You are here

Cloud Tunnel Tester Needed

5 posts / 0 new
Last post
KW4JLB
KW4JLB's picture
Cloud Tunnel Tester Needed
I have been tinkering with setting up a vtun Cloud Tunnel server in AWS. I have my Mikrotik node connected to it. I may have figured out a way to make this work, at least for now. I am looking for someone else willing to work with me and be a client to see if we can get you connected to that AWS server as well and if our nodes can then see each other. Unfortunately, I dont have a 2nd node at another location I can use to test with. I am hoping I get this to work as it would be a major break through in the Cloud Tunnel efforts. 

If you are willing to test things out with me, shoot me an email. 

Thanks,
Jared
KW4JLB
kw4jlb@arrl.net
KW4JLB
KW4JLB's picture
If anyone wants to follow

If anyone wants to follow along with this, here is what I have done so far. 

I deployed a t2.micro instance in AWS using the debian-10-amd64-20210208-542 AMI.
I setup a security group with the following rules

TCP port 5525 from Anywhere
UDP port 5525 from Anywhere <--- dont think this is needed. Still need to test that
TCP port 22 (SSH) from my house

I then SSHed to the box and did the following

1. sudo apt update
2. sudo apt upgrade -y
3. sudo apt install vtun -y
4. Edit /etc/default/vtun to uncomment the RUN_SERVER and PORT options

RUN_SERVER=yes
SERVER_ARGS="-P 5525

5. I moved the original vtund.conf file

mv /etc/vtund.conf /etc/vtund.conf.orig

6. I then created a new vtun.conf file with the following contents

options {
    ifconfig /usr/sbin/ifconfig;
    route /usr/sbin/route;
    syslog local7;
}

default {
    compress lzo:9;
    speed 0;
    encrypt yes;
}

KW4JLB-01-BH-172-31-210-76 {
    type tun;
    proto tcp;
    device tun0;
    compress  lzo:9;
    encrypt no;
    stat yes;
    keepalive yes;

    passwd SuperSecretPassWord; # Password is REQUIRED.

    up {

        ifconfig "%% 172.31.210.76 pointopoint 172.31.210.75";
        program /usr/sbin/arp "-Ds 172.31.210.75 %% pub";
        program /usr/sbin/arp "-Ds 172.31.210.75  eth0 pub";
        route "add -net 172.31.210.0/24 gw 172.31.210.75";
    };

    down {
        program /usr/sbin/arp "-d 172.31.210.75 -i %%";
        program /usr/sbin/arp "-d 172.31.210.75 -i eth0";
        route "del -net 172.31.210.0/24 gw 172.31.210.75";
    };
}

7. I then probed for tun devices

modprobe tun

8. I then setup a config to create several tun devices in /etc/network/interfaces.d/network_tun

config interface 'tun50'
option ifname 'tun50'
option proto 'none'
 
config interface 'tun51'
option ifname 'tun51'
option proto 'none'
 
config interface 'tun52'
option ifname 'tun52'
option proto 'none'
 
config interface 'tun53'
option ifname 'tun53'
option proto 'none'
 
config interface 'tun54'
option ifname 'tun54'
option proto 'none'
 
config interface 'tun55'
option ifname 'tun55'
option proto 'none'
 
config interface 'tun56'
option ifname 'tun56'
option proto 'none'
 
config interface 'tun57'
option ifname 'tun57'
option proto 'none'
 
config interface 'tun58'
option ifname 'tun58'
option proto 'none'
 
config interface 'tun59'
option ifname 'tun59'
option proto 'none'
 
config interface 'tun60'
option ifname 'tun60'
option proto 'none'
 
config interface 'tun61'
option ifname 'tun61'
option proto 'none'
 
config interface 'tun62'
option ifname 'tun62'
option proto 'none'
 
config interface 'tun63'
option ifname 'tun63'
option proto 'none'
 
config interface 'tun64'
option ifname 'tun64'
option proto 'none'
 
config interface 'tun65'
option ifname 'tun65'
option proto 'none'
 
config interface 'tun66'
option ifname 'tun66'
option proto 'none'
 
config interface 'tun67'
option ifname 'tun67'
option proto 'none'
 
config interface 'tun68'
option ifname 'tun68'
option proto 'none'
 
config interface 'tun69'
option ifname 'tun69'
option proto 'none'
9. I then enbable IPv4 forwarding
sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sudo sysctl -p
10. Finally I started the vtund server
sudo systemctl start vtun

On the Client side (my AREDN node) I setup a tunnel client with the following
Server: 3.84.2.139 <--- This is the Public IP of my AWS server
PWD: The password I set in step 5
Network: 172.31.210.76

After all of that I am seeing my Client connect tot he AWS server. From my AREDN node I am seeing 


On the server side I am seeing
Sep 13 18:42:53 ip-172-31-87-61 vtund[11224]: VTUN server ver 3.X 11/18/2017 (standalone)
Sep 13 18:42:57 ip-172-31-87-61 vtund[11227]: Use SSL-aware challenge/response
Sep 13 18:42:57 ip-172-31-87-61 vtund[11227]: Session KW4JLB-01-BH-172-31-210-76[66.73.199.222:47330] opened
Sep 13 18:42:57 ip-172-31-87-61 vtund[11227]: LZO compression[level 9] initialized
Sep 13 18:46:32 ip-172-31-87-61 vtund[11227]: Session KW4JLB-01-BH-172-31-210-76 network timeout
Sep 13 18:46:32 ip-172-31-87-61 vtund[11227]: Session KW4JLB-01-BH-172-31-210-76 closed

To spite the session closed messages on the server side, the AREDN node still shows it connected
 
Image Attachments: 
WZ0C
Was this successful?
Was this endeavor successful?  After the closed messages, were you able to exchange traffic?
 
KW4JLB
KW4JLB's picture
I am not looking for anymore
I am not looking for anymore testers at this time. I have 2 I am currently working with. 
K5DLQ
K5DLQ's picture
Be aware.  compression and
Be aware.  compression and encryption will put additional RAM loads on the clients (this is a server-pushed setting)

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer