diff --git a/how-to-use-glorytun.md b/how-to-use-glorytun.md index ab3410f..524afd7 100644 --- a/how-to-use-glorytun.md +++ b/how-to-use-glorytun.md @@ -1,6 +1,8 @@ -wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin -mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun -chmod +x glorytun +`wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin` + +`mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun` + +`chmod +x glorytun` **so my configs, server side:** @@ -21,23 +23,32 @@ masqarade traffic from glorytun tunnel to internet: `iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE` -`accept input traffic from tun0 interface:` +accept input traffic from tun0 interface: `iptables -I INPUT -i tun0 -j ACCEPT` + enable forward traffic between tun0 (glorytun) and eth0(internet) interfaces: -iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT -iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT +`iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT` + +`iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT` + + **client side (now all manualy run for debug):** + running glorytun from client (gt.key same as on server gt.key): -./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha + +`./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha` running on device tun0 as pid 4019 adding ip address to tun0 interface: -ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up + +`ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up` + check interface is create and up, also check ip and other info with this command: -ip a + +`ip a` tun0: mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500 link/none @@ -45,129 +56,240 @@ inet 10.0.1.2 peer 10.0.1.1/32 scope global tun0 valid_lft forever preferred_lft forever adding first path: -./glorytun path up 192.168.1.100 rate tx 50mbit rx 50mbit + +`./glorytun path up 192.168.1.100 **rate** tx 50mbit rx 50mbit` check tunnel connection with server ip: -ping 10.0.1.1 + +`ping 10.0.1.1` PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. + 64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=49.4 ms + 64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=50.2 ms + 64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=54.3 ms + 64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=60.3 ms + 64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=52.8 ms check first path: -./glorytun path + +`./glorytun path` + path UP + status: OK + bind: 192.168.1.100 port 5000 + public: xxx.xxx.144.148 port 36085 + peer: 195.245.103.245 port 55055 + mtu: 1472 bytes + rtt: 53.901 ms + rttvar: 6.090 ms + tx: + rate: 6250000 bytes/sec + loss: 0 percent + total: 120 packets + rx: + rate: 6250000 bytes/sec + loss: 0 percent + total: 79 packets -trying to add second path, he automaticaly take first status: DEGRADED i think it's okey, so after i try ping 10.0.1.1, and re-check status, second path status OK, so multi-path is worked! :-) -./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit -./glorytun path +trying to add second path, he automaticaly take first status: DEGRADED i think it's okey, so after i try ping 10.0.1.1, and re-check status, second path status OK, so multi-path is worked! :-) + +`./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit` + +`./glorytun path` + path UP + status: OK + bind: 192.168.1.100 port 5000 + public: xxx.xxx.144.148 port 36085 + peer: 195.245.103.245 port 55055 + mtu: 1472 bytes + rtt: 88.470 ms + rttvar: 68.228 ms + tx: + rate: 6250000 bytes/sec + loss: 0 percent + total: 156 packets + rx: + rate: 6250000 bytes/sec + loss: 0 percent + total: 107 packets + path UP + status: DEGRADED + bind: 192.168.2.100 port 5000 + public: - port 0 + peer: 195.245.103.245 port 55055 + mtu: 1302 bytes + rtt: 0.000 ms + rttvar: 0.000 ms + tx: + rate: 6250000 bytes/sec + loss: 0 percent + total: 0 packets + rx: + rate: 6250000 bytes/sec + loss: 0 percent + total: 0 packets + i try to ping server from tunnel -ping 10.0.1.1 + +`ping 10.0.1.1` + PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. + 64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=51.7 ms + 64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=48.3 ms + 64 bytes from 10.0.1.1: icmp_seq=6 ttl=64 time=49.0 ms and check after glorytun second path -./glorytun path + +`./glorytun path` + path UP + status: OK + bind: 192.168.1.100 port 5000 + public: xxx.xxx.144.148 port 15757 + peer: 195.245.103.245 port 55055 + mtu: 1472 bytes + rtt: 58.416 ms + rttvar: 6.057 ms + tx: + rate: 6250000 bytes/sec + loss: 3 percent + total: 273 packets + rx: + rate: 6250000 bytes/sec + loss: 0 percent + total: 153 packets + path UP + status: OK + bind: 192.168.2.100 port 5000 + public: xxx.xxx.156.25 port 3506 + peer: 195.245.103.245 port 55055 + mtu: 1472 bytes + rtt: 50.682 ms + rttvar: 5.899 ms + tx: + rate: 6250000 bytes/sec + loss: 3 percent + total: 113 packets + rx: + rate: 6250000 bytes/sec + loss: 6 percent + total: 72 packets + both path is up, but wget and other http/https traffic is not go, so i try to add "standard commands" for client with tunnel: #remove default route -sudo ip route del default + +`sudo ip route del default` + #add default route with glorytun only -sudo ip route add default via 10.0.1.1 dev tun0 + +`sudo ip route add default via 10.0.1.1 dev tun0` + #masqarade local net traffic -iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE + +`iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE` + #enable local traffic route with tunnel -iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT -iptables -A INPUT -p icmp -j ACCEPT -iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT -iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + +`iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT` + +`iptables -A INPUT -p icmp -j ACCEPT` + +`iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT` + +`iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT` + #forward all local traffic (from bridge or lan network interface) to glorytun tunnel -iptables -A FORWARD -i bg0 -o tun0 -j ACCEPT + +`iptables -A FORWARD -i bg0 -o tun0 -j ACCEPT` + All is work, Adrien BIG THANK TO YOU for you work :-) \ No newline at end of file