diff --git a/how-to-use-glorytun.md b/how-to-use-glorytun.md new file mode 100644 index 0000000..4bb912d --- /dev/null +++ b/how-to-use-glorytun.md @@ -0,0 +1,167 @@ +wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin +mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun +chmod +x glorytun + +**so my configs, server side:** + +first create key +./glorytun keygen > gt.key + +after run glorytun with bind server ip and port and tun interface (if need) , i use chacha, aes my client is not support.. +./glorytun bind 195.245.103.245 55055 dev tun0 keyfile gt.key chacha + +adding ip address to tun0 interface: +ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up + +route traffic from glorytun tunnel (tun0) to internet (eth0): +masqarade traffic from glorytun tunnel to internet: +iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE +accept input traffic from tun0 interface: +iptables -I INPUT -i tun0 -j ACCEPT +enable forward traffic between tun0 (glorytun) and eth0(internet) interfaces: + +iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT +iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT +**client side (now all manualy run for debug):** +running glorytun from client (gt.key same as on server gt.key): +./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha + +running on device tun0 as pid 4019 + +adding ip address to tun0 interface: +ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up +check interface is create and up, also check ip and other info with this command: +ip a + +tun0: mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500 +link/none +inet 10.0.1.2 peer 10.0.1.1/32 scope global tun0 +valid_lft forever preferred_lft forever + +adding first path: +./glorytun path up 192.168.1.100 rate tx 50mbit rx 50mbit + +check tunnel connection with server ip: +ping 10.0.1.1 + +PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. +64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=49.4 ms +64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=50.2 ms +64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=54.3 ms +64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=60.3 ms +64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=52.8 ms + +check first path: +./glorytun path +path UP +status: OK +bind: 192.168.1.100 port 5000 +public: xxx.xxx.144.148 port 36085 +peer: 195.245.103.245 port 55055 +mtu: 1472 bytes +rtt: 53.901 ms +rttvar: 6.090 ms +tx: +rate: 6250000 bytes/sec +loss: 0 percent +total: 120 packets +rx: +rate: 6250000 bytes/sec +loss: 0 percent +total: 79 packets + +trying to add second path, he automaticaly take first status: DEGRADED i think it's okey, so after i try ping 10.0.1.1, and re-check status, second path status OK, so multi-path is worked! :-) +./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit + +./glorytun path +path UP +status: OK +bind: 192.168.1.100 port 5000 +public: xxx.xxx.144.148 port 36085 +peer: 195.245.103.245 port 55055 +mtu: 1472 bytes +rtt: 88.470 ms +rttvar: 68.228 ms +tx: +rate: 6250000 bytes/sec +loss: 0 percent +total: 156 packets +rx: +rate: 6250000 bytes/sec +loss: 0 percent +total: 107 packets +path UP +status: DEGRADED +bind: 192.168.2.100 port 5000 +public: - port 0 +peer: 195.245.103.245 port 55055 +mtu: 1302 bytes +rtt: 0.000 ms +rttvar: 0.000 ms +tx: +rate: 6250000 bytes/sec +loss: 0 percent +total: 0 packets +rx: +rate: 6250000 bytes/sec +loss: 0 percent +total: 0 packets + +i try to ping server from tunnel +ping 10.0.1.1 +PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. +64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=51.7 ms +64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=48.3 ms +64 bytes from 10.0.1.1: icmp_seq=6 ttl=64 time=49.0 ms + +and check after glorytun second path +./glorytun path +path UP +status: OK +bind: 192.168.1.100 port 5000 +public: xxx.xxx.144.148 port 15757 +peer: 195.245.103.245 port 55055 +mtu: 1472 bytes +rtt: 58.416 ms +rttvar: 6.057 ms +tx: +rate: 6250000 bytes/sec +loss: 3 percent +total: 273 packets +rx: +rate: 6250000 bytes/sec +loss: 0 percent +total: 153 packets +path UP +status: OK +bind: 192.168.2.100 port 5000 +public: xxx.xxx.156.25 port 3506 +peer: 195.245.103.245 port 55055 +mtu: 1472 bytes +rtt: 50.682 ms +rttvar: 5.899 ms +tx: +rate: 6250000 bytes/sec +loss: 3 percent +total: 113 packets +rx: +rate: 6250000 bytes/sec +loss: 6 percent +total: 72 packets + +both path is up, but wget and other http/https traffic is not go, so i try to add "standard commands" for client with tunnel: + +#remove default route +sudo ip route del default +#add default route with glorytun only +sudo ip route add default via 10.0.1.1 dev tun0 +#masqarade local net traffic +iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE +#enable local traffic route with tunnel +iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT +iptables -A INPUT -p icmp -j ACCEPT +iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT +iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +#forward all local traffic (from bridge or lan network interface) to glorytun tunnel +iptables -A FORWARD -i bg0 -o tun0 -j ACCEPT +All is work, Adrien BIG THANK TO YOU for you work :-) \ No newline at end of file