freekers / ansible-tunsafe Goto Github PK
View Code? Open in Web Editor NEWAnsible Playbook to setup a dual stack (IPv4/IPv6) TunSafe VPN with obfuscation
License: GNU Affero General Public License v3.0
ansible-tunsafe's People
Stargazers
Watchers
Forkers
seramat mytonn kvmb peternashaat sabixr monfanfu gungstarbeiter crossuci itismo kuaizi yzjclearansible-tunsafe's Issues
Good to see this, but didn't TunSafe stop development long ago?
The last update of TunSafewas in 2018, so I assume it was abandoned? I would love to see a DPI-resilient VPN though.
Peers/clients will connect via IPv4 ?
Can Peers/clients connect via IPv6 ?
retry handshake
Hello ! Can somebody tell me what cause this error and how to fix it ?
Retrying handshake, attempt 2...
Retrying handshake, attempt 3...
Retrying handshake, attempt 4...
Retrying handshake, attempt 5...
Retrying handshake, attempt 6...
Installation on Debian 11
Hi;
I'm getting an "Package 'clang-6.0' has no installation candidate" error on Debian 11. Is there any fix?
Direction on how to edit hosts file
Hello devs! Thanks for making this playbook. I am trying to set up a TunSafe VPN server on an AWS EC2 instance. I am having difficulty understanding and editing the hosts, Specifically the lines:
[tunsafe]
#Pick and adjust ONE of the three connection string options listed below.
#Option 1 - Uncomment and adjust the example below when using password-based auth to connect to your server
#123.123.123.123 ansible_user=demo ansible_password=P@$$w0rd
#Option 2 - Uncomment and adjust the example below when using key based auth to connect to your server
#123.123.123.123 ansible_user=namami_tunsafe ansible_ssh_private_key_file=/home/namami_tunsafe/.ssh/privkey.pem
#Option 3 - Uncomment and use the example below when running Ansible locally on the server.
#127.0.0.1 ansible_connection=local
My questions are:
- Does this playbook create a TunSafe VPN server?
- I currently connect to my EC2 instance with a
privatekey.pemfile. That file is located on my laptop which is the client, not on the server. So do I need to scp my private key to the server. Also, should the IP address be replaced by external IP of my EC2 instance?
Tunsafe Server Crash with segfault
Hi, I have some troubles with the tunsafe server, after 3 or 4 days the tunnel went down and remove the tun0 interface, the only log that I saw was this:
Sep 13 07:47:05 localhost kernel: [2737111.721390] tunsafe-m[302846]: segfault at 7ffe91575000 ip 0000000000414ab0 sp 00007ffe91571890 error 4 in tunsafe[400000+46000]
Have u ever seen this before???... Thanks
please how to edit hosts file?
choise option 3 ?
#Option 3 - Uncomment and use the example below when running Ansible locally on the server itself.
127.0.0.1 ansible_connection=local
No internet access after successful connection
I hosted my own server on Debian 10. Client is connected successfully and everything seems correct, but there is no internet connection available.
hosts file (without comments):
[tunsafe]
127.0.0.1 ansible_connection=local
[tunsafe:vars]
udp=995
tcp=443
dns=8.8.8.8
ufw=false
ansible_python_interpreter=/usr/bin/python3
Server configuration after tunsafe start on server:
root@hostname:~# tunsafe --version
TunSafe 1.5-rc2
root@hostname:~/ansible-tunsafe# ip a
1: lo: ...
2: eth0: ...
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.100.100.1/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 x::x:x:x:x/64 scope link stable-privacy
valid_lft forever preferred_lft forever
root@hostname:~/ansible-tunsafe# ip link
1: lo: ...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1420 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500
link/none
root@hostname:~/ansible-tunsafe# ip route
default via x.x.x.1 dev eth0 onlink
10.100.100.0/24 dev tun0 proto kernel scope link src 10.100.100.1
x.x.x.0/24 dev eth0 proto kernel scope link src x.x.x.90
root@hostname:~/ansible-tunsafe# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
root@hostname:~/ansible-tunsafe# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@hostname:~/ansible-tunsafe# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
root@hostname:~/ansible-tunsafe# tunsafe show
interface: tun0
public key: eaRHE5boMhDi2RdXO1sSF7kYupb97163cEAbHy1oWxA=
private key: (hidden)
listening port: 995
address: 10.100.100.1/24
peer: eMkANZxk7kgeGm1o0CYPXwvvMqDZxcc44cJ5BB3rJXo=
preshared key: (hidden)
endpoint: x.x.x.x:51350
allowed ips: 10.100.100.2/24
latest handshake: 1 minute, 50 seconds ago
transfer: 64.64 KiB received, 2.00 KiB sent
Client's log:
[09:40:09] Loading file: C:\Program Files\TunSafe\Config\TCP.conf
[09:40:09] TAP Driver Version 9.21
[09:40:09] Blocking standard DNS on all adapters
[09:40:09] Added Route 0.0.0.0/1 => 10.100.100.2
[09:40:09] Added Route 128.0.0.0/1 => 10.100.100.2
[09:40:09] Added Route x.x.x.x/32 => 10.0.2.2
[09:40:09] Sending handshake...
[09:40:09] Connecting to tcp://x.x.x.x...
[09:40:10] Connection established. IP 10.100.100.1
What I tried:
- With and without ufw
- Ubuntu 18 and Debian 10 as servers
- Windows (1.5-rc2) and Android (1.0 latest apk from website) as clients
- Setting allowed-ips to 0.0.0.0/0 for peer on server
- Disable ipv6 for tun0
- Reboot, restart server, reinstall os and packages
Where could be the problem and why I can not access internet using my hosted server?
Adding extra clients issue
How to add there is no detailed tutorial how to add clients (peers) should we generate new private, pub, pre shared keys each client seperately ? And how to generate keys ?
Question
Hello,
Could I have a confirmation on whether this project has been abandoned or not? I assume that this is still somewhat maintained because it has not been archived, so here's my inquiry.
I am suffering from a hard VPN blockage from my institution, and I haven't found a single VPN that works, even ExpressVPN. Therefore, I have decided try hosting my own obfuscated VPN server, and this looks like a promising solution. However, I came across some problems during setup, and I never got it to work.
I was following through the README just fine, but the instruction began to get much less clear as I reached the Usage instructions section. I was quite confused, because the TCP and UDP client configs on ansible_user/home didn't look like the ones on the instructions. It just had 3 lines that did not correspond to any values.
I assumed that I should copy the client config from the instructions. I copied the PublicKey, PrivateKey, and PreSharedKey fields from my server config to the client config. But when I tried to run the config through TunSafe:
➜ ~ sudo tunsafe TCP.conf
Loading file: TCP.conf
Run: /sbin/ifconfig utun4 inet 10.100.100.3/24 10.100.100.3 add
Run: /sbin/ifconfig utun4 inet6 fd42:42:42::3/120 add
Run: /sbin/ifconfig utun4 mtu 1420 up
Run: /sbin/route -q add 159.89.171.128/32 192.168.2.1
add net 159.89.171.128: gateway 192.168.2.1
Run: /sbin/route -q add 0.0.0.0/1 10.100.100.3
add net 0.0.0.0: gateway 10.100.100.3
Run: /sbin/route -q add 128.0.0.0/1 10.100.100.3
add net 128.0.0.0: gateway 10.100.100.3
Run: /sbin/route -q add -inet6 ::/1 fd42:42:42::3
add net ::/1: gateway fd42:42:42::3
Run: /sbin/route -q add -inet6 8000::/1 fd42:42:42::3
add net 8000::/1: gateway fd42:42:42::3
Sending handshake...
Connecting to tcp://159.89.171.128:443...
Retrying handshake, attempt 2...
Retrying handshake, attempt 3...
Making new Tcp socket due to too many handshake failures
Destroyed tcp socket
Connecting to tcp://159.89.171.128:443...
Retrying handshake, attempt 4...
Retrying handshake, attempt 5...
Retrying handshake, attempt 6...
Retrying handshake, attempt 7...
Making new Tcp socket due to too many handshake failures
Destroyed tcp socket
Connecting to tcp://159.89.171.128:443...
Retrying handshake, attempt 8...
^CCtrl-C detected. Exiting. Press again to force quit.
Run: /sbin/route -q delete 159.89.171.128/32 192.168.2.1
delete net 159.89.171.128: gateway 192.168.2.1
Run: /sbin/route -q delete 0.0.0.0/1 10.100.100.3
delete net 0.0.0.0: gateway 10.100.100.3
Run: /sbin/route -q delete 128.0.0.0/1 10.100.100.3
delete net 128.0.0.0: gateway 10.100.100.3
Run: /sbin/route -q delete -inet6 ::/1 fd42:42:42::3
delete net ::/1: gateway fd42:42:42::3
Run: /sbin/route -q delete -inet6 8000::/1 fd42:42:42::3
delete net 8000::/1: gateway fd42:42:42::3
Run: /sbin/ifconfig utun4 inet 10.100.100.3 -alias
Run: /sbin/ifconfig utun4 inet6 fd42:42:42::3 -alias
➜ ~
What did I do wrong?
Also, I came across issues with installing and using TunSafe itself, probably because I am using a Mac. I have compiled it from source, but when I tried to install it with sudo make install, all as directed, it gave me a "not permitted" error. Giving my terminal full disk access didn't fix this issue, so I just moved the compiled tunsafe binary myself to /usr/local/bin and given it executable permissions. Is this a right way to install it?
Thanks.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.