#1 Le 10/04/2015, à 15:44
- tocks
Faire passer le traffic bitTorrent dans un tunnnel VPN
Bonjour, j'essaie de paramétrer mon vpn avec utorrent.
Je souhaite passer par un vpn (frootvpn), la connexion ce passe sans soucis.
J'essaie ensuite de router le trafic dans une interface prédéfinie.
Mais cette interface n'arrive jamais à pinguer google.
Je vous met les logs si vous avez une idée du soucis, je doit pas être très loin de la vérités.
seed@debian:~$ cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
1 VPN
seed@debian:~$
seed@debian:~$ sudo ifconfig
[sudo] password for seed:
eth0 Link encap:Ethernet HWaddr 08:00:27:6b:dd:47
inet adr:192.168.0.17 Bcast:192.168.0.255 Masque:255.255.255.0
adr inet6: fe80::a00:27ff:fe6b:dd47/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:325 errors:0 dropped:0 overruns:0 frame:0
TX packets:211 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:43981 (42.9 KiB) TX bytes:23195 (22.6 KiB)
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:1104 (1.0 KiB) TX bytes:1104 (1.0 KiB)
lo:1 Link encap:Boucle locale
inet adr:192.168.10.1 Masque:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:46.246.73.41 P-t-P:46.246.73.41 Masque:255.255.255.224
adr inet6: 2a00:1a28:1164:9::1007/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:46 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:2828 (2.7 KiB) TX bytes:0 (0.0 B)
seed@debian:~$
seed@debian:~$ sudo route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
46.246.73.32 0.0.0.0 255.255.255.224 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
seed@debian:~$
seed@debian:~$ ip rule show
0: from all lookup local
32764: from 46.246.73.41 lookup VPN
32765: from 192.168.10.1 lookup VPN
32766: from all lookup main
32767: from all lookup default
seed@debian:~$
seed@debian:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.10.1 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain SERVICES (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:31420
seed@debian:~$
seed@debian:~$ sudo iptables-save
# Generated by iptables-save v1.4.14 on Fri Apr 10 15:23:08 2015
*nat
:PREROUTING ACCEPT [44:2629]
:INPUT ACCEPT [44:2629]
:OUTPUT ACCEPT [19:1377]
:POSTROUTING ACCEPT [19:1377]
-A PREROUTING -i tun0 -p tcp -m tcp --dport 31420 -j DNAT --to-destination 192.168.10.1
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Fri Apr 10 15:23:08 2015
# Generated by iptables-save v1.4.14 on Fri Apr 10 15:23:08 2015
*filter
:INPUT ACCEPT [1252:156806]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [667:86078]
:SERVICES - [0:0]
-A INPUT -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.10.1/32 -o eth0 -j DROP
-A SERVICES -p tcp -m tcp --dport 31420 -j ACCEPT
COMMIT
# Completed on Fri Apr 10 15:23:08 2015
seed@debian:~$
seed@debian:~$ ping -I 192.168.10.1 -c 1 http://www.google.com
ping: unknown host http://www.google.com
seed@debian:~$
seed@debian:~$ ping -I 192.168.10.1 -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.10.1 : 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
seed@debian:~$ ping -I 192.168.10.1 -c 1 www.google.com
PING www.google.com (74.125.24.104) from 192.168.10.1 : 56(84) bytes of data.
--- www.google.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
seed@debian:~$
Hors ligne
#2 Le 10/04/2015, à 19:17
- tocks
Re : Faire passer le traffic bitTorrent dans un tunnnel VPN
Je viens de repartir d'une vm vierge.
Configuration du vpn ok avec option route-nopull activé
Création d'une interface
lo:1 Link encap:Boucle locale
inet adr:192.168.10.1 Masque:255.255.255.255
UP LOOPBACK RUNNING MTU:16436 Metric:1
Ajout d'une table VPN
echo 1 VPN >> /etc/iproute2/rt_tables
Ajout de la route
ip route add default dev tun0 table VPN
Ajout des régles :
ip rule add from 192.168.10.1/32 table VPN
ip rule add from 46.246.2.252/32 table VPN
Les ping :
ping sur l'interface du vpn
root@debian:~# ping -I 46.246.2.252 www.google.fr
PING www.google.fr (216.58.211.131) from 46.246.2.252 : 56(84) bytes of data.
64 bytes from dub07s01-in-f3.1e100.net (216.58.211.131): icmp_req=1 ttl=56 time=113 ms
64 bytes from dub07s01-in-f3.1e100.net (216.58.211.131): icmp_req=2 ttl=56 time=109 ms
64 bytes from dub07s01-in-f3.1e100.net (216.58.211.131): icmp_req=3 ttl=56 time=110 ms
64 bytes from dub07s01-in-f3.1e100.net (216.58.211.131): icmp_req=4 ttl=56 time=114 ms
64 bytes from dub07s01-in-f3.1e100.net (216.58.211.131): icmp_req=5 ttl=56 time=111 ms
Ping sur l'interface 192.168.10.1
root@debian:~# ping -I 192.168.10.1 -c 4 www.google.fr
PING www.google.fr (74.125.24.94) from 192.168.10.1 : 56(84) bytes of data.
--- www.google.fr ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3011ms
root@debian:~#
Je ne comprend pas pourquoi cette interface n'arrivent pas a ping google.
Normalement j'ai ajouter les bonnes régles et route.
Si un expert passe par la......
Dernière modification par tocks (Le 10/04/2015, à 19:18)
Hors ligne