messages concernant le protocole, ou -vv pour avoir tous les messages.
Dans votre configuration, il manque le mot de passe. MLVPN ne démarrera pas sans mot de passe.
zehome
commented
8 years ago Aussi --user root va poser problème. Il FAUT créer un utilisateur spécifique pour mlvpn.
La configuration semble bizzare. Les fichiers d'exemple sont installés dans /usr/share/doc/mlvpn/examples pour un package debian, ou dans /usr/local/share/doc/mlvpn/examples pour un make install. Sinon dans les ources, le fichier d'exemple est dans doc/examples/.
Knoppix1
commented
8 years ago Même sur un Dabian (coté serveur) et pas Rasbian le apt-get mlvpn ne me donne pas les fichiers de conf j'ai réucpéré ça dans /usr/share/doc/mlvpn/examples et adapter pour le client et le serveur. Attention je ne vous ai copié que les lignes dé commenté.
J'ai lancé ça par le root car dans la dernière doc : http://mlvpn.readthedocs.org/en/ev/getting_started.html vous dite de changer les fichiers de conf pour les rendre accessible que par root (a moins que j'ai mal compris : chmod 700 /etc/mlvpn/mlvpn0_updown.sh; chown root:root /etc/mlvpn/mlvpn0_updown.sh
Sur le serveur l'utilisateur a bien été crée quand je lance avec : mlvpn [priv] : unable to chroot: No such file or directory (ce qui me parait normal non ? )
Sur le raspberry j'ai créer un utilisateur mlvpn group root : useradd mlvpn -c "mlvpn" -d /var/empty -s /sbin/nologin -g root et meme message : mlvpn: unable to chroot: No such file or directory
Et quand je lance en root des deux cotés sur le serveur ça me créer bien l'interface du tunel avec la bonne addresse par contre sur le client l'interface y est mais pas l'adresse :
mlvpn0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1444 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:500 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Le debug -vv (coté client):
2015-11-19T15:08:35 [ DBG] absolute maximum mtu: 1444 2015-11-19T15:08:35 [INFO/config] new password set 2015-11-19T15:08:35 [INFO/config] reorder_buffer_size changed from 0 to 64 2015-11-19T15:08:35 [INFO/config] adsl1 tunnel added 2015-11-19T15:08:35 [INFO/config] adsl2 tunnel added 2015-11-19T15:08:35 [INFO] created interface `mlvpn0' 2015-11-19T15:08:35 [INFO] adsl1 bind to 192.168.1.222 2015-11-19T15:08:35 [ DBG/protocol] adsl1 mlvpn_rtun_challenge_send 2015-11-19T15:08:35 [INFO] adsl2 bind to 192.168.4.222 2015-11-19T15:08:35 [ DBG/protocol] adsl2 mlvpn_rtun_challenge_send 2015-11-19T15:08:35 [ DBG/net] > adsl2 sent 46 bytes (size=2, type=0, seq=0, reorder=0) 2015-11-19T15:08:35 [ DBG/net] > adsl1 sent 46 bytes (size=2, type=0, seq=0, reorder=0) 2015-11-19T15:08:36 [ DBG/protocol] adsl2 mlvpn_rtun_challenge_send 2015-11-19T15:08:36 [ DBG/protocol] adsl1 mlvpn_rtun_challenge_send 2015-11-19T15:08:36 [ DBG/net] > adsl1 sent 46 bytes (size=2, type=0, seq=0, reorder=0) 2015-11-19T15:08:36 [ DBG/net] > adsl2 sent 46 bytes (size=2, type=0, seq=0, reorder=0) 2015-11-19T15:08:37 [ DBG/protocol] adsl1 mlvpn_rtun_challenge_send 2015-11-19T15:08:37 [ DBG/protocol] adsl2 mlvpn_rtun_challenge_send 2015-11-19T15:08:37 [ DBG/net] > adsl2 sent 46 bytes (size=2, type=0, seq=0, reorder=0) 2015-11-19T15:08:37 [ DBG/net] > adsl1 sent 46 bytes (size=2, type=0, seq=0, reorder=0) 2015-11-19T15:08:38 [ DBG/protocol] adsl2 mlvpn_rtun_challenge_send 2015-11-19T15:08:38 [ DBG/protocol] adsl1 mlvpn_rtun_challenge_send
