public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed
From: Alan Holt <berber.it@gmail•com>
To: govpn-devel@lists.cypherpunks.ru, Alan Holt <berber.it@gmail•com>,
Evgeny Shtranvasser <jackalsh@gmail•com>
Subject: Re: [Govpn-devel] build from last tarball
Date: Thu, 28 Jan 2016 15:39:57 +0200 [thread overview]
Message-ID: <CAKw30nqA_NZiBR3=vxRE6C_1Js=MEaXpYmZ9B+PYYn9BGMfyAw@mail.gmail.com> (raw)
In-Reply-To: <20160128104614.pZ8EFV-u2%stargrave@stargrave.org>
[-- Attachment #1: Type: text/plain, Size: 7398 bytes --]
Hello,
something pretty wrong for me...
*For two clients and one server we do this in peers.yaml:*
# cat peers.yaml
alex:
iface: tap_alan
verifier:
$argon2d$m=4096,t=128,p=1$ceyJyscDM8vrN/UjS/hH+Q$wbU/uMubJqSLsc1xZ6qNjTENuLLCU8XCWtj8YJ/hGls
jack:
iface: tap_jack
verifier:
$argon2d$m=4096,t=128,p=1$BJrUaLgW7/ogiuklIUOg0g$C/OcsEmxEUloibV45m4vY0MCvbNNvttqZmikpcBTivU
*We have created 3 interfaces:*
*br0*: flags=4099<UP,BROADCAST,MULTICAST> mtu 1432
inet *172.16.0.5* netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::5414:2ff:fe16:a15b prefixlen 64 scopeid 0x20<link>
ether 56:14:02:16:a1:5b txqueuelen 0 (Ethernet)
RX packets 45 bytes 1260 (1.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 438 (438.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
*tap_alan*:
inet *172.16.0.2* netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::5414:2ff:fe16:a15b prefixlen 64 scopeid 0x20<link>
ether 56:14:02:16:a1:5b txqueuelen 500 (Ethernet)
RX packets 45 bytes 1890 (1.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 876 (876.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
*tap_jack*: flags=4099<UP,BROADCAST,MULTICAST> mtu 1432
inet *172.16.0.1* netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::e86a:55ff:fe96:1fa prefixlen 64 scopeid 0x20<link>
ether ea:6a:55:96:01:fa txqueuelen 500 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 1572 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Where br0 should be bridge.
tap_alan for user alan.
tap_jack for user jack.
*that was done by 2 scripts, first to create bridge, second to create
users:*
*### Creating bridge ###*
*cat create_bidge.sh*
#!/bin/bash
ip link add name br0 type bridge
ip link set br0 up
*### adding users, set br0 master ###*
*cat add_govpn_user.sh*
#!/bin/bash
USER=$1
TAP=tap_${USER}
IPADDR=$2
ip tuntap add dev ${TAP} mode tap
ip link set mtu 1432 dev ${TAP}
ip addr add ${IPADDR} dev ${TAP}
ip link set ${TAP} up
ip link set ${TAP} master br0
*So as I understand, now bridge interface should route traffic between two
others interfaces?*
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
37.48.109.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
*172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0
tap_jack*
*172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0
tap_alex*
*Should I add br0 to routing table in some special way? *
4: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc noqueue state
DOWN mode DEFAULT
link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff
5: tap_jack: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc pfifo_fast
master br0 stat
e DOWN mode DEFAULT qlen 500
link/ether ea:6a:55:96:01:fa brd ff:ff:ff:ff:ff:ff
6: tap_alex: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1432 qdisc pfifo_fast
master br0 state DO
WN mode DEFAULT qlen 500
link/ether 56:14:02:16:a1:5b brd ff:ff:ff:ff:ff:ff
*So we have this schema: *
CLIENT: user_alex IP 172.16.0.1
CLIENT: user_jack IP 172.16.0.2
*SERVER: *
br0 IP 172.16.0.5
tap_jack IP 172.16.0.101
tap_alex IP 172.16.0.102
*Connection is established successfully.*
*But no luck with ping from client user_alex to server interface br0*
# ping 172.16.0.5
PING 172.16.0.5 (172.16.0.5) 56(84) bytes of data.
>From 172.16.0.102 icmp_seq=1 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=2 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=3 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=4 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=5 Destination Host Unreachable
*Also I can't ping "my" interface on the server:*
# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
>From 172.16.0.102 icmp_seq=1 Destination Host Unreachable
>From 172.16.0.102 icmp_seq=2 Destination Host Unreachable
*Server works like a router: *
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
*What I am doing wrong? *
On Thu, Jan 28, 2016 at 12:46 PM, <stargrave@stargrave•org> wrote:
> Greetings!
