ansible-tunsafe
ansible-tunsafe copied to clipboard
Freekers
No internet access after successful connection
I hosted my own server on Debian 10. Client is connected successfully and everything seems correct, but there is no internet connection available.
hosts file (without comments):
[tunsafe]
127.0.0.1 ansible_connection=local
[tunsafe:vars]
udp=995
tcp=443
dns=8.8.8.8
ufw=false
ansible_python_interpreter=/usr/bin/python3
Server configuration after tunsafe start on server:
root@hostname:~# tunsafe --version
TunSafe 1.5-rc2
root@hostname:~/ansible-tunsafe# ip a
1: lo: ...
2: eth0: ...
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.100.100.1/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 x::x:x:x:x/64 scope link stable-privacy
valid_lft forever preferred_lft forever
root@hostname:~/ansible-tunsafe# ip link
1: lo: ...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500
link/none
root@hostname:~/ansible-tunsafe# ip route
default via x.x.x.1 dev eth0 onlink
10.100.100.0/24 dev tun0 proto kernel scope link src 10.100.100.1
x.x.x.0/24 dev eth0 proto kernel scope link src x.x.x.90
root@hostname:~/ansible-tunsafe# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
root@hostname:~/ansible-tunsafe# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@hostname:~/ansible-tunsafe# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
root@hostname:~/ansible-tunsafe# tunsafe show
interface: tun0
public key: eaRHE5boMhDi2RdXO1sSF7kYupb97163cEAbHy1oWxA=
private key: (hidden)
listening port: 995
address: 10.100.100.1/24
peer: eMkANZxk7kgeGm1o0CYPXwvvMqDZxcc44cJ5BB3rJXo=
preshared key: (hidden)
endpoint: x.x.x.x:51350
allowed ips: 10.100.100.2/24
latest handshake: 1 minute, 50 seconds ago
transfer: 64.64 KiB received, 2.00 KiB sent
Client's log:
[09:40:09] Loading file: C:\Program Files\TunSafe\Config\TCP.conf
[09:40:09] TAP Driver Version 9.21
[09:40:09] Blocking standard DNS on all adapters
[09:40:09] Added Route 0.0.0.0/1 => 10.100.100.2
[09:40:09] Added Route 128.0.0.0/1 => 10.100.100.2
[09:40:09] Added Route x.x.x.x/32 => 10.0.2.2
[09:40:09] Sending handshake...
[09:40:09] Connecting to tcp://x.x.x.x...
[09:40:10] Connection established. IP 10.100.100.1
What I tried:
- With and without ufw
- Ubuntu 18 and Debian 10 as servers
- Windows (1.5-rc2) and Android (1.0 latest apk from website) as clients
- Setting allowed-ips to 0.0.0.0/0 for peer on server
- Disable ipv6 for tun0
- Reboot, restart server, reinstall os and packages
Where could be the problem and why I can not access internet using my hosted server?
Thanks for the elaborate issue report, I appreciate it.
Are you able to ping your DNS from the client? I.e. ping 8.8.8.8 from the client?
No, ping does not pass. I wanted to try to ping another client inside vpn (10.100.100.x), but failed to make correct second peer config. I tried commands
root@chinatest:~# tunsafe genkey
<private_key>
root@chinatest:~# echo "<private_key>" | tunsafe pubkey
<public_key>
root@chinatest:~# tunsafe genpsk
<preshared_key>
Then I modified PrivateKey, PublicKey, PresharedKey inside config - handshake failed. Also tried changing ip from 10.100.100.1 to 10.100.100.2 and still fail.