Knoppix1
commented
8 years ago Le mlvpn_updown.sh côté serveur :
error=0; trap "error=$((error|1))" ERR tuntap_intf="$1" newstatus="$2" rtun="$3" [ -z "$newstatus" ] && exit 1 ( if [ "$newstatus" = "tuntap_up" ]; then echo "$tuntap_intf setup" /sbin/ifconfig $tuntap_intf 10.42.42.1 netmask 255.255.255.252 mtu 1444 up
# mlvpn0 link
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.42.42.0/30 -j MASQUERADE
# LAN 172.10.20.0/24 from "client"
/sbin/route add -net 172.10.20.0/24 gw 10.42.42.2
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 172.10.20.0/24 -j MASQUERADEelif [ "$newstatus" = "tuntap_down" ]; then /sbin/route del -net 172.10.20.0/24 gw 10.42.42.2 /sbin/iptables -t nat -D POSTROUTING -o eth0 -s 10.42.42.0/30 -j MASQUERADE /sbin/iptables -t nat -D POSTROUTING -o eth0 -s 172.10.20.0/24 -j MASQUERADE fi ) >> /var/log/mlvpn_commands.log 2>&1 exit $errors
Knoppix1
commented
8 years ago J'ai remis au propre les conf avec un MTU a 1500 (meme si le propgramme créer tjs une interface a 1444) et un loss_tolerence à 40 dans l'adsl2 et plus dans le générale j'ai relancé tjs pareil des fois coté serveur j'ai un message voici ce quil dit :
section: general, var: statuscommand' val:/etc/mlvpn/mlvpn_updown.sh'
section: general, var: mode' val:server'
section: general, var: protocol' val:udp'
section: general, var: mtu' val:1500'
section: general, var: tuntap' val:tun'
section: general, var: loglevel' val:4'
section: general, var: interface_name' val:mlvpn0'
section: general, var: timeout' val:30'
section: general, var: password' val:***'
section: general, var: cleartext_data' val:0'
section: general, var: reorder_buffer_size' val:64'
section: adsl1, var: bindport' val:5080'
section: adsl1, var: latency_increase' val:10'
section: adsl2, var: bindport' val:5081'
section: adsl2, var: loss_tolerence' val:40'
[16:03:05][mlvpn.c:1465] Created tap interface mlvpn0
[16:03:05][mlvpn.c:253] MLVPN can't balance correctly the traffic on tunnels if bandwidth limit is disabled! (tun 'adsl1')
[16:03:05][mlvpn.c:253] MLVPN can't balance correctly the traffic on tunnels if bandwidth limit is disabled! (tun 'adsl2')
[16:03:05][mlvpn.c:320] Binding socket 7 to 0.0.0.0
[16:03:05][mlvpn.c:320] Binding socket 8 to 0.0.0.0
[16:04:44][mlvpn.c:847] [rtun adsl1] receive buffer overrun.
[16:04:44][mlvpn.c:903] [rtun adsl1] peer closed the connection 7.
[16:04:44][mlvpn.c:320] Binding socket 7 to 0.0.0.0
[16:04:44][mlvpn.c:847] [rtun adsl2] receive buffer overrun.
[16:04:44][mlvpn.c:903] [rtun adsl2] peer closed the connection 8.
[16:04:44][mlvpn.c:320] Binding socket 8 to 0.0.0.0
[16:06:15][mlvpn.c:847] [rtun adsl1] receive buffer overrun.
[16:06:15][mlvpn.c:903] [rtun adsl1] peer closed the connection 7.
[16:06:15][mlvpn.c:320] Binding socket 7 to 0.0.0.0
[16:06:15][mlvpn.c:847] [rtun adsl2] receive buffer overrun.
[16:06:15][mlvpn.c:903] [rtun adsl2] peer closed the connection 8.
[16:06:15][mlvpn.c:320] Binding socket 8 to 0.0.0.0
zehome
commented
8 years ago une MTU a 1500 n'a aucun sens. Laisser la valeur par défaut.
Knoppix1
commented
8 years ago Ok je viens de voir autre chose dans le fichier de conf que je n'avais pas configurer car je ne l'ai pas vu dans la doc toute cette partie il faut la paramétrer ?
Knoppix1
commented
8 years ago Bonjour,
J'ai tout repris de zéro, et je n'ai tjs pas de dossier MLVPN de créer J'applique l'installation comme sur OpenBSD c-a-d creation du dossier copie etc ?
Pour info voici ce que j'ai fait et les retours
Toutes les dépendances : apt-get install build-essential make autoconf libev-dev libsodium-dev libpcap0.8-dev (libpcap0.8-dev) car au moment du make fatal error: pcap/pcap.h: No such file or directory)
Le git git clone https://github.com/zehome/MLVPN mlvpn
Et les résultats du ./autogen.sh ./configure make et make install :
root@raspberrypi:~/mlvpn# ./autogen.sh configure.ac:21: installing 'build-aux/compile' configure.ac:65: installing 'build-aux/config.guess' configure.ac:65: installing 'build-aux/config.sub' configure.ac:15: installing 'build-aux/install-sh' configure.ac:15: installing 'build-aux/missing' src/Makefile.am: installing 'build-aux/depcomp' autogen.sh: for the next step: run ./configure
root@raspberrypi:~/mlvpn# ./configure
checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking whether to enable maintainer-specific portions of Makefiles... no checking whether make supports nested variables... (cached) yes checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking whether gcc understands -c and -o together... yes checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking for gcc option to accept ISO C99... -std=gnu99 checking for a sed that does not truncate output... /bin/sed checking how to run the C preprocessor... gcc -std=gnu99 -E checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking minix/config.h usability... no checking minix/config.h presence... no checking for minix/config.h... no checking whether it is safe to define EXTENSIONS... yes checking if compiler allows attribute on return types... yes checking whether res_init is declared... yes checking for res_init in -lresolv... no checking dirent.h usability... yes checking dirent.h presence... yes checking for dirent.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking sys/ndir.h usability... no checking sys/ndir.h presence... no checking for sys/ndir.h... no checking sys/dir.h usability... yes checking sys/dir.h presence... yes checking for sys/dir.h... yes checking ndir.h usability... no checking ndir.h presence... no checking for ndir.h... no checking valgrind/valgrind.h usability... no checking valgrind/valgrind.h presence... no checking for valgrind/valgrind.h... no checking build system type... armv7l-unknown-linux-gnueabihf checking host system type... armv7l-unknown-linux-gnueabihf checking for closefrom... no checking for pledge... no checking for setproctitle... no checking for setresgid... yes checking for setresuid... yes checking for strlcat... no checking for strlcpy... no checking for strnvis... no checking for sysconf... yes checking for vsnprintf... yes checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for libsodium... yes checking for libev... no checking ev.h usability... yes checking ev.h presence... yes checking for ev.h... yes checking for ev_time in -lev... yes checking whether to enable remote control system (cli and http)... yes checking whether to enable libpcap support for filters... yes checking for ronn... no configure: WARNING: ronn is not available, skip manpages build. checking that generated files are newer than configure... done configure: creating ./config.status config.status: creating Makefile config.status: creating doc/Makefile config.status: creating doc/examples/Makefile config.status: creating doc/examples/systemd/Makefile config.status: creating src/Makefile config.status: creating man/Makefile config.status: creating config.h config.status: executing depfiles commands
Le make :
root@raspberrypi:~/mlvpn# make make all-recursive make[1]: Entering directory '/root/mlvpn' Making all in src make[2]: Entering directory '/root/mlvpn/src' CC mlvpn-buffer.o CC mlvpn-configlib.o CC mlvpn-config.o CC mlvpn-tool.o CC mlvpn-privsep.o CC mlvpn-privsep_fdpass.o CC mlvpn-wrr.o CC mlvpn-crypto.o CC mlvpn-log.o CC mlvpn-reorder.o CC mlvpn-timestamp.o CC mlvpn-tuntap_generic.o CC mlvpn-mlvpn.o CC mlvpn-vis.o CC mlvpn-closefrom.o CC mlvpn-setproctitle.o CC mlvpn-strlcat.o CC mlvpn-strlcpy.o CC mlvpn-tuntap_linux.o CC mlvpn-systemd.o CC mlvpn-control.o CC mlvpn-filters.o CCLD mlvpn make[2]: Leaving directory '/root/mlvpn/src' Making all in man make[2]: Entering directory '/root/mlvpn/man' make[2]: Nothing to be done for 'all'. make[2]: Leaving directory '/root/mlvpn/man' Making all in doc make[2]: Entering directory '/root/mlvpn/doc' Making all in examples make[3]: Entering directory '/root/mlvpn/doc/examples' Making all in systemd make[4]: Entering directory '/root/mlvpn/doc/examples/systemd' GEN mlvpn-generator GEN mlvpn.service GEN mlvpn@.service GEN mlvpn.conf make[4]: Leaving directory '/root/mlvpn/doc/examples/systemd' make[4]: Entering directory '/root/mlvpn/doc/examples' GEN mlvpn.conf GEN mlvpn_updown.sh GEN mlvpn.init.d GEN mlvpn.rc make[4]: Leaving directory '/root/mlvpn/doc/examples' make[3]: Leaving directory '/root/mlvpn/doc/examples' make[3]: Entering directory '/root/mlvpn/doc' make[3]: Nothing to be done for 'all-am'. make[3]: Leaving directory '/root/mlvpn/doc' make[2]: Leaving directory '/root/mlvpn/doc' make[2]: Entering directory '/root/mlvpn' make[2]: Leaving directory '/root/mlvpn' make[1]: Leaving directory '/root/mlvpn'
Le make install :
root@raspberrypi:~/mlvpn# make install make install-recursive make[1]: Entering directory '/root/mlvpn' Making install in src make[2]: Entering directory '/root/mlvpn/src' make[3]: Entering directory '/root/mlvpn/src' /bin/mkdir -p '/usr/local/sbin' /usr/bin/install -c mlvpn '/usr/local/sbin' make[3]: Nothing to be done for 'install-data-am'. make[3]: Leaving directory '/root/mlvpn/src' make[2]: Leaving directory '/root/mlvpn/src' Making install in man make[2]: Entering directory '/root/mlvpn/man' make[3]: Entering directory '/root/mlvpn/man' make[3]: Nothing to be done for 'install-exec-am'. /bin/mkdir -p '/usr/local/share/man/man1' /usr/bin/install -c -m 644 mlvpn.1 '/usr/local/share/man/man1' /bin/mkdir -p '/usr/local/share/man/man5' /usr/bin/install -c -m 644 mlvpn.conf.5 '/usr/local/share/man/man5' make[3]: Leaving directory '/root/mlvpn/man' make[2]: Leaving directory '/root/mlvpn/man' Making install in doc make[2]: Entering directory '/root/mlvpn/doc' Making install in examples make[3]: Entering directory '/root/mlvpn/doc/examples' Making install in systemd make[4]: Entering directory '/root/mlvpn/doc/examples/systemd' make[5]: Entering directory '/root/mlvpn/doc/examples/systemd' make[5]: Nothing to be done for 'install-exec-am'. /bin/mkdir -p '/lib/systemd/system-generators' /usr/bin/install -c mlvpn-generator '/lib/systemd/system-generators' /bin/mkdir -p '/lib/systemd/system' /usr/bin/install -c -m 644 mlvpn.service mlvpn@.service '/lib/systemd/system' /bin/mkdir -p '/usr/lib/tmpfiles.d' /usr/bin/install -c -m 644 mlvpn.conf '/usr/lib/tmpfiles.d' make[5]: Leaving directory '/root/mlvpn/doc/examples/systemd' make[4]: Leaving directory '/root/mlvpn/doc/examples/systemd' make[4]: Entering directory '/root/mlvpn/doc/examples' make[5]: Entering directory '/root/mlvpn/doc/examples' make[5]: Nothing to be done for 'install-exec-am'. /bin/mkdir -p '/usr/local/share/doc/mlvpn' /usr/bin/install -c -m 644 mlvpn.conf mlvpn_updown.sh mlvpn.init.d mlvpn.default mlvpn.rc '/usr/local/share/doc/mlvpn' make[5]: Leaving directory '/root/mlvpn/doc/examples' make[4]: Leaving directory '/root/mlvpn/doc/examples' make[3]: Leaving directory '/root/mlvpn/doc/examples' make[3]: Entering directory '/root/mlvpn/doc' make[4]: Entering directory '/root/mlvpn/doc' make[4]: Nothing to be done for 'install-exec-am'. make[4]: Nothing to be done for 'install-data-am'. make[4]: Leaving directory '/root/mlvpn/doc' make[3]: Leaving directory '/root/mlvpn/doc' make[2]: Leaving directory '/root/mlvpn/doc' make[2]: Entering directory '/root/mlvpn' make[3]: Entering directory '/root/mlvpn' make[3]: Nothing to be done for 'install-exec-am'. /bin/mkdir -p '/usr/local/share/doc/mlvpn' /usr/bin/install -c -m 644 AUTHORS README.md README.OpenBSD.md README.NetBSD.md README.debug.md README.Debian '/usr/local/share/doc/mlvpn' make[3]: Leaving directory '/root/mlvpn' make[2]: Leaving directory '/root/mlvpn' make[1]: Leaving directory '/root/mlvpn'
Bonjour,
Après avoir eu du mal a complier via le git, libsodium qui ne voulait pas etc j'ai réussi a aller au bout sans erreur mais aucun fichier de conf présent dans /etc/mlvpn je l'ai ai donc crée et mis les bons droits sur l'utilisateur root mais quand je lance le client via la commande mlvpn --user root -c /etc/mlvpn/mlvpn.conf rien ne se passe, aucun fichier log de créer. (Si je n'indique rien ou le mauvais utilisateur j'ai bien des messages d'erreur).
Voici les fichiers de conf, une idée ?
mlvpn.conf :
statuscommand = "/etc/mlvpn/mlvpn_updown.sh" mode = "client" protocol = "udp" mtu = 1444 tuntap = "tun" loglevel = 4 interface_name = "mlvpn0" timeout = 30 cleartext_data = 0 reorder_buffer_size = 64 loss_tolerence = 40
[adsl1] bindhost = "192.168.1.222" remotehost = "xx.xxx.xx.xxx" remoteport = 5080
bandwidth_upload = 61440
bandwidth_download = 2200000
timeout = 25
latency_increase = 3
[adsl2] bindhost = "192.168.4.222" remotehost = "xx.xxx.xx.xxx" remoteport = 5081
bandwidth_upload = 61440
bandwidth_download = 2500000
fallback_only = 1
Et mlvpn_updown.sh
!/bin/bash
error=0; trap "error=$((error|1))" ERR tuntap_intf="$1" newstatus="$2" rtun="$3" [ -z "$newstatus" ] && exit 1 ( if [ "$newstatus" = "tuntap_up" ]; then echo "$tuntap_intf setup" /sbin/ifconfig $tuntap_intf 10.42.42.2 netmask 255.255.255.252 mtu 1444 up route add proof.ovh.net gw 10.42.42.2 elif [ "$newstatus" = "tuntap_down" ]; then echo "$tuntap_intf shutdown" route del proof.ovh.net gw 10.42.42.2 /sbin/ifconfig $tuntap_intf down elif [ "$newstatus" = "rtun_up" ]; then echo "rtun [${rtun}] is up" elif [ "$newstatus" = "rtun_down" ]; then echo "rtun [${rtun}] is down" fi ) >> /var/log/mlvpn_commands.log 2>&1 exit $errors