Jump to content
Not connected, Your IP: 34.239.158.107

Recommended Posts

My current set up is using the OpenVPN client on Centos7 for Transmission. So whenever the OpenVPN client connects to AirVPN (say after a reboot), I have to manually find the internal IP that's been assigned and tell Transmission to bind to it. Is it possible to have a static internal IP assigned so that I don't have to manually grab the IP?

Share this post


Link to post

This will require Air to keep logs inevitably, to assign the connected user the static IP he desired.

There are multiple ways to solve it under Linux, the easiest would be switching to a client that is

interface aware, such as the great qBittorrent. The second would be just putting 0.0.0.0 in your

Transmission bind-ipv4 section, to listen on all interfaces:

 

"bind-address-ipv4": "0.0.0.0",

 

Additionally you can set iptables rules to block all traffic to your Torrent port from non tun0 interfaces.

 

Or, you can use the init scripts from here:

http://askubuntu.com/questions/583679/transmission-daemon-over-openvpn-on-a-beagleboard-arm-sbc

in order to dynamically patch the Transmission file after each reboot.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Your internal IP is more or less static. It's reserved for you for some time (leased). If you always connect to the same server, you will practically never lose your IP assigned to you. I connect to the german servers and somehow manage to see familiar IPs very often.

But I don't know how long this lease time really is. From what I experienced, I think it's seven days.

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

My current set up is using the OpenVPN client on Centos7 for Transmission. So whenever the OpenVPN client connects to AirVPN (say after a reboot), I have to manually find the internal IP that's been assigned and tell Transmission to bind to it. Is it possible to have a static internal IP assigned so that I don't have to manually grab the IP?

As giganerd said, so long as you use the same server, this is extremely unlikely to change.

 

But if you do want to change the server often, and you have several daemons that need to be reconfigured, it is indeed a pain.

 

I have for some time been using the technique discussed here:

 

https://airvpn.org/topic/9518-faking-static-local-vpn-addess-using-client-nat-and-ifconfig/?p=10449

 

But as mentioned at the start of that post, the exact technique there no longer works because AirVPN switched from "net30" to "subnet" topology on March 27, 2015. The basic idea applies though. I made changes to accomodate "subnet" topology.

 

If you want that post updated let me know. I won't provide new scripts though. I will just update the discussion.

 

That post was for Windows rather than Linux. But the same technique will work for Linux, though you need "bash" scripts rather than Windows "batch" scripts.

 

The approach there is still very inconvenient though. When you change servers, you have to first make a connection to the server in order to "auto-update" your OpenVPN configuration files.

 

I have begun using a version of OpenVPN that I patched to add a new configuration command I have tentatively called "ifconfig-nat". It is fairly easy to build OpenVPN from source for Linux yourself (although I have built it for Windows too). So I will paste the patch in at the end of this, in case you want to try it.

 

With the patch applied, I add this line to my configuration files:

ifconfig-nat 10.44.0.2 10.44.0.1
My local address now appears to be 10.44.0.2. And the remote/gateway address appears to be 10.44.0.1.

 

I have been thinking about posting the patch to the OpenVPN developers forum to solicit comments and see whether this could find its way into the official release. But I may not get to this in a hurry.

 

I will probably put it up on github long before (if ever) it gets into the official release. The thing is though, would there be any point in putting pre-built versions on github? Who would trust them? If however AirVPN decided to host pre-built versions with this patch applied (and maybe push the issue on the OpenVPN forum?), then that might be another matter.

 

====

 

The patch is against openvpn-2.3.6. It changes "options.h" and "options.c". The effect is achieved entirely by modifying the configuration, before the OpenVPN connection really gets going (it does need to see the "push" options from the OpenVPN server though).

 

Here is the patch:

diff -ur openvpn-2.3.6/src/openvpn/options.c openvpn-2.3.6_patched/src/openvpn/options.c
--- openvpn-2.3.6/src/openvpn/options.c	2014-11-29 08:00:35.000000000 -0700
+++ openvpn-2.3.6_patched/src/openvpn/options.c	2015-06-04 14:16:51.511582700 -0600
@@ -192,6 +192,13 @@
   "                  addresses outside of the subnets used by either peer.\n"
   "                  TAP: configure device to use IP address l as a local\n"
   "                  endpoint and rn as a subnet mask.\n"
+#ifdef ENABLE_CLIENT_NAT
+  "--ifconfig-nat l r [m]: override --ifconfig parameters pushed from server\n"
+  "                  and use \"client-nat dnat ...\" and \"client-nat snat ...\"\n"
+  "                  commands to map between local and remote addresses.\n"
+  "                  use IP address l as local endpoint and r as a remote endpoint.\n"
+  "                  optionally use m as netmask for client-nat.\n"
+#endif
   "--ifconfig-ipv6 l r : configure device to use IPv6 address l as local\n"
   "                      endpoint (as a /64) and r as remote endpoint\n"
   "--ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead\n"
@@ -3787,6 +3794,98 @@
 	    unsigned int *option_types_found,
 	    struct env_set *es);
 
+#ifdef ENABLE_CLIENT_NAT
+const char *ifconfig_nat_local = NULL;
+const char *ifconfig_nat_remote = NULL;
+const char *ifconfig_nat_netmask = NULL;
+static void ifconfig_nat_set(
+    struct options *options,
+    const int msglevel,
+    const char *local,
+    const char *remote,
+    const char *netmask) {
+  if (!ifconfig_nat_local || !ifconfig_nat_remote ) {
+    ifconfig_nat_local = local;
+    ifconfig_nat_remote = remote;
+    ifconfig_nat_netmask = netmask;
+    if (!netmask)
+      msg (M_INFO, "ifconfig-nat: options set: %s %s", local, remote);
+    else
+      msg (M_INFO, "ifconfig-nat: options set: %s %s %s", local, remote, netmask);
+  }
+}
+static void ifconfig_nat_apply (
+    struct options *options,
+    const int msglevel) {
+  if (!(ifconfig_nat_local)) return;
+  if (!(ifconfig_nat_remote)) return;
+  if (!(options->ifconfig_local)) return;
+  if (!(options->ifconfig_remote_netmask)) return;
+  if (options->topology == TOP_SUBNET) {
+    if (!(options->route_default_gateway)) return;
+    cnol_check_alloc (options);
+    msg (M_INFO, "ifconfig-nat: Inserted \"client-nat snat %s 255.255.255.255 %s\"",
+      ifconfig_nat_local, options->ifconfig_local);
+    add_client_nat_to_option_list(options->client_nat,
+      "snat", ifconfig_nat_local, "255.255.255.255", options->ifconfig_local, msglevel);
+    msg (M_INFO, "ifconfig-nat: Inserted \"client-nat dnat %s 255.255.255.255 %s\"",
+      ifconfig_nat_remote, options->route_default_gateway);
+    add_client_nat_to_option_list(options->client_nat,
+      "dnat", ifconfig_nat_remote, "255.255.255.255", options->route_default_gateway, msglevel);
+    if (ifconfig_nat_netmask) {
+      msg (M_INFO, "ifconfig-nat: Inserted \"client-nat dnat %s %s %s\"",
+        ifconfig_nat_remote, ifconfig_nat_netmask, options->route_default_gateway);
+      add_client_nat_to_option_list(options->client_nat,
+        "dnat", ifconfig_nat_remote, ifconfig_nat_netmask, options->route_default_gateway,
+        msglevel);
+    }
+    else {
+      msg (M_INFO, "ifconfig-nat: Inserted \"client-nat dnat %s %s %s\"",
+        ifconfig_nat_remote, options->ifconfig_remote_netmask, options->route_default_gateway);
+      add_client_nat_to_option_list(options->client_nat,
+        "dnat", ifconfig_nat_remote, options->ifconfig_remote_netmask, options->route_default_gateway,
+        msglevel);
+    }
+    if (ifconfig_nat_netmask) {
+      msg (M_INFO, "ifconfig-nat: ifconfig options reset: %s %s",
+        ifconfig_nat_local, ifconfig_nat_netmask);
+      options->ifconfig_local = ifconfig_nat_local;
+      options->ifconfig_remote_netmask = ifconfig_nat_netmask;
+    }
+    else {
+      msg (M_INFO, "ifconfig-nat: ifconfig options reset: %s %s",
+        ifconfig_nat_local, options->ifconfig_remote_netmask);
+      options->ifconfig_local = ifconfig_nat_local;
+    }
+    msg (M_INFO, "ifconfig-nat: route-gateway option reset: %s",
+      ifconfig_nat_remote);
+    options->route_default_gateway = ifconfig_nat_remote;
+  }
+  else if (options->topology == TOP_NET30 || options->topology == TOP_P2P) {
+    cnol_check_alloc (options);
+    msg (M_INFO, "ifconfig-nat: Inserted \"client-nat snat %s 255.255.255.255 %s\"",
+      ifconfig_nat_local, options->ifconfig_local);
+    add_client_nat_to_option_list(options->client_nat,
+      "snat", ifconfig_nat_local, "255.255.255.255", options->ifconfig_local, msglevel);
+    msg (M_INFO, "ifconfig-nat: Inserted \"client-nat dnat %s 255.255.255.255 %s\"",
+      ifconfig_nat_remote, options->ifconfig_remote_netmask);
+    add_client_nat_to_option_list(options->client_nat,
+      "dnat", ifconfig_nat_remote, "255.255.255.255", options->ifconfig_remote_netmask, msglevel);
+    if (ifconfig_nat_netmask) {
+      msg (M_INFO, "ifconfig-nat: Inserted \"client-nat dnat %s %s %s\"",
+        ifconfig_nat_remote, ifconfig_nat_netmask, options->ifconfig_remote_netmask);
+      add_client_nat_to_option_list(options->client_nat,
+        "dnat", ifconfig_nat_remote, ifconfig_nat_netmask, options->ifconfig_remote_netmask,
+        msglevel);
+    }
+    msg (M_INFO, "ifconfig-nat: ifconfig options reset: %s %s",
+      ifconfig_nat_local, ifconfig_nat_remote);
+    options->ifconfig_local = ifconfig_nat_local;
+    options->ifconfig_remote_netmask = ifconfig_nat_remote;
+  }
+}
+#endif
+
 static void
 read_config_file (struct options *options,
 		  const char *file,
@@ -3843,6 +3942,9 @@
     }
   CLEAR (line);
   CLEAR (p);
+#ifdef ENABLE_CLIENT_NAT
+  if (level == 1 && !options->pull) ifconfig_nat_apply(options, msglevel);
+#endif
 }
 
 static void
@@ -3954,6 +4056,9 @@
 	  add_option (options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);
 	}
     }
+#ifdef ENABLE_CLIENT_NAT
+  ifconfig_nat_apply(options, msglevel);
+#endif
   return true;
 }
 
@@ -4221,7 +4326,7 @@
 	  port = atoi (p[2]);
 	  if (!legal_ipv4_port (port))
 	    {
-	      msg (msglevel, "port number associated with --management directive is out of range");
+	      msg (msglevel, "port number associated with --management directive is out of range: %s", p[2]);
 	      goto err;
 	    }
 	}
@@ -4412,6 +4517,24 @@
 	  goto err;
 	}
     }
+#ifdef ENABLE_CLIENT_NAT
+  else if (streq (p[0], "ifconfig-nat") && p[1] && p[2]) {
+    VERIFY_PERMISSION (OPT_P_GENERAL);
+    if (!ip_addr_dotted_quad_safe (p[1])) { /* FQDN -- must be IP address */
+      msg (msglevel, "ifconfig-nat parameter local '%s' must be an IP address", p[1]);
+      goto err;
+    }
+    if (!ip_addr_dotted_quad_safe (p[2])) { /* FQDN -- must be IP address */
+      msg (msglevel, "ifconfig-nat parameter remote '%s' must be an IP address", p[2]);
+      goto err;
+    }
+    if (p[3] && !ip_addr_dotted_quad_safe (p[3])) { /* FQDN -- must be IP address */
+      msg (msglevel, "ifconfig-nat parameter netmask '%s' must be an IP address", p[3]);
+      goto err;
+    }
+    ifconfig_nat_set(options, msglevel, p[1], p[2], p[3]);
+  }
+#endif
   else if (streq (p[0], "ifconfig-ipv6") && p[1] && p[2] )
     {
       unsigned int netbits;

Share this post


Link to post

One of my OpenBSD rigs has had the same 'internal' ip for a little over 3 weeks while on the same server.

 

No clue how long we keep said ip's. But I ended up writing that ip into the pf.conf as the source. Its still going strong.

 

Share this post


Link to post

Hi, I worked it out by adding a virtual adapter in linux and create a routing table entry for it:

 

Made an if-up.sh script and added it in *ovpn config

 

ifconfig tun0:0 10.0.0.1ipb=10.0.0.1ipx="$(ifconfig tun0|grep "inet "|awk '{ print $2 }'|cut -f1-3 -d.)"sleep 2ip rule add from $ipb table stablevpnip route add default via $ipx.1 table stablevpn

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...