1.5.3


Old Stuff

 www.your-freedom.net
 www.secure-tunnel.com

Ticket #76 (assigned defect)

Opened 3 years ago

Last modified 3 years ago

Machine doesn't get its "split personality"

Reported by: rnapier@employees.org Assigned to: andrei (accepted)
Priority: normal Milestone: AlmostVPN 1.0 Future
Component: PreferencePanel Version: 0.9
Severity: major Keywords:
Cc:

Description

I'm setting up a simple IMAP connection to a machine that is resolvable in DNS (but not reachable due to a firewall) through an intermediary SSH server:

remotehost -> sshhost -> imaphost

(sshhost and imaphost both have "public" IP addresses in global DNS).

remotehost does make the connection according to lsof, and I can "telnet localhost imap" to connect to imaphost. But remotehost does not believe it is imaphost, so "telnet imaphost imap" goes to the real IP address and so times out.

I don't know whether the public DNS issue matters here or not; I only point it out because it's a somewhat unusual situation since most people would NAT imaphost.

How does the split personality of AlmostVPN work? I can't find anything to help me troubleshoot this.

Change History

11/24/05 13:29:25 changed by andrei

  • status changed from new to assigned.
  • milestone set to AlmostVPN 0.9.5.

"Split personality" achieved via defining "alias" address. try 

ifconfig

You should see imaphost address as an alias to you "active" interface

11/24/05 14:35:03 changed by andrei

Based on Ticket #77 I assume that you are trying to connect via Cellphone. I wonder if AlmostVPN is using wrong interface to do alias magic. Could you please paste output of ifconfig into this ticket?

11/25/05 11:12:50 changed by rnapier@employees.org

Here's the ifconfig, the ssh command that's running, and a demonstration of a loopback connection. I notice that there is no "alias" assigned anywhere. The following makes everything seem to work:

ifconfig lo0 <imaphost> alias

---

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:0d:93:30:a0:60 media: autoselect (none) status: inactive supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback>

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:0d:93:f0:48:08 media: autoselect (<unknown type>) status: inactive supported media: autoselect

fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 2030

lladdr 00:0d:93:ff:fe:30:a0:60 media: autoselect <full-duplex> status: inactive supported media: autoselect <full-duplex>

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

inet 10.198.125.140 --> 10.198.125.0 netmask 0xff000000

turtle:~ rnapier$ ps -ax | grep ssh

1186 p1 R+ 0:00.00 grep ssh

816 p2 Ss+ 0:00.17 /usr/bin/ssh -g -F /Users/rnapier/.ssh/config -o UserKnown?

turtle:~ rnapier$ telnet localhost imap Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is ']'.

* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7226.0

11/25/05 11:13:40 changed by rnapier@employees.org

Here's the ifconfig, the ssh command that's running, and a demonstration of a loopback connection. I notice that there is no "alias" assigned anywhere. The following makes everything seem to work:

ifconfig lo0 <imaphost> alias

---

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:0d:93:30:a0:60 media: autoselect (none) status: inactive supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback>

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 00:0d:93:f0:48:08 media: autoselect (<unknown type>) status: inactive supported media: autoselect

fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 2030

lladdr 00:0d:93:ff:fe:30:a0:60 media: autoselect <full-duplex> status: inactive supported media: autoselect <full-duplex>

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

inet 10.198.125.140 --> 10.198.125.0 netmask 0xff000000

turtle:~ rnapier$ ps -ax | grep ssh

1186 p1 R+ 0:00.00 grep ssh

816 p2 Ss+ 0:00.17 /usr/bin/ssh -g -F /Users/rnapier/.ssh/config -o UserKnown?

turtle:~ rnapier$ telnet localhost imap Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is ']'.

* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7226.0

11/25/05 11:15:56 changed by rnapier@employees.org

Sorry for the double-post there; there was a Wiki error and I reposted. One extra fact: I'm on interface ppp0 (as you assumed).

11/25/05 13:42:21 changed by andrei

Could you please run one more test for me. Post output of this command (when you connected via cell) 

  netstat -rn

AlmostVPN looking to the output of this command to try to figure out what is "main" interface.

Also, when you will post it. Could you please surround it with "" and "" (both on separate lines. before text and after text). This way WIKI engine will not try to interpret it and it will look much more readable.

11/25/05 13:45:39 changed by andrei

In my last post it should read ...

... Also, when you will post it. Could you please surround it with "{{{" and "}}}" (both on separate lines. before text and after text). This way WIKI engine will not try to interpret it and it will look much more readable. ...

11/26/05 15:41:28 changed by rnapier@employees.org

This is probably in a somewhat strange state because I'm in the ticket #68 situation where I can't restart the tunnels and I've put a couple of aliases in by hand to 127.0.0.1. I can reboot and do it again if that will help (I'm just in the middle of some stuff right now that makes rebooting a pain).

I'm not certain why the primary interface matters here. Shouldn't all the aliases be against 127.0.0.1? 

turtle:~ rnapier$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.194.4.0         UGSc       25        0   ppp0
10                 ppp0               USc         0        0   ppp0
10.194.4.0         10.194.4.175       UH         26        0   ppp0
64.102.31.80       64.102.31.80       UH          0     2951    lo0
127                127.0.0.1          UCS         0        0    lo0
127.0.0.1          127.0.0.1          UH          9    48307    lo0
171.71.177.236     171.71.177.236     UH          0        0    lo0

Internet6:
Destination                             Gateway                         Flags      Netif Expire
::1                                     link#1                          UHL         lo0
fe80::%lo0/64                           fe80::1%lo0                     Uc          lo0
fe80::1%lo0                             link#1                          UHL         lo0
fe80::%en0/64                           link#4                          UC          en0
fe80::%en1/64                           link#5                          UC          en1
ff01::/32                               ::1                             U           lo0
ff02::/32                               ::1                             UC          lo0
ff02::/32                               link#4                          UC          en0
ff02::/32                               link#5                          UC          en1

11/28/05 23:05:20 changed by andrei

Sorry for delay. Could you please try one more thing. I would like to know what will happen if you do 

ifconfig ppp0 x.x.x.x alias netmask 255.255.255.0

This is what AlmostVPN will try to do. I wonder if ppp0 interface does not know how to do aliases.

By the way, you can remove an aliase with 

ifconfig <interface> x.x.x.x -alias

12/06/05 10:38:00 changed by andrei

  • milestone changed from AlmostVPN 0.9.5 to AlmostVPN 1.0.

Moving to 1.0. Waiting on more info from the customer.