Comments (11)
also, i can't really specify network interface for wifi AP when i'm connected to VPN. specifying network interface manually when connected results in broken internet.
i can see packets from the clients, they are routing to the host, but not outside of the host.
Works fine though if i don't specify it. Routes fine to VPN subnet.
i'm manually setting output interface like that: lnxrouter -o enp3s0f3u1u1 --no-dns --dhcp-dns 1.1.1.1 --ap wlp1s0 ...
from linux-router.
Hi, thank you for feedback.
for some reason generate_random_ip4() inside of this script stales when you are connected to the VPN. i don't know why, maybe because is_ip4_lan_range_available $random_ip4 && break loops and can't find available ip address.
Could you provide the output of following commands, when connected to VPN
ip a
ip r
For the 2nd issue you described, please try both v0.7.3 and latest commit (0.7.6b).
I recently did many changes so we need to check if the issue exist on both or one.
from linux-router.
Hi!
i have tried both 0.7.6b and 0.7.3 versions.
i'm launching it like that:
sudo lnxrouter -g 10.0.0.1 --country RU -o enp3s0f3u1u1 --no-dns --dhcp-dns 1.1.1.1 --ap wlp1s0 laptop -p password --freq-band 5 --wifi4 --wifi5 --no-virt --qr
ip a
output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: wlp1s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether d6:3f:0f:df:03:7a brd ff:ff:ff:ff:ff:ff permaddr 8c:c8:4b:d6:0c:d5
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:b4:01:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
25: enp3s0f3u1u1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:e0:4c:68:61:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.76/24 brd 192.168.1.255 scope global dynamic noprefixroute enp3s0f3u1u1
valid_lft 86035sec preferred_lft 86035sec
inet6 fe80::91c2:c1f8:2912:a0ad/64 scope link noprefixroute
valid_lft forever preferred_lft forever
27: warp0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 172.16.0.2/32 scope global noprefixroute warp0
valid_lft forever preferred_lft forever
(warp0 works, i have ping/dns, i also tried your script with tailscale exit node, it doesn't work when specifying output interface).
ip r
output:
default via 192.168.1.1 dev enp3s0f3u1u1 proto dhcp src 192.168.1.76 metric 100
10.0.0.0/24 dev wlp1s0 proto kernel scope link src 10.0.0.1
192.168.1.0/24 dev enp3s0f3u1u1 proto kernel scope link src 192.168.1.76 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
ip -6 r
output:
fe80::/64 dev enp3s0f3u1u1 proto kernel metric 1024 pref medium
Also, i have tried doing iptables -F
when running your script. Sadly, it doesn't help too
from linux-router.
If enp3s0f3u1u1
is your physical interface which you get Internet from, and warp0
is the virtual interface created after you connect to VPN, -o enp3s0f3u1u1
is wrong, -o warp0
is what you want.
from linux-router.
If
enp3s0f3u1u1
is your physical interface which you get Internet from, andwarp0
is the virtual interface created after you connect to VPN,-o enp3s0f3u1u1
is wrong,-o warp0
is what you want.
i don't quite understand the logic. I want to share internet from interface enp3s0f3u1u1, i don't want my clients connected to VPN. I want my system connected to a VPN, and tether wifi without vpn using my default ISP (thats why i want to specify enp3s0f3u1u1 manually, e.g. firejail understands this logic firejail --net=enp3s0f3u1u1 chromium and it shows my default ISP IP)
from linux-router.
I want my system connected to a VPN, and tether wifi without vpn using my default ISP
Sorry, I got wrong.
Now I get it. You want VPN as an options, not the default route.
Does -o enp3s0f3u1u1
work for your wifi clients when VPN is not connected?
And then -o enp3s0f3u1u1
stops working after VPN connected.
If so, which route are other apps on system using defaultly? If you run Chromium directly, what IP doesn it get?
Firejail uses different machanism than iptables (which our script uses).
According to your previous report:
Works fine though if i don't specify it. Routes fine to VPN subnet.
I guess VPN program wants itself to be default route and is preventing traffics going through enp3s0f3u1u1
from linux-router.
Does -o enp3s0f3u1u1 work for your wifi clients when VPN is not connected?
yes, it does
And then -o enp3s0f3u1u1 stops working after VPN connected.
yes, it stops working after VPN is connected
If so, which route are other apps on system using defaultly? If you run Chromium directly, what IP doesn it get?
they use VPN route by default (e.g. if i run chromium directly it shows warp0 ip, not my ISP ip address)
Firejail uses different machanism than iptables (which our script uses).
i understand, iirc it uses cgroups, but thats out of scope. i'm just saying how i imagine things in my head so you can understand this analogy.
from linux-router.
I guess VPN program wants itself to be default route and is preventing traffics going through enp3s0f3u1u1
I use plain wireguard with nmcli if this could help. More complex VPNs tinker with routing/firewall rules very heavily so i explicitly used more simpler one that works out-of-box for this report.
from linux-router.
firejail --net=enp3s0f3u1u1 chromium and it shows my default ISP IP)
You could try sudo firejail --net=enp3s0f3u1u1
then run lnxrouter in it. See what result
from linux-router.
You could try
sudo firejail --net=enp3s0f3u1u1
then run lnxrouter in it. See what result
I understand that it can't work (not possible because it isolates the network interfaces, so wlp1s0 shouldn't be available inside of firejail sandbox).
I actually tried moving wireless interface to a different network namespace too, but it turns out the driver has to support this feature.
from linux-router.
Maybe creating a sandbox to let VPN run in there and share to outside can solve your need.
BTW, could you do sudo bash -x lnxrouter .....
to see why generate_random_ip4
doesn't work?
from linux-router.
Related Issues (20)
- Bandwidth limitations? HOT 2
- Does not appear to function with easytether. HOT 1
- dnsmasq: cannot read dnsmasq.conf: Permission denied HOT 2
- hostapd error HOT 2
- How to make a permanent hotspot so when I close the terminal the hotspot stays on? HOT 2
- iw warning and error HOT 4
- How to set netmask?
- How can I get BSSID of the access point? HOT 1
- [Q] How to allow clients to communicate with eachother?
- Unable to connect to hotspot HOT 5
- nftables support HOT 3
- iw version 6.7 prints frequency differently HOT 4
- ./lnxrouter 以后还是不能用 HOT 1
- won't install HOT 1
- Should allow `brmfmac` driver without `--no-virt`
- Wifi 6E 6GHZ Support
- typo /etc/resolve.conf
- Integrate PIA into stack? HOT 1
- Error with setting up hotspot on Linux HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from linux-router.