>
> *** Alan Holt <berber.it@gmail•com> [Thu, 28 Jan 2016 12:26:35 +0200]:
> >*Can I add another client in the same file, like:*
> >alex:
> > iface: tap10
>
> You can, but they must not share the same TAP interface.
>
> >------------------------------------------------------------
> >Client connecting to 172.16.0.2, TCP port 5001
> >TCP window size: 45.0 KByte (default)
> >------------------------------------------------------------
> >[ 3] local 172.16.0.1 port 55274 connected with 172.16.0.2 port 5001
> >[ ID] Interval Transfer Bandwidth
> >[ 3] 0.0-10.0 sec 105 MBytes *87.7* Mbits/sec
>
> As I can see, not the full 100Mbps is used. This is because GoVPN
> actually has relatively high delays. I assume that your CPU load was not
> high, that means that it can process much more packets, but because of
> delays, TCP layer has lower throughput.
>
> I tested GoVPN 4.x with 1Gbps network between two notebooks with Intel
> i5 CPU under FreeBSD 10.2 amd64 with Go 1.5.1. It gave me 786 Mbps of
> throughput of UDP packets.
>
> Delays is the main problem with performance in real-life applications. I
> use GoVPN at home and scp over 1Gbps link give me 40-50 MiB/s throughput
> over IPv6 endpoints. By the way, I do not know why, but GoVPN is slower
> when using it over IPv6.
>
> >*In this case 2 clients from Tel-Aviv connected to the same server in
> >Amsterdam, one of users get disconnected:*
>
> Yes, only one client can use single TAP interface.
>
> >*So how I do one server serf multiple clients?*
> >*Is it possible? *
>
> Only one user per TAP-interface. If you want to connect them together,
> then it can be done easily with the bridge/bond between those
> interfaces. I do not currently have GNU/Linux under the hand, but it
> should be like this:
>
> # brctl addbr bridge0
> # brctl addif bridge0 tap0
> # brctl addif bridge0 tap1
>
> where tap0 is interface for the first user, tap1 is for the second.
> Using up.sh, that is executed after client connects, you can do it
> dynamically like this (only crude example):
>
> #!/bin/sh
> tapname=$(tunctl -u someuser)
> brctl addif bridge0 $tapname
> echo $tapname
>
> here we create new TAP interface and add it to the bridge (to the
> shared network interface) and echo it so GoVPN will understand what
> TAP-interface it must use.
>
> --
> Happy hacking, Sergey Matveev
>
--
*בברכה, *
*אלכס ברבר*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org>
*--*
*Best regards.*
*Alex Berber*
*PGP Public Key
<https://pgp.mit.edu/pks/lookup?op=get&search=0xF0508EB3F7C241E1>*
*www.linuxspace.org* <http://www.linuxspace.org/>
[-- Attachment #2: Type: text/html, Size: 10224 bytes --]
next prev parent reply other threads:[~2016-01-28 13:40 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-13 7:59 [Govpn-devel] build from last tarball Alan Holt
2015-05-13 8:47 ` stargrave
2015-05-13 9:00 ` Alan Holt
2015-05-13 9:36 ` stargrave
2015-05-13 10:01 ` Alan Holt
2015-05-13 10:14 ` stargrave
2015-05-13 10:52 ` Alan Holt
2015-05-13 11:41 ` stargrave
2015-05-13 13:31 ` Alan Holt
2015-05-13 13:47 ` Alan Holt
2015-05-13 14:09 ` stargrave
2015-05-13 14:55 ` Alan Holt
2015-05-13 16:52 ` stargrave
2015-05-14 8:30 ` Alan Holt
2015-05-14 9:22 ` Alan Holt
2015-05-14 12:34 ` stargrave
2015-05-14 13:25 ` stargrave
2015-05-14 13:32 ` Alan Holt
2015-05-14 14:11 ` stargrave
2016-01-19 19:04 ` Alan Holt
2016-01-19 22:08 ` stargrave
2016-01-19 22:58 ` Alan Holt
2016-01-20 7:53 ` stargrave
2016-01-21 9:43 ` stargrave
2016-01-28 10:26 ` Alan Holt
2016-01-28 10:46 ` stargrave
2016-01-28 13:39 ` Alan Holt [this message]
2016-01-28 14:20 ` stargrave
2015-05-13 14:06 ` stargrave