miegl/glorytun
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

client part (first edition) is end.

ITz
2019-12-30 17:22:11 +03:00
parent 0efb700a33
commit 511cb91f09
1 changed files with 129 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
How-to-use-glorytun-with-2-isp-(draft).md

@@ -8,12 +8,12 @@ Client (Router) and Server (VPS) both using Ubuntu LTE 18.04 x64, you may use ot
**Client hardware configuration:** 3 NIC, 512 Ram, 2 Ghz cpu, 32gb usb flash drive for install os, you may use old pc..
* 1 nic enp2s0 with ip 10.10.10.1 connected to lan/router
* 2 nic enp6s0 192.168.1.1 and 3 nic enp6s1 192.168.2.1 connected with ISP cable from isp router, also it's may be modems with ethernet interfaces
* 2 nic enp6s0 with ip 192.168.1.100 and 3 nic enp6s1 with ip 192.168.2.100 connected with ISP cable from isp router, also it's may be modems with ethernet interfaces
for best results, both of your connections with your Internet service providers should be as similar as possible, on technical characteristics like ping, bandwidth, upload/download (rx/tx) and etc, it is very important!
**Server hardware configuration:** 1 Gigabit NIC with 1 IPv4 address, 512 Ram, 1-2 Ghz cpu, 10gb ssd, based on kvm or xen or solusvm virtualizator
**Server hardware configuration:** 1 Gigabit NIC with 1 IPv4 address, 512 Ram, 1-2 Ghz cpu, 10gb ssd, based on kvm or xen or vmware virtualizator
* 1 nic eth0 with ip 195.245.103.245 connected to internet
for best results, both of your connections with your Internet service providers should have minimal ping to your server, this is very important!
@@ -27,7 +27,7 @@ We be use pre-compiled version of glorytun 0.2.2, for client and server, all com
## **Server side:**
Login to your VPS with SSH as root user
login to your VPS with SSH as root user
`ssh root@195.245.103.245`
@@ -48,6 +48,11 @@ make executable
first create encryption key
`./glorytun keygen > gt.key`
see gt.key file content with this command, and save it for use with client
`cat gt.key`
`73C658C12F77FD5B60AD1A03E3FEFFAA74C46674F6503DB1D8FADD775965DB28`
run glorytun with bind server ip 195.245.103.245 and port 55055 and tun0 interface (if need), i use chacha encryption, aes my client is not support, you may don't indicate port and tun interface:
`./glorytun bind 195.245.103.245 55055 dev tun0 keyfile gt.key chacha &`
@@ -76,9 +81,11 @@ iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
## **Client side:**
Now, we need to configure Ubuntu OS to using 2 ISP, for this we turn to LARTC (Linux Advanced Routing & Traffic Control), there are many different articles on this topic on the Internet, i will give one worked example of this configuration
Now, we need to configure Ubuntu OS to using 2 ISP, for this we turn to LARTC (Linux Advanced Routing & Traffic Control), there are many different articles on this topic on the Internet, i will give one worked example of this configuration, so login to your router with SSH as root user `ssh root@router`
1) edit file **/etc/iproute2/rt_tables** and adding two lines about our 2 ISP in system route table,
**Routing tables:**
edit file **/etc/iproute2/rt_tables** and adding two lines about our 2 ISP in system route table,
you may use pre-installed in Ubuntu **nano editor** for edit files, with this command:
`nano /etc/iproute2/rt_tables`
@@ -97,7 +104,7 @@ you may use pre-installed in Ubuntu **nano editor** for edit files, with this co
after edit, for save file press keyboard shortcut **Ctrl+O**, and **Ctrl+X** for exit, it's simple!
2) create this script for builds a traffic routing table:
**Create this script for builds a traffic routing table:**
`nano /root/dual_isp.sh`
@@ -175,6 +182,120 @@ then make our script executable:
and run it with this command:
`./dual_isp.sh`
**at this stage, we have completed the preparation Ubuntu OS on the client and proceed to install and configure Glorytun**
### **at this stage, we have completed the preparation Ubuntu OS on the client and proceed to install and configure Glorytun**
# ### soon
download glorytun binare file
`wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin`
rename it
`mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun`
make executable
`chmod +x glorytun`
**Now configuring glorytun**
first create encryption key identical as on server, with this command or use nano and paste saved from server contents of gt.key file
`sudo bash -c 'echo "73C658C12F77FD5B60AD1A03E3FEFFAA74C46674F6503DB1D8FADD775965DB28" > gt.key'`
run glorytun with server ip 195.245.103.245 and port 55055 and tun0 interface (if need), i use chacha encryption, aes my client is not support, you may don't indicate port and tun interface
`./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha &`
after running this command, press the "**Enter**" key again, so that the Glorytun continues to run as background-process
adding ip address to client tun0 interface, and up P2P tunnel to server ip 10.0.1.1 as gateway
`ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up`
adding first path with nic enp6s0, where rates tx - upload and rx - download, in this example i use equal values, but you need to use speedtest for more accurate values
`./glorytun path up 192.168.1.100 rate tx 50mbit rx 50mbit`
checking first path output
`./glorytun path`
**path UP**
**status: OK**
adding second path with nic enp6s1, he automaticaly take first status: DEGRADED it's okey, after you try to ping server ip 10.0.1.1, and re-check status, second path change status from DEGRADED to OK, see
`./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit`
checking second path output
`./glorytun path`
first path is UP and status OK
**path UP**
**status: OK**
but second path status UP and status DEGRADED
**path UP**
**status: DEGRADED**
try ping server ip 10.0.1.1 from client with glorytun tunnel, using this command
`ping 10.0.1.1 -c4`
after ping command is end, re-check glorytun second path output
`./glorytun path`
first path is UP and status OK
**path UP**
**status: OK**
second path status UP and status OK
**path UP**
**status: OK**
now, glorytun on client is fully configured, both path is up, but wget and other http/https traffic still don't work properly, so we need to run some routing commands on the client for use only glorytun tunnel
**Create this script to route traffic only through glorytun tunnel:**
`nano /root/gt_route.sh`
note: you may copy & paste this script with Bitvise SSH Client from Windows OS to Ubuntu OS, directly in Nano editor window
```
#script path: /root/gt_route.sh
#!/bin/sh
#!/bin/bash
#
#remove default route
sudo ip route del default
#add default route with glorytun only
sudo ip route add default via 10.0.1.1 dev tun0
#masqarade local net traffic
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
#enable local traffic route with tunnel
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#forward all local traffic (from bridge or lan network interface enp2s0) to glorytun tunnel
iptables -A FORWARD -i enp2s0 -o tun0 -j ACCEPT
```
after edit, for save file press keyboard shortcut **Ctrl+O**, and **Ctrl+X** for exit
then make our script executable:
`chmod +x gt_route.sh`
and run it with this command:
`./gt_route.sh`
### Troubleshoting and perfomance tests
# SOON