zehome
Routing Tables with MLVPN
I have been working on getting this set up for 3 months unsuccessfully (tried linux bonding, vtrunkd, and now mlvpn), and am reaching out to see if you can help me get over the last hurdle. I can get the two machines to connect... I just can't get the traffic to route through the mlvpn0 tunnel adapter. I have attached all of my relevant configuration and the connection debug logs at the bottom of this thread.
It is a slightly modified version of the tutorial using two interfaces (eth1 and eth2).
Clearly it is the route and the iptables an I'm in the deep end...
@zehome Please help.
eth0 173.239.1.1
+---------------+
+----------->| Fast internet |--> IN/OUT
| +---------------+
mlvpn0 |
+--------------+---+
+------>| MLVPN EC2 Ubuntu |<------+
| | server 52.35.1.1 | |
| +------------------+ |
| ^ ^ |
| | T A | |
+--------+---------+ | U G | +---------+--------+
| 4G LTE 1 (link1) | | N G | | 4G LTE 2 (link2) |
+------------------+ | / R | +------------------+
192.168.10.0/24 | T E | 192.168.11.0/24
^ | A G | ^
| | P A | |
| | T | |
| | E | |
internet 1| | D | | internet 2
| v mlvpn0 v |
| +--+--------+---+ |
+---------| MLVPN client |--------+
| Ubuntu Desktop|
+---------------+
eth1: 192.168.10.1 mlvpn0 | eth2: 192.168.11.1
|
| eth0: 192.168.2.1
+-------------------+ |
| LAN 192.168.2.0 |<----------+
+-------------------+
client: mlvpn.conf
[general]
statuscommand = "/usr/local/sbin/mlvpn/share/doc/mlvpn/mlvpn_updown.sh"
mode = "client"
mtu = 1444
tuntap = "tun"
interface_name = "mlvpn0"
timeout = 30
password = "pleasechangeme"
cleartext_data = 1
reorder_buffer_size = 64
loss_tolerance = 50
[filters]
[link1]
bindhost = "192.168.10.2"
remotehost = "52.35.1.1"
remoteport = "6001"
[link2]
bindhost = "192.168.11.2"
remotehost = "52.35.1.1"
remoteport = "6002"
client: iptables
sudo iptables -A INPUT -i mlvpn0 -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i lo -o mlvpn0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
server: mlvpn.conf
[general]
statuscommand = "/usr/local/sbin/mlvpn/share/doc/mlvpn/mlvpn_updown.sh"
mode = "server"
mtu = 1444
tuntap = "tun"
interface_name = "mlvpn0"
timeout = 30
password = "pleasechangeme"
cleartext_data = 1
reorder_buffer_size = 64
loss_tolerence = 50
[filters]
[link1]
bindhost = "0.0.0.0"
bindport = 6001
[link2]
bindhost = "0.0.0.0"
bindport = 6002
server: iptables
sudo iptables -A INPUT -i mlvpn0 -j ACCEPT
sudo iptables -A INPUT -i eth0 -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i mlvpn -o eth0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
client: ip route show table link1
default via 192.168.10.1 dev eth1
192.168.10.0/24 dev eth1 scope link
client: ip route show table link2
default via 192.168.11.2 dev eth2
192.168.11.0/24 dev eth2 scope link
client: ip route show table main
default via dev mlvpn0
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.2
192.168.11.0/24 dev eth1 proto kernel scope link src 192.168.11.2
server: start
sudo mlvpn --user ubuntu -c /usr/local/sbin/mlvpn/share/doc/mlvpn/mlvpn.conf --debug -Dprotocol -v
client: start
sudo mlvpn --user mylogin -c /usr/local/sbin/mlvpn/share/doc/mlvpn/mlvpn.conf --debug -Dprotocol -v
server: debug output
2017-07-16T05:26:11 [ DBG] absolute maximum mtu: 1444
2017-07-16T05:26:11 [INFO/config] new password set
2017-07-16T05:26:11 [INFO/config] reorder_buffer_size changed from 0 to 64
2017-07-16T05:26:11 [INFO/config] link1 tunnel added
2017-07-16T05:26:11 [INFO/config] link2 tunnel added
2017-07-16T05:26:11 [INFO] created interface `mlvpn0'
2017-07-16T05:26:11 [INFO] link1 bind to 0.0.0.0
2017-07-16T05:26:11 [INFO] link2 bind to 0.0.0.0
2017-07-16T05:26:18 [INFO/protocol] link1 new connection -> XXX.XXX.XXX.XXX:XXXXX
2017-07-16T05:26:18 [ DBG/net] < link1 recv 46 bytes (type=0, seq=0, reorder=0)
2017-07-16T05:26:18 [ DBG/protocol] link1 sending 'OK'
2017-07-16T05:26:18 [INFO/protocol] link1 authenticated
2017-07-16T05:26:18 [ DBG/net] > link1 sent 46 bytes (size=2, type=1, seq=0, reorder=0)
2017-07-16T05:26:18 [INFO/protocol] link2 new connection -> XXX.XXX.XXX.XXX:XXXXX
2017-07-16T05:26:18 [ DBG/net] < link2 recv 46 bytes (type=0, seq=0, reorder=0)
2017-07-16T05:26:18 [ DBG/protocol] link2 sending 'OK'
2017-07-16T05:26:18 [INFO/protocol] link2 authenticated
2017-07-16T05:26:18 [ DBG/net] > link2 sent 46 bytes (size=2, type=1, seq=0, reorder=0)
2017-07-16T05:26:18 [ DBG/rtt] 112ms srtt 112ms loss ratio: 0
2017-07-16T05:26:18 [ DBG/net] < link1 recv 76 bytes (type=3, seq=0, reorder=0)
2017-07-16T05:26:18 [ DBG/tuntap] mlvpn0 > sent 48 bytes
2017-07-16T05:26:18 [ DBG/reorder] adjusting reordering drain timeout to 672ms
2017-07-16T05:26:19 [ DBG/reorder] adjusting reordering drain timeout to 672ms
2017-07-16T05:26:20 [ DBG/protocol] link1 sending keepalive
2017-07-16T05:26:20 [ DBG/reorder] adjusting reordering drain timeout to 672ms
2017-07-16T05:26:20 [ DBG/protocol] link2 sending keepalive
2017-07-16T05:26:20 [ DBG/net] > link2 sent 44 bytes (size=0, type=2, seq=0, reorder=0)
2017-07-16T05:26:20 [ DBG/net] > link1 sent 44 bytes (size=0, type=2, seq=0, reorder=0)
2017-07-16T05:26:21 [ DBG/rtt] 330ms srtt 139ms loss ratio: 0
2017-07-16T05:26:21 [ DBG/net] < link1 recv 44 bytes (type=2, seq=0, reorder=0)
2017-07-16T05:26:21 [ DBG/protocol] link1 keepalive received
2017-07-16T05:26:21 [ DBG/protocol] link1 sending keepalive
2017-07-16T05:26:21 [ DBG/rtt] 304ms srtt 304ms loss ratio: 0
2017-07-16T05:26:21 [ DBG/net] < link2 recv 44 bytes (type=2, seq=0, reorder=0)
2017-07-16T05:26:21 [ DBG/protocol] link2 keepalive received
2017-07-16T05:26:21 [ DBG/protocol] link2 sending keepalive
2017-07-16T05:26:21 [ DBG/reorder] adjusting reordering drain timeout to 1050ms
2017-07-16T05:26:21 [ DBG/reorder] adjusting reordering drain timeout to 1824ms
client: debug ouput
2017-07-16T05:17:40 [ DBG] absolute maximum mtu: 1444
2017-07-16T05:17:40 [INFO/config] new password set
2017-07-16T05:17:40 [INFO/config] reorder_buffer_size changed from 0 to 64
2017-07-16T05:17:40 [INFO/config] link1 tunnel added
2017-07-16T05:17:40 [INFO/config] link2 tunnel added
2017-07-16T05:17:40 [INFO] created interface `mlvpn0'
2017-07-16T05:17:40 [INFO] link1 bind to 192.168.10.2
2017-07-16T05:17:40 [ DBG/protocol] link1 mlvpn_rtun_challenge_send
2017-07-16T05:17:40 [INFO] link2 bind to 192.168.11.2
2017-07-16T05:17:40 [ DBG/protocol] link2 mlvpn_rtun_challenge_send
2017-07-16T05:17:40 [ DBG/net] > link2 sent 46 bytes (size=2, type=0, seq=0, reorder=0)
2017-07-16T05:17:40 [ DBG/net] > link1 sent 46 bytes (size=2, type=0, seq=0, reorder=0)
2017-07-16T05:17:40 [ DBG/rtt] 114ms srtt 114ms loss ratio: 0
2017-07-16T05:17:40 [ DBG/net] < link2 recv 46 bytes (type=1, seq=0, reorder=0)
2017-07-16T05:17:40 [INFO/protocol] link2 authenticated
2017-07-16T05:17:40 [ DBG/rtt] 141ms srtt 141ms loss ratio: 0
2017-07-16T05:17:40 [ DBG/net] < link1 recv 46 bytes (type=1, seq=0, reorder=0)
2017-07-16T05:17:40 [INFO/protocol] link1 authenticated
2017-07-16T05:17:40 [ DBG/net] > link2 sent 76 bytes (size=48, type=3, seq=0, reorder=0)
2017-07-16T05:17:41 [ DBG/reorder] adjusting reordering drain timeout to 846ms
2017-07-16T05:17:41 [ DBG/reorder] adjusting reordering drain timeout to 684ms
2017-07-16T05:17:42 [ DBG/reorder] adjusting reordering drain timeout to 684ms
2017-07-16T05:17:42 [ DBG/reorder] adjusting reordering drain timeout to 846ms
2017-07-16T05:17:42 [ DBG/net] < link1 recv 44 bytes (type=2, seq=0, reorder=0)
2017-07-16T05:17:42 [ DBG/protocol] link1 keepalive received
2017-07-16T05:17:42 [ DBG/protocol] link1 sending keepalive
2017-07-16T05:17:42 [ DBG/net] < link2 recv 44 bytes (type=2, seq=0, reorder=0)
2017-07-16T05:17:42 [ DBG/protocol] link2 keepalive received
2017-07-16T05:17:42 [ DBG/protocol] link2 sending keepalive
2017-07-16T05:17:43 [ DBG/reorder] adjusting reordering drain timeout to 846ms
2017-07-16T05:17:43 [ DBG/reorder] adjusting reordering drain timeout to 684ms
2017-07-16T05:17:43 [ DBG/net] > link2 sent 44 bytes (size=0, type=2, seq=0, reorder=0)
2017-07-16T05:17:43 [ DBG/net] > link1 sent 44 bytes (size=0, type=2, seq=0, reorder=0)
2017-07-16T05:17:43 [ DBG/rtt] 125ms srtt 115ms loss ratio: 0
2017-07-16T05:17:43 [ DBG/net] < link2 recv 44 bytes (type=2, seq=0, reorder=0)
2017-07-16T05:17:43 [ DBG/protocol] link2 keepalive received
2017-07-16T05:17:43 [ DBG/rtt] 155ms srtt 142ms loss ratio: 0
2017-07-16T05:17:43 [ DBG/net] < link1 recv 44 bytes (type=2, seq=0, reorder=0)
2017-07-16T05:17:43 [ DBG/protocol] link1 keepalive received
2017-07-16T05:17:44 [ DBG/reorder] adjusting reordering drain timeout to 595ms
2017-07-16T05:17:44 [ DBG/reorder] adjusting reordering drain timeout to 736ms
2017-07-16T05:17:44 [ DBG/net] > link2 sent 76 bytes (size=48, type=3, seq=0, reorder=0)
I can't answer your question directly, but - my feeling is you need a firewall on your 'router' (Ubuntu desktop). I used shorewall (there is a wiki page about it, and a couple of issues that helped me get to an answer). It might help you. (https://github.com/zehome/MLVPN/wiki/Using-MLVPN-and-Shorewall) BTW, Do you need encryption on this link? Your data will go across 'fast internet' unencrypted anyway?
Were you able to get this resolved? I am having the same issue. I can see packets arrive on the server but don;t seem to get forward to the internet.
Same here. Interestingly I can ping all my local machines from the server, but I can't ping the server from the local machine. Which doesn't really make sense to me.
it can happen if you don't specify correctly the source ip address when you do a "ping".
You need to run a tcpdump on the tunnel interface in order to know what is going on
Also ran into this problem. After applying your server iptables commands it started to work. But I had to correct a tiny typo which might be crucial here:
sudo iptables -A FORWARD -i mlvpn0 -o eth0 -j ACCEPT
Note the mlvpn0!
And also had to enable IP4 forwarding which seems disabled by default. Make sure net.ipv4.ip_forward = 1 is set in /etc/sysctl.conf.
Ultimately couldn't succeed with MLVPN. Got a solution to work very nicely based on Linux Ethernet Bonding, OpenVPN and FireHOL.
I am testing openMPTCProuter. So far it seems to be working well.
From: legolas108 [mailto:[email protected]] Sent: Thursday, August 01, 2019 10:09 AM To: zehome/MLVPN Cc: tabbertmj; Comment Subject: Re: [zehome/MLVPN] Routing Tables with MLVPN (#103)
Ultimately couldn't succeed with MLVPN. Got a solution to work very nicelyhttps://serverfault.com/questions/977589/how-to-bond-two-multiple-internet-connections-for-increased-speed-and-failover based on Linux Ethernet Bonding, OpenVPN and FireHOL.
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/zehome/MLVPN/issues/103?email_source=notifications&email_token=AH2JGU7OAUWT3QG2PSOU56TQCL37ZA5CNFSM4DT3STT2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3K5AQY#issuecomment-517328963, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AH2JGU7LURJYCADKQDPS4YTQCL37ZANCNFSM4DT3STTQ.
Give ubond a spin, see if it works for you. it's based on mlvpn. https://github.com/markfoodyburton/ubond I dont know why you found mlvpn didn't work for you.