tun.go

package main

import (
	"log"
	"os"
	"os/exec"

	"golang.org/x/net/ipv4"

	"github.com/songgao/water"
)

const (
	// I use TUN interface, so only plain IP packet, no ethernet header + mtu is set to 1300
	BUFFERSIZE = 1600
	MTU        = "1300"
)

func main() {
	iface, err := water.New(water.Config{})
	fatalIf(err)

	log.Printf("tun interface: %s", iface.Name())
	runBin("/bin/ip", "link", "set", "dev", iface.Name(), "mtu", MTU)
	runBin("/bin/ip", "addr", "add", "10.2.0.10/24", "dev", iface.Name())
	runBin("/bin/ip", "link", "set", "dev", iface.Name(), "up")

	buf := make([]byte, BUFFERSIZE)

	for {
		n, err := iface.Read(buf)
		if err != nil {
			log.Fatal(err)
		}

		header, _ := ipv4.ParseHeader(buf[:n])

		log.Printf("isTCP: %v, header: %s", header.Protocol == 6, header)
	}
}

func fatalIf(err error) {
	if err != nil {
		log.Fatal(err)
	}
}

func runBin(bin string, args ...string) {
	cmd := exec.Command(bin, args...)
	cmd.Stderr = os.Stderr
	cmd.Stdout = os.Stdout
	cmd.Stdin = os.Stdin
	fatalIf(cmd.Run())
}

Sadly no :(

…

On Mon, Dec 2, 2019 at 10:42 PM Aofei Sheng ***@***.***> wrote: Hi @OneOfOne <https://github.com/OneOfOne> Have you solved this problem? I encountered the same situation, I couldn't read any packets from the TUN interface (here <https://gist.github.com/OneOfOne/5368f638f7df1035862659a7bec6ca2f#file-tun-go-L31>), all the packets written in seemed to enter the black hole (all disappeared). I have totally no idea what I have missed. 😢 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://gist.github.com/5368f638f7df1035862659a7bec6ca2f?email_source=notifications&email_token=AAIHY67NGGQOZ7G7JTBHQCDQWXPSZA5CNFSM4JUR2IUKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF5EXU#gistcomment-3099002>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIHY6YPUTWDNKMBKQBZI2DQWXPSZANCNFSM4JUR2IUA> .

Maybe you can try the following steps (worked on my side), I learned from here:

1. Created a TUN named tun0
2. ifconfig tun0 10.2.0.1 pointopoint 10.2.2 netmask 255.255.255.0 mtu 1500 up
3. iptables -I FORWARD -i tun0 -o eth0 -s 10.2.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
4. iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
5. iptables -t nat -I POSTROUTING -o eth0 -s 10.2.0.0/24 -j MASQUERADE

I just wrote a VPN (Tunneling over WebSocket) and it finally worked today. Its server is written in Go, and its client is an iOS app.

Thank you very much for the tip! I'd be very interested into seeing your VPN if you wanna share.

…

On Tue, Dec 3, 2019 at 8:45 AM Aofei Sheng ***@***.***> wrote: Maybe you can try the following steps (worked on my side), I learned from here <https://community.openvpn.net/openvpn/wiki/BridgingAndRouting>: 1. Created a TUN named tun0 2. ifconfig tun0 10.2.0.1 pointopoint 10.2.2 netmask 255.255.255.0 mtu 1500 up 3. iptables -I FORWARD -i tun0 -o eth0 -s 10.2.0.0/24 -m conntrack --ctstate NEW -j ACCEPT 4. iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 5. iptables -t nat -I POSTROUTING -o eth0 -s 10.2.0.0/24 -j MASQUERADE I just wrote a VPN (Tunneling over WebSocket) and it finally worked today. Its server is written in Go, and its client is an iOS app. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://gist.github.com/5368f638f7df1035862659a7bec6ca2f?email_source=notifications&email_token=AAIHY67Q3BQAZ7V4FKXWH7LQWZWIVA5CNFSM4JUR2IUKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF5FRY#gistcomment-3099420>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIHY66WQJITZWWOIITBQVTQWZWIVANCNFSM4JUR2IUA> .

Of course, there's nothing confidential. I can simplify the server code and send it to you, but you have to wait a few hours because I'm busy with something else now. 😊

https://gist.github.com/aofei/563636c7cca9eceef403bb9983e4f190