openmptcprouter-vps
openmptcprouter-vps copied to clipboard
Ysurac
Question: How to configure when no public VPS connection?
Hi,
Please, can you consider to write some guide/how-to about this scenario?
/--- WAN 1 ---(INTERNET) ---\
OpenMptcpRouter ---| |--- Public IP ---(NAT)---> VPS (private IP)
\--- WAN 2 ---(INTERNET) ---/
I like to install the VPS in a server inside a private network. The VPS instance will have only one internal IP, public access to Internet (over NAT), and some TCP/UDP ports redirected from the Router/Firewall with the Public IP.
As I see the current implementation requires a full public IP connection in the VPS.
Thank you.
This should work with current implementation if you redirect needed ports from the router/firewall to the VPS.
This should work with current implementation if you redirect needed ports from the router/firewall to the VPS.
Yes! Now, I see it #11 . Thank you! :wink:
However, I just need to know the different possible configurations. For example:
- TCP only: SSH server + OMR JSON admin + OpenVPN.
- UDP option A: SSH server + OMR JSON admin + ...
I suspect not all ports are required. Perhaps you can update the list with "optional" or "required" label.
Regards.
Default configuration use 65222 SSH port (if you want ssh access), 65101 TCP shadowsocks ports (and UDP as failover), 65001 Glorytun TCP port and the 65500 Server admin TCP port. Then there is many choices possible and even more if you install optional OpenVPN and/or MLVPN.
Default configuration use 65222 SSH port (if you want ssh access), 65101 TCP shadowsocks ports (and UDP as failover), 65001 Glorytun TCP port and the 65500 Server admin TCP port. Then there is many choices possible and even more if you install optional OpenVPN and/or MLVPN.
OK. But still in doubt:
- SSH: I feel without it will be impossible to manage the VPS server, right? So, it's required.
- OMR JSON admin: I'm sure this (65500/tcp) is a must-have now!
- Shadowsocks: Only required when using it.
- GloryTUN: Only required when using it.
- OpenVPN: Only required when using it.
- MLVPN: Only required when using it.
So, I name the most simple "TCP only" to SSH+OMR+OpenVPN as with multiple OpenVPN connections it's possible to run MPTCP on top of it. I'm correct?
Yes, but I doesn't recommend using OpenVPN, it's not the best to get full speed.
Yes, but I doesn't recommend using OpenVPN, it's not the best to get full speed.
Yes. I know it! However, I can use only TCP for some of my WAN connections (only UDP in the Master). Then my only option is to use OpenVPN in TCP mode.
Any other option?
Yes: the default configuration. By default all is over TCP to use MPTCP. You can disable Shadowsocks UDP failover by settings "tcp_only" mode for all ss-redir instances in interface.
Yes: the default configuration. By default all is over TCP to use MPTCP. You can disable Shadowsocks UDP failover by settings "tcp_only" mode for all ss-redir instances in interface.
Sorry. I don't explained all... "TCP only", in my case is "TCP over HTTP proxy". Sorry for the confusion! In this case, I feel just one solution is available: 1 Master connection, plus multiple secondary OpenVPN connections over HTTP proxy; and MPTCP on-top-of-all.
Or you can recommend another solution?
So MPTCP over VPN TCP over HTTP over TCP. Not sure how this can work well ;) I would say: Good luck, and tell me if something work. I have really no idea what we can do with this configuration, I would need to make lot of tests.
Sure! I'll do.
However, I don't have any other alternative: only Master connection (ADSL) has full TCP/UDP access. All the rest are HTTP proxy (one cable, one wifi). So to aggregate them, the best (I feel) is MPTCP over: 1) Master (transparent), 2) & 3) OpenVPN TCP mode over HTTP.
In any case, OpenVPN TCP over HTTP is like a simple VPN over TCP. As the OpenVPN connection (socket) is passed over the chain (HTTP over TCP) as a stream. So just one IP-over-TCP layer. Remember: that's not IP-over-TCP-over-TCP !!