Skip to content

how to use glorytun

Jump to bottom Edit New page
wxdczd edited this page Dec 25, 2019 · 3 revisions

wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin

mv glorytun-0.2.2-x86_64-linux-musl.bin glorytun

chmod +x glorytun

so my configs, server side:

first create key

./glorytun keygen > gt.key

after run glorytun with bind server ip and port and tun interface (if need) , i use chacha, aes my client is not support..

./glorytun bind 195.245.103.245 55055 dev tun0 keyfile gt.key chacha

adding ip address to tun0 interface:

ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up

route traffic from glorytun tunnel (tun0) to internet (eth0): masqarade traffic from glorytun tunnel to internet:

iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE

accept input traffic from tun0 interface:

iptables -I INPUT -i tun0 -j ACCEPT

enable forward traffic between tun0 (glorytun) and eth0(internet) interfaces:

iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT

iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT

client side (now all manualy run for debug):

running glorytun from client (gt.key same as on server gt.key):

./glorytun bind 0.0.0.0 to 195.245.103.245 55055 dev tun0 keyfile gt.key chacha

running on device tun0 as pid 4019

adding ip address to tun0 interface:

ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up

check interface is create and up, also check ip and other info with this command:

ip a

tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.0.1.2 peer 10.0.1.1/32 scope global tun0 valid_lft forever preferred_lft forever

adding first path:

./glorytun path up 192.168.1.100 **rate** tx 50mbit rx 50mbit

check tunnel connection with server ip:

ping 10.0.1.1

PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.

64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=49.4 ms

64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=50.2 ms

64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=54.3 ms

64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=60.3 ms

64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=52.8 ms

check first path:

./glorytun path

path UP

status: OK

bind: 192.168.1.100 port 5000

public: xxx.xxx.144.148 port 36085

peer: 195.245.103.245 port 55055

mtu: 1472 bytes

rtt: 53.901 ms

rttvar: 6.090 ms

tx:

rate: 6250000 bytes/sec

loss: 0 percent

total: 120 packets

rx:

rate: 6250000 bytes/sec

loss: 0 percent

total: 79 packets

trying to add second path, he automaticaly take first status: DEGRADED i think it's okey, so after i try ping 10.0.1.1, and re-check status, second path status OK, so multi-path is worked! :-)

./glorytun path up 192.168.2.100 rate tx 50mbit rx 50mbit

./glorytun path

path UP

status: OK

bind: 192.168.1.100 port 5000

public: xxx.xxx.144.148 port 36085

peer: 195.245.103.245 port 55055

mtu: 1472 bytes

rtt: 88.470 ms

rttvar: 68.228 ms

tx:

rate: 6250000 bytes/sec

loss: 0 percent

total: 156 packets

rx:

rate: 6250000 bytes/sec

loss: 0 percent

total: 107 packets

path UP

status: DEGRADED

bind: 192.168.2.100 port 5000

public: - port 0

peer: 195.245.103.245 port 55055

mtu: 1302 bytes

rtt: 0.000 ms

rttvar: 0.000 ms

tx:

rate: 6250000 bytes/sec

loss: 0 percent

total: 0 packets

rx:

rate: 6250000 bytes/sec

loss: 0 percent

total: 0 packets

i try to ping server from tunnel

ping 10.0.1.1

PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.

64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=51.7 ms

64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=48.3 ms

64 bytes from 10.0.1.1: icmp_seq=6 ttl=64 time=49.0 ms

and check after glorytun second path

./glorytun path

path UP

status: OK

bind: 192.168.1.100 port 5000

public: xxx.xxx.144.148 port 15757

peer: 195.245.103.245 port 55055

mtu: 1472 bytes

rtt: 58.416 ms

rttvar: 6.057 ms

tx:

rate: 6250000 bytes/sec

loss: 3 percent

total: 273 packets

rx:

rate: 6250000 bytes/sec

loss: 0 percent

total: 153 packets

path UP

status: OK

bind: 192.168.2.100 port 5000

public: xxx.xxx.156.25 port 3506

peer: 195.245.103.245 port 55055

mtu: 1472 bytes

rtt: 50.682 ms

rttvar: 5.899 ms

tx:

rate: 6250000 bytes/sec

loss: 3 percent

total: 113 packets

rx:

rate: 6250000 bytes/sec

loss: 6 percent

total: 72 packets

both path is up, but wget and other http/https traffic is not go, so i try to add "standard commands" for client with tunnel:

#remove default route

sudo ip route del default

#add default route with glorytun only

sudo ip route add default via 10.0.1.1 dev tun0

#masqarade local net traffic

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

#enable local traffic route with tunnel

iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

#forward all local traffic (from bridge or lan network interface) to glorytun tunnel

iptables -A FORWARD -i bg0 -o tun0 -j ACCEPT

All is work, Adrien BIG THANK TO YOU for you work :-)

Add a custom footer
Clone this wiki locally