Created how to use glorytun (markdown)

2019-12-25 08:38:44 +08:00
parent 4483c7c51b
commit 1872a0b582
1 changed files with 167 additions and 0 deletions
--- a/how-to-use-glorytun.md
+++ b/how-to-use-glorytun.md
@@ -0,0 +1,167 @@
+wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin
+mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun
+chmod +x glorytun
+
+**so my configs, server side:**
+
+first create key
+./glorytun keygen > gt.key
+
+after run glorytun with bind server ip and port and tun interface (if need) , i use chacha, aes my client is not support..
+./glorytun bind 195.245.103.245 55055 dev tun0 keyfile gt.key chacha
+
+adding ip address to tun0 interface:
+ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up
+
+route traffic from glorytun tunnel (tun0) to internet (eth0):
+masqarade traffic from glorytun tunnel to internet:
+iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE
+accept input traffic from tun0 interface:
+iptables -I INPUT -i tun0 -j ACCEPT
+enable forward traffic between tun0 (glorytun) and eth0(internet) interfaces:
+
+iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
+iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
+**client side (now all manualy run for debug):**
+running glorytun from client (gt.key same as on server gt.key):
+./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha
+
+running on device tun0 as pid 4019
+
+adding ip address to tun0 interface:
+ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up
+check interface is create and up, also check ip and other info with this command:
+ip a
+
+tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500
+link/none
+inet 10.0.1.2 peer 10.0.1.1/32 scope global tun0
+valid_lft forever preferred_lft forever
+
+adding first path:
+./glorytun path up 192.168.1.100 rate tx 50mbit rx 50mbit
+
+check tunnel connection with server ip:
+ping 10.0.1.1
+
+PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
+64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=49.4 ms
+64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=50.2 ms
+64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=54.3 ms
+64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=60.3 ms
+64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=52.8 ms
+
+check first path:
+./glorytun path
+path UP
+status: OK
+bind: 192.168.1.100 port 5000
+public: xxx.xxx.144.148 port 36085
+peer: 195.245.103.245 port 55055
+mtu: 1472 bytes
+rtt: 53.901 ms
+rttvar: 6.090 ms
+tx:
+rate: 6250000 bytes/sec
+loss: 0 percent
+total: 120 packets
+rx:
+rate: 6250000 bytes/sec
+loss: 0 percent
+total: 79 packets
+
+trying to add second path, he automaticaly take first status: DEGRADED i think it's okey, so after i try ping 10.0.1.1, and re-check status, second path status OK, so multi-path is worked! :-)
+./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit
+
+./glorytun path
+path UP
+status: OK
+bind: 192.168.1.100 port 5000
+public: xxx.xxx.144.148 port 36085
+peer: 195.245.103.245 port 55055
+mtu: 1472 bytes
+rtt: 88.470 ms
+rttvar: 68.228 ms
+tx:
+rate: 6250000 bytes/sec
+loss: 0 percent
+total: 156 packets
+rx:
+rate: 6250000 bytes/sec
+loss: 0 percent
+total: 107 packets
+path UP
+status: DEGRADED
+bind: 192.168.2.100 port 5000
+public: - port 0
+peer: 195.245.103.245 port 55055
+mtu: 1302 bytes
+rtt: 0.000 ms
+rttvar: 0.000 ms
+tx:
+rate: 6250000 bytes/sec
+loss: 0 percent
+total: 0 packets
+rx:
+rate: 6250000 bytes/sec
+loss: 0 percent
+total: 0 packets
+
+i try to ping server from tunnel
+ping 10.0.1.1
+PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
+64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=51.7 ms
+64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=48.3 ms
+64 bytes from 10.0.1.1: icmp_seq=6 ttl=64 time=49.0 ms
+
+and check after glorytun second path
+./glorytun path
+path UP
+status: OK
+bind: 192.168.1.100 port 5000
+public: xxx.xxx.144.148 port 15757
+peer: 195.245.103.245 port 55055
+mtu: 1472 bytes
+rtt: 58.416 ms
+rttvar: 6.057 ms
+tx:
+rate: 6250000 bytes/sec
+loss: 3 percent
+total: 273 packets
+rx:
+rate: 6250000 bytes/sec
+loss: 0 percent
+total: 153 packets
+path UP
+status: OK
+bind: 192.168.2.100 port 5000
+public: xxx.xxx.156.25 port 3506
+peer: 195.245.103.245 port 55055
+mtu: 1472 bytes
+rtt: 50.682 ms
+rttvar: 5.899 ms
+tx:
+rate: 6250000 bytes/sec
+loss: 3 percent
+total: 113 packets
+rx:
+rate: 6250000 bytes/sec
+loss: 6 percent
+total: 72 packets
+
+both path is up, but wget and other http/https traffic is not go, so i try to add "standard commands" for client with tunnel:
+
+#remove default route
+sudo ip route del default
+#add default route with glorytun only
+sudo ip route add default via 10.0.1.1 dev tun0
+#masqarade local net traffic
+iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
+#enable local traffic route with tunnel
+iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
+iptables -A INPUT -p icmp -j ACCEPT
+iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+#forward all local traffic (from bridge or lan network interface) to glorytun tunnel
+iptables -A FORWARD -i bg0 -o tun0 -j ACCEPT
+All is work, Adrien BIG THANK TO YOU for you work :-)