Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No internet access after successful connection #10

Open
Louie-ru opened this issue Jan 27, 2023 · 3 comments
Open

No internet access after successful connection #10

Louie-ru opened this issue Jan 27, 2023 · 3 comments

Comments

@Louie-ru
Copy link

I hosted my own server on Debian 10. Client is connected successfully and everything seems correct, but there is no internet connection available.

hosts file (without comments):

[tunsafe]
127.0.0.1 ansible_connection=local
[tunsafe:vars]
udp=995
tcp=443
dns=8.8.8.8
ufw=false
ansible_python_interpreter=/usr/bin/python3

Server configuration after tunsafe start on server:

root@hostname:~# tunsafe --version
TunSafe 1.5-rc2

root@hostname:~/ansible-tunsafe# ip a
1: lo: ...
2: eth0: ...
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 10.100.100.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 x::x:x:x:x/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

root@hostname:~/ansible-tunsafe# ip link
1: lo: ...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500
    link/none 

root@hostname:~/ansible-tunsafe# ip route
default via x.x.x.1 dev eth0 onlink 
10.100.100.0/24 dev tun0 proto kernel scope link src 10.100.100.1 
x.x.x.0/24 dev eth0 proto kernel scope link src x.x.x.90 
root@hostname:~/ansible-tunsafe# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

root@hostname:~/ansible-tunsafe# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

root@hostname:~/ansible-tunsafe# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE

root@hostname:~/ansible-tunsafe# tunsafe show
interface: tun0
  public key: eaRHE5boMhDi2RdXO1sSF7kYupb97163cEAbHy1oWxA=
  private key: (hidden)
  listening port: 995
  address: 10.100.100.1/24

peer: eMkANZxk7kgeGm1o0CYPXwvvMqDZxcc44cJ5BB3rJXo=
  preshared key: (hidden)
  endpoint: x.x.x.x:51350
  allowed ips: 10.100.100.2/24
  latest handshake: 1 minute, 50 seconds ago
  transfer: 64.64 KiB received, 2.00 KiB sent

Client's log:

[09:40:09] Loading file: C:\Program Files\TunSafe\Config\TCP.conf
[09:40:09] TAP Driver Version 9.21 
[09:40:09] Blocking standard DNS on all adapters
[09:40:09] Added Route 0.0.0.0/1  =>  10.100.100.2
[09:40:09] Added Route 128.0.0.0/1  =>  10.100.100.2
[09:40:09] Added Route x.x.x.x/32  =>  10.0.2.2
[09:40:09] Sending handshake...
[09:40:09] Connecting to tcp://x.x.x.x...
[09:40:10] Connection established. IP 10.100.100.1

What I tried:

  • With and without ufw
  • Ubuntu 18 and Debian 10 as servers
  • Windows (1.5-rc2) and Android (1.0 latest apk from website) as clients
  • Setting allowed-ips to 0.0.0.0/0 for peer on server
  • Disable ipv6 for tun0
  • Reboot, restart server, reinstall os and packages

Where could be the problem and why I can not access internet using my hosted server?
@Freekers
Copy link
Owner

Thanks for the elaborate issue report, I appreciate it.

Are you able to ping your DNS from the client? I.e. ping 8.8.8.8 from the client?

@Louie-ru
Copy link
Author

Louie-ru commented Feb 1, 2023

No, ping does not pass. I wanted to try to ping another client inside vpn (10.100.100.x), but failed to make correct second peer config. I tried commands

root@chinatest:~# tunsafe genkey
<private_key>
root@chinatest:~# echo "<private_key>" | tunsafe pubkey
<public_key>
root@chinatest:~# tunsafe genpsk
<preshared_key>

Then I modified PrivateKey, PublicKey, PresharedKey inside config - handshake failed. Also tried changing ip from 10.100.100.1 to 10.100.100.2 and still fail.

@cheasonxie
Copy link

I have met the same problem, no internet after connected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Freekers @cheasonxie @Louie-ru