[lime-users] VPN

Nk nk at os.vu
Wed May 3 18:58:26 UTC 2017


Hi Marvin

Sorry for the very late reply.

You’re right, we’re able to reproduce the issue on routers configured as per our tutorial.

However, we have a previously configured router that does not fall back to ISP directly, which is why we were saying there is no fallback in the howto.

I’m trying to find the first tutorial we had followed back in the day to set up the killswitch.

Sorry we didn’t test this more thoroughly on the config we are suggesting in our tutorial. I’m trying to find the differences between the two webfigs, but can’t find any for now, or nothing I could reproduce anyway.

I’ll keep you posted. Thanks for pointing this out.

Nk

On 20 apr 2017, 00:08 +0200, Marvin Arnold via lime-users <lime-users at lists.libremesh.org>, wrote:
> Hi Nicolas,
> Sometime last week, the VPS that hosts our streisand instance went down. During that time, the network still had internet access and fell back to my local ISP's IP address. My understanding was that internet would be cut off the the VPN wasn't accessible. Any ideas?
>
> On 04/12/2017 12:17 AM, Marvin Arnold via lime-users wrote:
> > Hey Nicolas, I tried sending you this email directly, but it bounced back. I can't tell if your domain thinks mine is spam, or vice-versa.
> > My speed test results are below and might be interesting to others anyways.
> > Thanks,
> > Marvin
> >
> > On 04/12/2017 12:10 AM, Marvin Arnold wrote:
> > > Hey, just did some thorough tests. There's a huge drop in download speed starting at the hex. Upload speed is almost constant.
> > > https://nolime.sandcats.io/shared/Q2guq9wOIl-l0Yt4Dou-nkqfR_kNqH1wf4DIwHg9ZFk
> > > The tests also made me realize something weird is going on where I'm unable to connect directly to the lime node which is also the only node with internet access. I have to restart the router whenever I re-enter the network.
> > >
> > > On 04/10/2017 04:54 AM, Nicolas North wrote:
> > > > Awesome very happy to hear that. Can I ask you out of curiosity what speed:
> > > >
> > > > 1] your pure ISP connection is
> > > > 2] your vpn is delivering
> > > > 3] you get from a device connected to a non-exit node [so not the one connected to the hex]?
> > > >
> > > > I’m having real problems getting steady speeds out of LiMe in general, and really high latencies, compared to OLSR which always delivers, although not very fast.
> > > >
> > > > Thank you
> > > >
> > > >
> > > > From: Marvin Arnold via lime-users <lime-users at lists.libremesh.org>
> > > > Reply: Marvin Arnold <marvin at geeky.rocks>, libremesh users <lime-users at lists.libremesh.org>
> > > > Date: 8 aprile 2017 at 03:26:52
> > > > To: lime-users at lists.libremesh.org <lime-users at lists.libremesh.org>
> > > > Subject:  Re: [lime-users] VPN
> > > >
> > > > > 1 alone didn't fix it. 1+2 did. Switching MTU from 1280 to 1350 immediately resolved the issue.
> > > > >
> > > > > So I think it's all set now. I have three lime nodes forming a mesh around my house. One of the lime nodes is connected over ethernet to the hex.
> > > > >
> > > > > I'll report back any issues and successes. Now that this is working, we'll start setting up more clusters, all using the same exit node. I suppose we'll eventually want to figure out how to connect using a lime node only without a hex. I don't think it will be cost effective to have a hex at every node that connects to the Internet. We almost had that working before.
> > > > >
> > > > >
> > > > > On 04/06/2017 09:54 PM, Nk wrote:
> > > > > > Ok so I think it’s one of two problems if not both here:
> > > > > >
> > > > > > 1] DNS
> > > > > > 2] MTU
> > > > > >
> > > > > > In the first case, which seems more likely, your Hex isn’t providing DNS correctly. See the last part of this video and follow just the DNS settings part: https://www.youtube.com/watch?v=SW6AZ33go5U [this is the video I followed for my howto in the first place with the exception of a few things such as L2TP instead of PPTP of course.
> > > > > >
> > > > > > In the second case, your MTU might be wrong. Have you followed the MTU section of my video? If not [likely you made the right choice as mine was a simple empirical one-time experience] why not? Have you set it to 1350 or have you left it default? See this link for a packet fragmentation ping test guide: http://www.tp-link.com/us/FAQ-190.html.
> > > > > >
> > > > > > Let me know how it works out
> > > > > >
> > > > > > On 7 apr 2017, 02:56 +0200, Marvin Arnold <marvin at geeky.rocks>, wrote:
> > > > > > > That's weird. Sending that last email worked even though I am still connected via ethernet. Websites still won't load.
> > > > > > >
> > > > > > > On 04/06/2017 07:43 PM, Marvin Arnold wrote:
> > > > > > > > Hey there, really appreciate the help. Responses below.
> > > > > > > >
> > > > > > > > On 04/06/2017 07:26 PM, Nk wrote:
> > > > > > > > > How are you connecting via wifi to the hex? You have a simple access point connected on the lan side of the hex that does no routing at all, I assume, is this correct?
> > > > > > > > - ISP Router: out the first internet port <ethernet> hex: into internet/first port
> > > > > > > > - hex: out the second port <ethernet> LiMe wdr4300: into internet port
> > > > > > > > - hex: out the fourth port <ethernet> into computer
> > > > > > > > >
> > > > > > > > > In any event, it looks like your computer is hard-set [meaning in system options or via ifconfig/ipconfig] to use itself as the DNS server [strange config btw, is this a server?] when using the wifi interface [127.0.0.1] whereas it’s not hard-set to a specific DNS server when using the wired interface.
> > > > > > > >
> > > > > > > > Its Ubuntu 16.04 x64. I use a lot of virtualization (virtualbox, lxc) so the bare-metal I'm running from should be fairly close to a stock ubuntu install.
> > > > > > > >
> > > > > > > > >
> > > > > > > > > Is your computer getting an IP automatically from the HEX when connecting to it via ethernet? Could you post the result of command ifconfig
> > > > > > > > enp0s31f6 Link encap:Ethernet  HWaddr xx:xx:xx:xx
> > > > > > > >           inet addr:172.16.0.252  Bcast:172.31.255.255  Mask:255.240.0.0
> > > > > > > >           inet6 addr: fe80::6e3d:818b:4805:dee0/64 Scope:Link
> > > > > > > >           UP BROADCAST RUNNING MULTICAST  MTU:1350  Metric:1
> > > > > > > >           RX packets:92402 errors:0 dropped:668 overruns:0 frame:0
> > > > > > > >           TX packets:93032 errors:0 dropped:0 overruns:0 carrier:0
> > > > > > > >           collisions:0 txqueuelen:1000
> > > > > > > >           RX bytes:64456103 (64.4 MB)  TX bytes:22227903 (22.2 MB)
> > > > > > > >           Interrupt:16 Memory:c5700000-c5720000
> > > > > > > >
> > > > > > > > lo        Link encap:Local Loopback
> > > > > > > >           inet addr:127.0.0.1  Mask:255.0.0.0
> > > > > > > >           inet6 addr: ::1/128 Scope:Host
> > > > > > > >           UP LOOPBACK RUNNING  MTU:65536  Metric:1
> > > > > > > >           RX packets:155595 errors:0 dropped:0 overruns:0 frame:0
> > > > > > > >           TX packets:155595 errors:0 dropped:0 overruns:0 carrier:0
> > > > > > > >           collisions:0 txqueuelen:1
> > > > > > > >           RX bytes:34758916 (34.7 MB)  TX bytes:34758916 (34.7 MB)
> > > > > > > >
> > > > > > > > > Secondly, could you try [always via ethernet] to nslookup wikipedia.org 172.16.0.1
> > > > > > > > $ nslookup wikipedia.org 172.16.0.1
> > > > > > > > Server:        172.16.0.1
> > > > > > > > Address:    172.16.0.1#53
> > > > > > > >
> > > > > > > > ** server can't find wikipedia.org: SERVFAIL
> > > > > > > >
> > > > > > > > > and nslookup wikipedia.org 8.8.8.8 ?
> > > > > > > > Server:        8.8.8.8
> > > > > > > > Address:    8.8.8.8#53
> > > > > > > >
> > > > > > > > Non-authoritative answer:
> > > > > > > > Name:    wikipedia.org
> > > > > > > > Address: 198.35.26.96
> > > > > > > >
> > > > > > > > >
> > > > > > > > > Thanks
> > > > > > > > >
> > > > > > > > > On 7 apr 2017, 01:43 +0200, Marvin Arnold <marvin at geeky.rocks>, wrote:
> > > > > > > > > > Hey, I'm replying with two sets of commands. The first is always using WIFI which is working fine. The second is connecting my computer to the hex via ethernet, which does not work well.
> > > > > > > > > > I'm pretty sure its not my computer's ethernet. I've also tried connecting my computer directly into the isp router via ethernet and that works fine.
> > > > > > > > > > Working version using hex<WIFI>computer:
> > > > > > > > > >
> > > > > > > > > > > ping 8.8.8.8 [reply with output]
> > > > > > > > > > $ ping 8.8.8.8
> > > > > > > > > > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=43 time=63.6 ms
> > > > > > > > > >
> > > > > > > > > > > curl ipinfo.io [reply with output]
> > > > > > > > > > $ curl ipinfo.io
> > > > > > > > > > {
> > > > > > > > > >   "ip": "X.X.X.X",
> > > > > > > > > >   "hostname": "XX.net",
> > > > > > > > > >   "city": "Washington",
> > > > > > > > > >   "region": "District of Columbia",
> > > > > > > > > >   "country": "US",
> > > > > > > > > >   "loc": "LAT,LONG",
> > > > > > > > > >   "org": "ORG",
> > > > > > > > > >   "postal": "XXXXX"
> > > > > > > > > > }
> > > > > > > > > >
> > > > > > > > > > > nslookup wikipedia.org [reply with output]
> > > > > > > > > >
> > > > > > > > > > $ nslookup wikipedia.org
> > > > > > > > > > Server:        127.0.1.1
> > > > > > > > > > Address:    127.0.1.1#53
> > > > > > > > > >
> > > > > > > > > > Non-authoritative answer:
> > > > > > > > > > Name:    wikipedia.org
> > > > > > > > > >
> > > > > > > > > > ---------------------------- KEEP SCROLLING ------------------------------------
> > > > > > > > > >
> > > > > > > > > > Broken version using hex<ethernet>:
> > > > > > > > > >
> > > > > > > > > > > ping 8.8.8.8 [reply with output]
> > > > > > > > > > $ ping 8.8.8.8
> > > > > > > > > > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> > > > > > > > > > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=44 time=64.2 ms
> > > > > > > > > >
> > > > > > > > > > > curl ipinfo.io [reply with output]
> > > > > > > > > > $ curl ipinfo.io
> > > > > > > > > > curl: (6) Could not resolve host: ipinfo.io
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > nslookup wikipedia.org [reply with output]
> > > > > > > > > >
> > > > > > > > > > $ nslookup wikipedia.org
> > > > > > > > > > ;; connection timed out; no servers could be reached
> > > > > > > > > >
> > > > > > > > > > Non-authoritative answer:
> > > > > > > > > > Name:    wikipedia.org
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > _______________________________________________
> > > > > > > > > > lime-users mailing list
> > > > > > > > > > lime-users at lists.libremesh.org
> > > > > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > lime-users mailing list
> > > > > > > > > lime-users at lists.libremesh.org
> > > > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > lime-users mailing list
> > > > > > > > lime-users at lists.libremesh.org
> > > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users
> > > > > > > >
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > lime-users mailing list
> > > > > > > lime-users at lists.libremesh.org
> > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > lime-users mailing list
> > > > > > lime-users at lists.libremesh.org
> > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users
> > > > >
> > > > > _______________________________________________
> > > > > lime-users mailing list
> > > > > lime-users at lists.libremesh.org
> > > > > https://lists.libremesh.org/mailman/listinfo/lime-users
> > >
> >
> >
> >
> >
> > _______________________________________________
> > lime-users mailing list
> > lime-users at lists.libremesh.org
> > https://lists.libremesh.org/mailman/listinfo/lime-users
>
> _______________________________________________
> lime-users mailing list
> lime-users at lists.libremesh.org
> https://lists.libremesh.org/mailman/listinfo/lime-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libremesh.org/pipermail/lime-users/attachments/20170503/15d91263/attachment.html>


More information about the lime-users mailing list