[lime-users] VPN

Marvin Arnold marvin at geeky.rocks
Wed May 10 23:29:30 UTC 2017


Hey, have you ever tried the same setup with the VPN client on a TP-Link
TL-R600VPN? I'm giving it a go now, and the menu options are a little
confusing.


On 05/03/2017 01:58 PM, Nk wrote:
> Hi Marvin
>
> Sorry for the very late reply.
>
> You’re right, we’re able to reproduce the issue on routers configured
> as per our tutorial.
>
> However, we have a previously configured router that does /not/ fall
> back to ISP directly, which is why we were saying there is no fallback
> in the howto.
>
> I’m trying to find the first tutorial we had followed back in the day
> to set up the killswitch.
>
> Sorry we didn’t test this more thoroughly on the config we are
> suggesting in our tutorial. I’m trying to find the differences between
> the two webfigs, but can’t find any for now, or nothing I could
> reproduce anyway.
>
> I’ll keep you posted. Thanks for pointing this out.
>
> Nk
>
> On 20 apr 2017, 00:08 +0200, Marvin Arnold via lime-users
> <lime-users at lists.libremesh.org>, wrote:
>>
>> Hi Nicolas,
>>
>> Sometime last week, the VPS that hosts our streisand instance went
>> down. During that time, the network still had internet access and
>> fell back to my local ISP's IP address. My understanding was that
>> internet would be cut off the the VPN wasn't accessible. Any ideas?
>>
>>
>> On 04/12/2017 12:17 AM, Marvin Arnold via lime-users wrote:
>>>
>>> Hey Nicolas, I tried sending you this email directly, but it bounced
>>> back. I can't tell if your domain thinks mine is spam, or vice-versa.
>>>
>>> My speed test results are below and might be interesting to others
>>> anyways.
>>>
>>> Thanks,
>>>
>>> Marvin
>>>
>>>
>>> On 04/12/2017 12:10 AM, Marvin Arnold wrote:
>>>>
>>>> Hey, just did some thorough tests. There's a huge drop in download
>>>> speed starting at the hex. Upload speed is almost constant.
>>>>
>>>> https://nolime.sandcats.io/shared/Q2guq9wOIl-l0Yt4Dou-nkqfR_kNqH1wf4DIwHg9ZFk
>>>>
>>>> The tests also made me realize something weird is going on where
>>>> I'm unable to connect directly to the lime node which is also the
>>>> only node with internet access. I have to restart the router
>>>> whenever I re-enter the network.
>>>>
>>>>
>>>> On 04/10/2017 04:54 AM, Nicolas North wrote:
>>>>> Awesome very happy to hear that. Can I ask you out of curiosity
>>>>> what speed:
>>>>>
>>>>> 1] your pure ISP connection is
>>>>> 2] your vpn is delivering
>>>>> 3] you get from a device connected to a non-exit node [so not the
>>>>> one connected to the hex]?
>>>>>
>>>>> I’m having real problems getting steady speeds out of LiMe in
>>>>> general, and really high latencies, compared to OLSR which always
>>>>> delivers, although not very fast.
>>>>>
>>>>> Thank you
>>>>>
>>>>>
>>>>> From: Marvin Arnold via lime-users
>>>>> <lime-users at lists.libremesh.org>
>>>>> <mailto:lime-users at lists.libremesh.org>
>>>>> Reply: Marvin Arnold <marvin at geeky.rocks>
>>>>> <mailto:marvin at geeky.rocks>, libremesh users
>>>>> <lime-users at lists.libremesh.org>
>>>>> <mailto:lime-users at lists.libremesh.org>
>>>>> Date: 8 aprile 2017 at 03:26:52
>>>>> To: lime-users at lists.libremesh.org
>>>>> <lime-users at lists.libremesh.org>
>>>>> <mailto:lime-users at lists.libremesh.org>
>>>>> Subject:  Re: [lime-users] VPN
>>>>>
>>>>>> 1 alone didn't fix it. 1+2 did. Switching MTU from 1280 to 1350
>>>>>> immediately resolved the issue.
>>>>>>
>>>>>> So I think it's all set now. I have three lime nodes forming a
>>>>>> mesh around my house. One of the lime nodes is connected over
>>>>>> ethernet to the hex.
>>>>>>
>>>>>> I'll report back any issues and successes. Now that this is
>>>>>> working, we'll start setting up more clusters, all using the same
>>>>>> exit node. I suppose we'll eventually want to figure out how to
>>>>>> connect using a lime node only without a hex. I don't think it
>>>>>> will be cost effective to have a hex at every node that connects
>>>>>> to the Internet. We almost had that working before.
>>>>>>
>>>>>>
>>>>>> On 04/06/2017 09:54 PM, Nk wrote:
>>>>>>> Ok so I think it’s one of two problems if not both here:
>>>>>>>
>>>>>>> 1] DNS
>>>>>>> 2] MTU
>>>>>>>
>>>>>>> In the first case, which seems more likely, your Hex isn’t
>>>>>>> providing DNS correctly. See the last part of this video and
>>>>>>> follow just the DNS settings
>>>>>>> part: https://www.youtube.com/watch?v=SW6AZ33go5U [this is the
>>>>>>> video I followed for my howto in the first place with the
>>>>>>> exception of a few things such as L2TP instead of PPTP of course.
>>>>>>>
>>>>>>> In the second case, your MTU might be wrong. Have you followed
>>>>>>> the MTU section of my video? If not [*likely you made the right
>>>>>>> choice as mine was a simple empirical one-time experience*] why
>>>>>>> not? Have you set it to 1350 or have you left it default? See
>>>>>>> this link for a packet fragmentation ping test
>>>>>>> guide: http://www.tp-link.com/us/FAQ-190.html.
>>>>>>>
>>>>>>> Let me know how it works out
>>>>>>>
>>>>>>> On 7 apr 2017, 02:56 +0200, Marvin Arnold <marvin at geeky.rocks>,
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> That's weird. Sending that last email worked even though I am
>>>>>>>> still connected via ethernet. Websites still won't load.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 04/06/2017 07:43 PM, Marvin Arnold wrote:
>>>>>>>>>
>>>>>>>>> Hey there, really appreciate the help. Responses below.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 04/06/2017 07:26 PM, Nk wrote:
>>>>>>>>>> How are you connecting via wifi to the hex? You have a simple
>>>>>>>>>> access point connected on the lan side of the hex that does
>>>>>>>>>> no routing at all, I assume, is this correct?
>>>>>>>>> - ISP Router: out the first internet port <ethernet> hex: into
>>>>>>>>> internet/first port
>>>>>>>>> - hex: out the second port <ethernet> LiMe wdr4300: into
>>>>>>>>> internet port
>>>>>>>>> - hex: out the fourth port <ethernet> into computer
>>>>>>>>>>
>>>>>>>>>> In any event, it looks like your computer is hard-set
>>>>>>>>>> [meaning in system options or via ifconfig/ipconfig] to use
>>>>>>>>>> itself as the DNS server [strange config btw, is this a
>>>>>>>>>> server?] when using the wifi interface [127.0.0.1] whereas
>>>>>>>>>> it’s not hard-set to a specific DNS server when using the
>>>>>>>>>> wired interface.
>>>>>>>>>
>>>>>>>>> Its Ubuntu 16.04 x64. I use a lot of virtualization
>>>>>>>>> (virtualbox, lxc) so the bare-metal I'm running from should be
>>>>>>>>> fairly close to a stock ubuntu install.
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Is your computer getting an IP automatically from the HEX
>>>>>>>>>> when connecting to it via ethernet? Could you post the result
>>>>>>>>>> of command *ifconfig*
>>>>>>>>> enp0s31f6 Link encap:Ethernet  HWaddr xx:xx:xx:xx
>>>>>>>>>           inet addr:172.16.0.252  Bcast:172.31.255.255 
>>>>>>>>> Mask:255.240.0.0
>>>>>>>>>           inet6 addr: fe80::6e3d:818b:4805:dee0/64 Scope:Link
>>>>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1350  Metric:1
>>>>>>>>>           RX packets:92402 errors:0 dropped:668 overruns:0 frame:0
>>>>>>>>>           TX packets:93032 errors:0 dropped:0 overruns:0 carrier:0
>>>>>>>>>           collisions:0 txqueuelen:1000
>>>>>>>>>           RX bytes:64456103 (64.4 MB)  TX bytes:22227903 (22.2 MB)
>>>>>>>>>           Interrupt:16 Memory:c5700000-c5720000
>>>>>>>>>
>>>>>>>>> lo        Link encap:Local Loopback 
>>>>>>>>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>>>>>>>>           inet6 addr: ::1/128 Scope:Host
>>>>>>>>>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>>>>>>>>>           RX packets:155595 errors:0 dropped:0 overruns:0 frame:0
>>>>>>>>>           TX packets:155595 errors:0 dropped:0 overruns:0
>>>>>>>>> carrier:0
>>>>>>>>>           collisions:0 txqueuelen:1
>>>>>>>>>           RX bytes:34758916 (34.7 MB)  TX bytes:34758916 (34.7 MB)
>>>>>>>>>  
>>>>>>>>>> Secondly, could you try [always via ethernet] to *nslookup
>>>>>>>>>> wikipedia.org 172.16.0.1*
>>>>>>>>> $ nslookup wikipedia.org 172.16.0.1
>>>>>>>>> Server:        172.16.0.1
>>>>>>>>> Address:    172.16.0.1#53
>>>>>>>>>
>>>>>>>>> ** server can't find wikipedia.org: SERVFAIL
>>>>>>>>>
>>>>>>>>>> and *nslookup wikipedia.org 8.8.8.8* ?
>>>>>>>>> Server:        8.8.8.8
>>>>>>>>> Address:    8.8.8.8#53
>>>>>>>>>
>>>>>>>>> Non-authoritative answer:
>>>>>>>>> Name:    wikipedia.org
>>>>>>>>> Address: 198.35.26.96
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>> On 7 apr 2017, 01:43 +0200, Marvin Arnold
>>>>>>>>>> <marvin at geeky.rocks>, wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hey, I'm replying with two sets of commands. The first is
>>>>>>>>>>> always using WIFI which is working fine. The second is
>>>>>>>>>>> connecting my computer to the hex via ethernet, which does
>>>>>>>>>>> not work well.
>>>>>>>>>>>
>>>>>>>>>>> I'm pretty sure its not my computer's ethernet. I've also
>>>>>>>>>>> tried connecting my computer directly into the isp router
>>>>>>>>>>> via ethernet and that works fine.
>>>>>>>>>>>
>>>>>>>>>>> Working version using hex<WIFI>computer:
>>>>>>>>>>>
>>>>>>>>>>>> *ping 8.8.8.8* [reply with output]
>>>>>>>>>>> $ ping 8.8.8.8
>>>>>>>>>>> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
>>>>>>>>>>> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=43 time=63.6 ms
>>>>>>>>>>>
>>>>>>>>>>>> *curl ipinfo.io* [reply with output]
>>>>>>>>>>> $ curl ipinfo.io
>>>>>>>>>>> {
>>>>>>>>>>>   "ip": "X.X.X.X",
>>>>>>>>>>>   "hostname": "XX.net",
>>>>>>>>>>>   "city": "Washington",
>>>>>>>>>>>   "region": "District of Columbia",
>>>>>>>>>>>   "country": "US",
>>>>>>>>>>>   "loc": "LAT,LONG",
>>>>>>>>>>>   "org": "ORG",
>>>>>>>>>>>   "postal": "XXXXX"
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>>> *nslookup wikipedia.org* [reply with output]
>>>>>>>>>>>
>>>>>>>>>>> $ nslookup wikipedia.org
>>>>>>>>>>> Server:        127.0.1.1
>>>>>>>>>>> Address:    127.0.1.1#53
>>>>>>>>>>>
>>>>>>>>>>> Non-authoritative answer:
>>>>>>>>>>> Name:    wikipedia.org
>>>>>>>>>>>
>>>>>>>>>>> ---------------------------- KEEP SCROLLING
>>>>>>>>>>> ------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> Broken version using hex<ethernet>:
>>>>>>>>>>>
>>>>>>>>>>>> *ping 8.8.8.8* [reply with output]
>>>>>>>>>>> $ ping 8.8.8.8
>>>>>>>>>>> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
>>>>>>>>>>> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=44 time=64.2 ms
>>>>>>>>>>>
>>>>>>>>>>>> *curl ipinfo.io* [reply with output]
>>>>>>>>>>> $ curl ipinfo.io
>>>>>>>>>>> curl: (6) Could not resolve host: ipinfo.io
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> *nslookup wikipedia.org* [reply with output]
>>>>>>>>>>>
>>>>>>>>>>> $ nslookup wikipedia.org
>>>>>>>>>>> ;; connection timed out; no servers could be reached
>>>>>>>>>>>
>>>>>>>>>>> Non-authoritative answer:
>>>>>>>>>>> Name:    wikipedia.org
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> lime-users mailing list
>>>>>>>>>>> lime-users at lists.libremesh.org
>>>>>>>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________ lime-users
>>>>>>>>>> mailing list lime-users at lists.libremesh.org
>>>>>>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________ lime-users
>>>>>>>>> mailing list lime-users at lists.libremesh.org
>>>>>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> lime-users mailing list
>>>>>>>> lime-users at lists.libremesh.org
>>>>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________ lime-users
>>>>>>> mailing list lime-users at lists.libremesh.org
>>>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users
>>>>>>
>>>>>> _______________________________________________
>>>>>> lime-users mailing list
>>>>>> lime-users at lists.libremesh.org
>>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> lime-users mailing list
>>> lime-users at lists.libremesh.org
>>> https://lists.libremesh.org/mailman/listinfo/lime-users
>>
>> _______________________________________________
>> lime-users mailing list
>> lime-users at lists.libremesh.org
>> https://lists.libremesh.org/mailman/listinfo/lime-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libremesh.org/pipermail/lime-users/attachments/20170510/0a6c2b21/attachment.html>


More information about the lime-users mailing list