Search Results for proxy 192 168 32 0 |

SNIProxy 绑定设备后连接超时

edgerouter lite 我之前是tun模式的openvpn site-to-site，网络拓扑很简单，local tun remote tun，简单配个ip就行，edgerouter上直接使用interface-route 跳转到local tun就行了。后来换用了softether，tap模式，于是需要自己配置IP和路由表。我简单地把firewall modify的地址组切到新的设备上，但是之前的 google dns 和 sniproxy 都保留在openvpn侧。但是最近openvpn被查的厉害，ssh也是被盯上了，所以不得不切换设备到 softether 的 tap 上。

listen 192.168.12.2:3543 {
    proto tls
    table https_hosts
    device tap_vbr
}

listen 192.168.12.2:3543 {

proto tls

table https_hosts

device tap_vbr

}

测试，发现连接超时。测试使用的域名是 download.oracle.com，解析的ip是 106.187.61.57。路由上tcpdump

tcpdump -n -i tap_vbr

1	tcpdump -n -i tap_vbr

看到的请求却是：

14:22:04.471223 ARP, Request who-has 106.187.61.57 tell 192.168.99.50, length 28
14:22:05.471221 ARP, Request who-has 106.187.61.57 tell 192.168.99.50, length 28
14:22:06.475322 ARP, Request who-has 106.187.61.57 tell 192.168.99.50, length 28
...

14:22:04.471223 ARP, Request who-has 106.187.61.57 tell 192.168.99.50, length 28

14:22:05.471221 ARP, Request who-has 106.187.61.57 tell 192.168.99.50, length 28

14:22:06.475322 ARP, Request who-has 106.187.61.57 tell 192.168.99.50, length 28

...

所以。。。加路由吧。因为公司是固定IP，所以之前配的是 system gateway-address。这个时候直接配静态路由会报错：

root@ubnt# set protocols static route 0.0.0.0/0 next-hop 192.168.99.1 distance 100
Error: can not combine system gateway and static default route

1 2	root@ubnt# set protocols static route 0.0.0.0/0 next-hop 192.168.99.1 distance 100 Error: can not combine system gateway and static default route

先删后加

root@ubnt# delete system gateway-address 
[edit]
root@ubnt# commit
[edit]
root@ubnt# set protocols static route 0.0.0.0/0 next-hop my.static.gateway.address distance 10
[edit]
root@ubnt# set protocols static route 0.0.0.0/0 next-hop 192.168.99.1 distance 100
[edit]
root@uebnt# commit
[edit]
root@ubnt# save 
Saving configuration to '/config/config.boot'...
Done

root@ubnt# delete system gateway-address

[edit]

root@ubnt# commit

[edit]

root@ubnt# set protocols static route 0.0.0.0/0 next-hop my.static.gateway.address distance 10

[edit]

root@ubnt# set protocols static route 0.0.0.0/0 next-hop 192.168.99.1 distance 100

[edit]

root@uebnt# commit

[edit]

root@ubnt# save

Saving configuration to '/config/config.boot'...

Done

注意一下，delete执行完后需要先commit，否则还会报错。验证一下

root@ubnt# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         my.st.gw.addr   0.0.0.0         UG        0 0          0 eth1
0.0.0.0         192.168.99.1    0.0.0.0         UG        0 0          0 tap_vbr

root@ubnt# netstat -nr

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

0.0.0.0 my.st.gw.addr 0.0.0.0 UG 0 0 0 eth1

0.0.0.0 192.168.99.1 0.0.0.0 UG 0 0 0 tap_vbr

如果执行命令前会纠结是否生效，简单 route add 测试一下即可。无比保证vpn的metric比默认网关的大。另，interface-route + route 的混合模式没测试。 Link to this post!

基于SNIProxy的路由端网络流量定制分发方案

标题感觉很高大上，其实写得乱七八糟。前序文章： SNIProxy Bind Outgoing Interface Build SNIProxy Debian Package for EdgeRouter Ubnt EdgeRouter Lite 和 EdgeRouter X 上安装使用SNIProxy 不急，上边三篇可能会在本文内提及。首先，sniproxy不解释了，但是如标题所属，sniproxy的版本不支持我要的功能，所以我就fork然后改了。具体思路参考上述第一个链接。接下来，直接进入正题。按之前的玩法，我使用路由表来控制流量。这是一个很典型，也很正确的做法；但是也是一个很不好用的玩法。参考文章：Set up OpenVPN Site-to-Site on UBNT EdgeRouter Lite, EdgeOS PPTP VPN客户端配置 PS：我维护了一份自己的路由表，地址在 https://ip.rst.im/blocks/sskaje 为了让定制化程度高一些，我配了一个Socks代理，实际上是在vpn对端配置的，本地路由做了个DNAT，转发过去了。这样我就可以用firefox＋foxyproxy实现本地定制化规则。参考文章：UBNT VPN + Socks5 代理和 Set up dante-server on Ubuntu 后来考虑到上述用起来麻烦，又趁着回老家的时候，在家里的ac68u merlin上实践了下WPAD，不过没有在自己家里的edgerouter上搞。参考文章：Setup WPAD on Asus … Continue reading “基于SNIProxy的路由端网络流量定制分发方案”

SoftEther between VPS and UBNT EdgeRouter

This is a placeholder. And, this article won’t be public. You are not authorised to read all content in this post. Please login… Incoming search terms:haproxy reverse proxy through socks5#ip=1Link to this post!

Setup WPAD on EdgeRouter

Previously, I wrote Setup WPAD on Asus Merlin. Similar on EdgeRouter. 1 Configure Domain name. System

set system domain-name int.sskaje.me

1	set system domain-name int.sskaje.me

DHCP service

set service dhcp-server shared-network-name dhcp-lan  subnet 192.168.32.0/20 domain-name int.sskaje.me

1	set service dhcp-server shared-network-name dhcp-lan subnet 192.168.32.0/20 domain-name int.sskaje.me

2 Prepare wpad.dat I don’t have wpad.dat deployed on my router, but an internal Ubuntu server with nginx as httpd, IP 192.168.36.20. wpad.dat is located to default server root, if you have your custom, make … Continue reading “Setup WPAD on EdgeRouter”

IPSec VPN Working for OS X Mavericks

In iOS IPSec VPN Server on Ubuntu, I host a VPN on Ubuntu 13.10 based on StrongSwan 4.x, working for iOS, but not for OSX. Then I upgraded to Ubuntu 14.04, which has StrongSwan upgraded to 5.x, error like:

Apr 24 14:56:46 sskaje charon: 15[CFG] no XAuth method found

1	Apr 24 14:56:46 sskaje charon: 15[CFG] no XAuth method found

To fix this, install all strongswan’s plugins by:

apt-get install strongswan-*

1	apt-get install strongswan-*

And make some changes to configurations: … Continue reading “IPSec VPN Working for OS X Mavericks”