clowwindy/0. remote.conf

## 0. remote.conf
[peername]
proto = nacltai
proto_publickey = LOCAL_PUBKEY
proto_privatekey = REMOTE_PRIKEY
local = tuntap
local_interface = tunnel
local_tunmode = 1
peer = udp
peer_localaddr = REMOTE_IP
peer_localport = 8000
peer_remotefloat = 1

## 1. local.conf
[peername]
proto = nacltai
proto_publickey = REMOTE_PUBKEY
proto_privatekey = LOCAL_PRIKEY
local = tuntap
local_interface = tunnel
local_tunmode = 1
peer = udp
peer_remoteaddr = REMOTE_IP
peer_remoteport = 8000
peer_localaddr = 0.0.0.0
peer_localport = 8000

## 2. remote.sh
ifconfig tunnel 10.8.0.1/24
ifconfig tunnel mtu 1440
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tunnel -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tunnel -o eth0 -j ACCEPT
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

## 3. local.sh
ifconfig tunnel 10.8.0.2/24
ifconfig tunnel mtu 1440
route del default
route add 106.186.124.182 gw 192.168.1.1  # change 192.168.1.1 into your gateway IP
route add default gw 10.8.0.1

# if your local is running on an NAT router, do:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o tunnel -j MASQUERADE
iptables -A FORWARD -i tunnel -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tunnel -j ACCEPT

## 4. verify remote routing
$ ifconfig tunnel
tunnel    Link encap:Ethernet  HWaddr 66:a0:23:f1:fa:9e
          inet addr:10.8.0.1  Bcast:10.8.0.255  Mask:255.255.255.0

$ iptables -L -n -t nat -v

Chain POSTROUTING (policy ACCEPT 1222K packets, 82M bytes)
 pkts bytes target     prot opt in     out     source               destination
3929K  244M MASQUERADE  all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

## 5. verify local routing
$ ifconfig tunnel
tunnel    Link encap:Ethernet  HWaddr c6:02:a3:f9:78:c2
          inet addr:10.8.0.2  Bcast:10.8.0.255  Mask:255.255.255.0

$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.8.0.1        0.0.0.0         UG        0 0          0 tunnel
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U         0 0          0 tunnel
REMOTE_IP       192.168.1.1     255.255.255.255 UGH       0 0          0 eth0

$ ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: icmp_seq=0 ttl=63 time=102.799 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=63 time=99.485 ms

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  router (192.168.1.1)  1.281 ms  1.229 ms  1.348 ms
 2  10.8.0.1 (10.8.0.1)  107.986 ms  96.191 ms  94.280 ms
 3  REMOTE_GATEWAY (x.x.x.x)  98.021 ms  97.467 ms *
 ...
	[peername]
	proto = nacltai
	proto_publickey = LOCAL_PUBKEY
	proto_privatekey = REMOTE_PRIKEY
	local = tuntap
	local_interface = tunnel
	local_tunmode = 1
	peer = udp
	peer_localaddr = REMOTE_IP
	peer_localport = 8000
	peer_remotefloat = 1
	[peername]
	proto = nacltai
	proto_publickey = REMOTE_PUBKEY
	proto_privatekey = LOCAL_PRIKEY
	local = tuntap
	local_interface = tunnel
	local_tunmode = 1
	peer = udp
	peer_remoteaddr = REMOTE_IP
	peer_remoteport = 8000
	peer_localaddr = 0.0.0.0
	peer_localport = 8000
	ifconfig tunnel 10.8.0.1/24
	ifconfig tunnel mtu 1440
	echo 1 > /proc/sys/net/ipv4/ip_forward
	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	iptables -A FORWARD -i eth0 -o tunnel -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -A FORWARD -i tunnel -o eth0 -j ACCEPT
	iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
	ifconfig tunnel 10.8.0.2/24
	ifconfig tunnel mtu 1440
	route del default
	route add 106.186.124.182 gw 192.168.1.1 # change 192.168.1.1 into your gateway IP
	route add default gw 10.8.0.1

	# if your local is running on an NAT router, do:
	echo 1 > /proc/sys/net/ipv4/ip_forward
	iptables -t nat -A POSTROUTING -o tunnel -j MASQUERADE
	iptables -A FORWARD -i tunnel -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
	iptables -A FORWARD -i eth0 -o tunnel -j ACCEPT
	$ ifconfig tunnel
	tunnel Link encap:Ethernet HWaddr 66:a0:23:f1:fa:9e
	inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0

	$ iptables -L -n -t nat -v

	Chain POSTROUTING (policy ACCEPT 1222K packets, 82M bytes)
	pkts bytes target prot opt in out source destination
	3929K 244M MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
	$ ifconfig tunnel
	tunnel Link encap:Ethernet HWaddr c6:02:a3:f9:78:c2
	inet addr:10.8.0.2 Bcast:10.8.0.255 Mask:255.255.255.0

	$ netstat -nr
	Kernel IP routing table
	Destination Gateway Genmask Flags MSS Window irtt Iface
	0.0.0.0 10.8.0.1 0.0.0.0 UG 0 0 0 tunnel
	192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
	10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tunnel
	REMOTE_IP 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0

	$ ping 10.8.0.1
	PING 10.8.0.1 (10.8.0.1): 56 data bytes
	64 bytes from 10.8.0.1: icmp_seq=0 ttl=63 time=102.799 ms
	64 bytes from 10.8.0.1: icmp_seq=1 ttl=63 time=99.485 ms

	$ traceroute 8.8.8.8
	traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
	1 router (192.168.1.1) 1.281 ms 1.229 ms 1.348 ms
	2 10.8.0.1 (10.8.0.1) 107.986 ms 96.191 ms 94.280 ms
	3 REMOTE_GATEWAY (x.x.x.x) 98.021 ms 97.467 ms *
	...