-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
First attempts to use MLVPN (and shorewall) #68
Comments
Ahh, yes I set Cheers Mark.
|
To clarify more, on the client side, I set |
maybe you have firewalled the tunnel interface? Try iptables -I INPUT -i mlvpn+ -j ACCEPT
iptables -I OUTPUT -o mlvpn+ -j ACCEPT
iptables -I FORWARD -i mlvpn+ -j ACCEPT
iptables -I FORWARD -o mlvpn+ -j ACCEPT on both sides. This will effectively disable your firewall with regard to mlvpn interfaces. |
You are spot on - THANKYOU |
I have done all those step, but cannot go any further than this
but no way to see the tunnel up :( I'm running Debian Wheezzy on server and Jessie on client |
@paketecuento hi, if your still having problems, let me know, I've got a nice working solution. |
Having similar problems as @paketecuento, do you still offer your working solution, @markfoodyburton? Thanks much in advance! |
I have to say, in the end, I left shorewall, and am now using firehol - one reason was because something in the shorewall setup ended up not playing nicely with mlvpn. I'd suggest moving across to firehol - the set up is fairly simple then |
Thanks for quick reply, highly appreciated! |
I use macvlan's to set up my individual paths to the various providers as my 'modems' are all connected to the same switch. Hence I have (in /etc/network/interfaces)
Then in /etc/firehol/firehol.conf I snat Then set up your interfaces and routes as per normal. Then you may also want to set up link-balancer
I also make sure the link-balancer restarts if MLVPN goes up/down.... (do that in your mlvpn_updown.sh) |
Thanks so much for taking the time! Will give it a try. |
Wondering how you got the two ppp connections to run with both modems on the same switch with macvlans. Using in /etc/network/interfaces:
and in /etc/ppp/peers/dsl1:
works fine. Together with FireHOL firewall stable and secure Internet connection, really happy you pointed me to that! And the 2nd connection just with different numbers and names works fine, too, if started by itself. But starting the 2nd connection when the first is running leads to immediate disconnect by remote peer:
Also not sure which device/interface the gateway address is to be assigned to. ?-) |
I'm not using PPP modems - not sure macvlan helps for PPP (maybe, I've never tried). I suspect you are falling fowl of the way PPPoE works - it sends discovery packets, which then cause the currently active session to drop (at least, I had much the same problem myself). In the end, I ended up not using PPP (which makes setting the 'consumer' modems up a little easier too :-) ) |
OK, eventually got PPP connections to work (with hardware network interfaces), and a very stable ethernet bonding device also based on OpenVPN and FireHOL. Couldn't succeed with MLVPN. Thanks for all your help! |
Hi, thanks for the guidance. I can't reply on "serverfault" , so I have to ask you here. In my scenario, please have a look of my config: Client side:vim /etc/network/interface
Is my routing set up right in vpn-start?
How about the firewall config?
Server side:tap0.conf:
Firewall config:
After I did all the setup, the link appeared to be established: Client side:
Client tap1.log:
ping tunnel ip from client:
Server side:
Server tap0.log:
ping tunnel ip from server:
Any ideas what did I do wrong? Thank you again to bring us such a wonderful solution! |
I’m also in France (in the countryside, with poor ADSL)…
To make my life bearable, I use 2 ADSL links…
On my home router (a small Linux box), I run shorewall, and run the two ppp daemon’s. Hence I have 3 interfaces ppp0, ppp1 and eth0.
As an initial test, I installed mlvpn on both the server and the router (direct from the GIT in both cases).
I followed the instructions http://mlvpn.readthedocs.org/en/latest/linux_example.html - except I ONLY set up one VPN at this point - My intention is JUST to test the connection, not to attempt any aggregation yet!
So, I took your example config and scripts,
All I did was
1/ set mode = client/server on the client/server :-)
2/ set the client ip4 address to 10.42.42.2. Set the server ip4 address to 10.42.42.1 (/30 in both cases)
3/ set the mtg to 1432 (should this be the default?)
4/ set the password
5/ On the client, set an adsl connection binding the host to the address of one of the PPP endpoints - which should force things down one adsl path...
[Side note, if you use 0.0.0.0 as the bindhost, you get multiple connections being made to the server through the 2 different paths, which is fun to watch]
set port, and remote host to the server
6/ On the server side, I set the bind host to 0.0.0.0. In how ‘HowTo’ it does not mention a bindhost. If I do not set it, I get:
dsl1 getaddrinfo(,5091) failed: Unknown error
Thats it
I then start the server and the client. I’m happy to see:
2016-04-05T13:06:17 tunnel [dsl1] is up
2016-04-05T13:06:17 mlvpn0 up
Good. And I see plenty of keep alive packets going though if I do a -Dprotocol
So now I expect, on the client side, to be able to ‘ping’ the server. When I check the route, I do indeed have a 10.42.42. route:
10.42.42.0 0.0.0.0 255.255.255.252 U 0 0 0 mlvpn0
(and likewise on the server side)
I can ping myself - e.g. on the client I can ping 10.42.42.2 successfully. But I can not ping the other side
ping 10.42.42.1
Fails….. :-(
Where am I going wrong? (I thought this was the easy bit, I’ve still got to get the integration with shore wall working :-))) )
Cheers
Mark.
The text was updated successfully, but these errors were encountered: