Skip to content

Instantly share code, notes, and snippets.

@jamesdavidson

jamesdavidson/client-vtund.conf

Last active April 11, 2024 08:44
Show Gist options
  • Save jamesdavidson/873a7d77f8864b29e2eef201c9ddd00e to your computer and use it in GitHub Desktop.
Save jamesdavidson/873a7d77f8864b29e2eef201c9ddd00e to your computer and use it in GitHub Desktop.
Download ZIP
setup for vtun
Raw
readme.txt
all of this vtun stuff can actually be done with socat apparently...
http://www.dest-unreach.org/socat/doc/socat-tun.html
or similarly if you have secure TCP port forwarding on 5000 then you can do:
socat TUN:10.10.0.2/24,iff-up TCP4-LISTEN:5000,bind=127.0.0.1,fork # server
socat TUN:10.10.0.1/24,iff-up TCP4:127.0.0.1:5000 # client
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
MAGIC
docker run -d --privileged --name vtun-client ubuntu:18.04 sleep infinity
docker run -d --privileged --name vtun-server ubuntu:18.04 sleep infinity
docker exec -it vtun-server bash -c 'apt update -y && apt install -y net-tools iproute2 screen vim dnsutils netcat python3 vtun curl inetutils-ping iptables'
or if setting up a pod use:
setting up the pod/container requires:
volumeMounts:
- name: tundevice
mountPath: /dev/net/tun
volumes:
- name: tundevice
hostPath:
path: /dev/net/tun
type: CharDevice
docker exec -it vtun-server vtund -s -n
docker exec -it vtun-client vtund -n cobra 172.17.0.2
# on the server
ip link add dummy0 type dummy
ip addr add 10.0.2.1/24 broadcast 10.0.2.255 dev dummy0
ip link set dummy0 up
ip route add 10.0.3.0/24 via 10.0.0.3 dev tun0
# on the client
ip link add dummy0 type dummy
ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev dummy0
ip link set dummy0 up
ip route add 10.0.2.0/24 via 10.0.0.2 dev tun0
# on the client
ip route replace default via 10.0.0.2 dev tun0
# also seems to work via 10.0.0.3
# on the server
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# reset
iptables --flush
iptables -t nat --flush
# this does not work because is at level of MAC not IP
ip link add name br0 type bridge
ip link set dev br0 up
ip link set dev tun0 master br0
ip link set dev dummy0 master br0
ip link del br0
Raw
client-vtund.conf
options {
port 5000; # Connect to this port.
timeout 60; # General timeout
# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}
# same as above, but with iproute2 command
cobra {
passwd secret123; # Password
device tun0; # Device tun0
persist yes; # Persist mode
up {
# Connection is Up
# Assign IP addresses.
ip "link set %% up multicast off mtu 1450";
ip "-family inet addr add 10.0.0.3 peer 10.0.0.2 dev %%";
};
}
Raw
server-vtund.conf
options {
port 5000; # Listen on this port.
bindaddr { iface lo; };
# Syslog facility
syslog daemon;
# Path to various programs
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}
# Default session options
default {
compress no; # Compression is off by default
speed 0; # By default maximum speed, NO shaping
}
# the same as above, but with iproute2 command
cobra {
passwd secret123; # Password
type tun; # IP tunnel
proto tcp; # TCP protocol
compress lzo:9; # LZO compression level 9
encrypt yes; # Encryption
keepalive yes; # Keep connection alive
up {
# Connection is Up
# 10.0.0.2 - local, 10.0.0.3 - remote
ip "link set %% up multicast off mtu 1450";
ip "-family inet addr add 10.0.0.2 peer 10.0.0.3 dev %%";
};
}
@jamesdavidson
Copy link
Author

on Ubuntu 22.04 this issue comes up: https://www.mail-archive.com/[email protected]/msg1956907.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment