Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NordVPN + NfTables = error #179

Open
aniplayIt opened this issue Aug 15, 2022 · 12 comments
Open

NordVPN + NfTables = error #179

aniplayIt opened this issue Aug 15, 2022 · 12 comments

Comments

@aniplayIt
Copy link

aniplayIt commented Aug 15, 2022
edited 

vopono exec "curl ifconfig.co/country"
 2022-08-15T17:01:47.694Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-15T17:01:47.728Z INFO  vopono_core::util > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es204.ovpn
 2022-08-15T17:01:47.730Z INFO  vopono_core::network::netns > Created new network namespace: vopono_nordvpn_spain
 2022-08-15T17:01:48.003Z INFO  vopono_core::network::netns > IP address of namespace as seen from host: 10.200.1.2
 2022-08-15T17:01:48.003Z INFO  vopono_core::network::netns > IP address of host as seen from namespace: 10.200.1.1
Error: Could not process rule: No such file or directory
add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 2022-08-15T17:01:48.051Z INFO  vopono_core::network::netns > Shutting down vopono namespace - as there are no processes left running inside
Error: Failed to create nft postrouting chain in vopono_nat

Caused by:
    Command failed: nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }

My config:

firewall = "NfTables"
provider = "NordVPN"
protocol = "TCP"
server = "spain"

I obviously have a NordVPN active account. I wonder if I missed something in configuration. I tried also iptables but it gets stuck on Launching OpenVPN...
@jamesmcm
Copy link
Owner

Hey,

Could you add the verbose log please?

It seems it might be creating the nft chain with a different name than vopono_nat

@aniplayIt
Copy link
Author

Hey,

Could you add the verbose log please?

It seems it might be creating the nft chain with a different name than vopono_nat

vopono --verbose exec "curl ifconfig.co/country"
 2022-08-19T13:53:57.280Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.281Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.281Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T13:53:57.281Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T13:53:57.281Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.281Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Existing namespaces: []
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.283Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T13:53:57.283Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T13:53:57.285Z DEBUG vopono::exec                            > Interface: eth0@if143
 2022-08-19T13:53:57.285Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:57.285Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:57.355Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es136.ovpn
 2022-08-19T13:53:57.363Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T13:53:57.363Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T13:53:57.365Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T13:53:57.369Z DEBUG vopono_core::util                       > Existing interfaces: 142: eth0@if143: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T13:53:57.369Z DEBUG vopono_core::util                       > Assigned IPs: [172.18.0.6/16]
 2022-08-19T13:53:57.369Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T13:53:57.509Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T13:53:57.602Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T13:53:57.603Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T13:53:57.603Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T13:53:57.608Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T13:53:57.654Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T13:53:57.756Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev nordvpn_spain_d
 2022-08-19T13:53:57.760Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.1.2/24 dev nordvpn_spain_s
 2022-08-19T13:53:57.908Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.1.1 dev nordvpn_spain_s
 2022-08-19T13:53:58.007Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2022-08-19T13:53:58.007Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2022-08-19T13:53:58.007Z DEBUG vopono_core::util                       > nft add table inet vopono_nat
 2022-08-19T13:53:58.014Z DEBUG vopono_core::util                       > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
Error: Could not process rule: No such file or directory
add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 2022-08-19T13:53:58.059Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:58.060Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:58.061Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T13:53:58.061Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T13:53:58.062Z INFO  vopono_core::network::netns             > Shutting down vopono namespace - as there are no processes left running inside
 2022-08-19T13:53:58.062Z DEBUG vopono_core::util                       > ip link delete nordvpn_spain_d
 2022-08-19T13:53:58.154Z DEBUG vopono_core::util                       > ip netns delete vopono_nordvpn_spain
Error: Failed to create nft postrouting chain in vopono_nat

Caused by:
    Command failed: nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }

@jamesmcm
Copy link
Owner

Hmm which distro are you using? It might be an issue with the kernel flags - https://zigford.org/firewalld-kernel-requirements.html ?

Can you try with iptables ?

@aniplayIt
Copy link
Author

Hmm which distro are you using? It might be an issue with the kernel flags - https://zigford.org/firewalld-kernel-requirements.html ?

Can you try with iptables ?

iptables gets stuck on the last log:

vopono --verbose exec "curl ifconfig.co/country"
 2022-08-19T21:53:41.013Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.018Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.018Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T21:53:41.018Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T21:53:41.018Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.018Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.083Z DEBUG vopono_core::util > Existing namespaces: []
 2022-08-19T21:53:41.083Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.083Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.084Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.084Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T21:53:41.102Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T21:53:41.102Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.102Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.137Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T21:53:41.138Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T21:53:41.149Z DEBUG vopono::exec                            > Interface: eth0@if143
 2022-08-19T21:53:41.149Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.149Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.622Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es171.ovpn
 2022-08-19T21:53:41.625Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T21:53:41.625Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T21:53:41.628Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T21:53:41.631Z DEBUG vopono_core::util                       > Existing interfaces: 142: eth0@if143: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T21:53:41.672Z DEBUG vopono_core::util                       > Assigned IPs: [172.18.0.6/16]
 2022-08-19T21:53:41.673Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T21:53:41.727Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T21:53:41.771Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T21:53:41.771Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T21:53:41.771Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T21:53:41.775Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T21:53:41.777Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T21:53:41.848Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev nordvpn_spain_d
 2022-08-19T21:53:41.851Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.1.2/24 dev nordvpn_spain_s
 2022-08-19T21:53:41.891Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.1.1 dev nordvpn_spain_s
 2022-08-19T21:53:41.951Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2022-08-19T21:53:41.951Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2022-08-19T21:53:41.951Z DEBUG vopono_core::util                       > iptables -t nat -A POSTROUTING -s 10.200.1.0/24 -o eth0@if143 -j MASQUERADE
 2022-08-19T21:53:41.971Z DEBUG vopono_core::util                       > iptables -I FORWARD -i nordvpn_spain_d -o eth0@if143 -j ACCEPT
 2022-08-19T21:53:41.973Z DEBUG vopono_core::util                       > iptables -I FORWARD -o nordvpn_spain_d -i eth0@if143 -j ACCEPT
 2022-08-19T21:53:41.976Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.ip_forward=1
 2022-08-19T21:53:41.982Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:41.982Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:41.982Z DEBUG vopono_core::config::vpn                > Read auth file: /root/.config/vopono/nordvpn/openvpn/auth.txt
 2022-08-19T21:53:41.989Z DEBUG vopono_core::network::dns_config        > Setting namespace vopono_nordvpn_spain DNS server to 103.86.96.100, 103.86.99.100
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T21:53:42.003Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T21:53:42.003Z INFO  vopono_core::network::openvpn           > Launching OpenVPN...
 2022-08-19T21:53:42.004Z DEBUG vopono_core::network::openvpn           > Detected IPv6 enabled in /sys/module/ipv6/parameters/disable
 2022-08-19T21:53:42.004Z DEBUG vopono_core::network::openvpn           > Found remotes: [Remote { host: IPv4(31.13.188.107), port: 443, protocol: TCP }]
 2022-08-19T21:53:42.004Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain openvpn --config /root/.config/vopono/nordvpn/openvpn/spain-es171.ovpn --machine-readable-output --log /root/.config/vopono/logs/vopono_nordvpn_spain_openvpn.log --auth-user-pass /root/.config/vopono/nordvpn/openvpn/auth.txt --pull-filter ignore block-outside-dns
 2022-08-19T21:53:42.295Z DEBUG vopono_core::network::openvpn           > 1660946022.295803 40 WARNING: file '/root/.config/vopono/nordvpn/openvpn/auth.txt' is group or others accessible
 2022-08-19T21:53:42.295Z DEBUG vopono_core::network::openvpn           > 1660946022.295814 1 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
 2022-08-19T21:53:42.295Z DEBUG vopono_core::network::openvpn           > 1660946022.295820 1 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
 2022-08-19T21:53:42.311Z DEBUG vopono_core::network::openvpn           > 1660946022.311880 40 WARNING: --ping should normally be used with --ping-restart or --ping-exit
 2022-08-19T21:53:42.311Z DEBUG vopono_core::network::openvpn           > 1660946022.311888 1 NOTE: --fast-io is disabled since we are not using UDP
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324587 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324596 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324913 1 TCP/UDP: Preserving recently used remote address: [AF_INET]31.13.188.107:443
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324943 2b000003 Socket Buffers: R=[131072->131072] S=[16384->16384]
 2022-08-19T21:53:42.324Z DEBUG vopono_core::network::openvpn           > 1660946022.324947 1 Attempting to establish TCP connection with [AF_INET]31.13.188.107:443 [nonblock]

and then:

2022-08-19T21:55:42.335Z DEBUG vopono_core::network::openvpn           > 1660946142.335404 1000021 TCP: connect to [AF_INET]31.13.188.107:443 failed: Connection timed out
2022-08-19T21:55:42.335Z DEBUG vopono_core::network::openvpn           > 1660946142.335451 1 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2022-08-19T21:55:42.335Z DEBUG vopono_core::network::openvpn           > 1660946142.335460 21000003 Restart pause, 5 second(s)
2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335554 40 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335567 1 NOTE: --fast-io is disabled since we are not using UDP
2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335671 1 TCP/UDP: Preserving recently used remote address: [AF_INET]31.13.188.107:443
2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335685 2b000003 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-08-19T21:55:47.335Z DEBUG vopono_core::network::openvpn           > 1660946147.335688 1 Attempting to establish TCP connection with [AF_INET]31.13.188.107:443 [nonblock]

Distro info

cat /etc/os-release 
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

@jamesmcm
Copy link
Owner

Hmm can you try it with --no-killswitch just to see if it's a firewall issue?

@aniplayIt
Copy link
Author

With NfTables:

vopono --verbose exec --no-killswitch "curl ifconfig.co/country"
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.344Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T22:05:54.344Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.344Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.345Z DEBUG vopono_core::util > Existing namespaces: ["vopono_nordvpn_spain"]
 2022-08-19T22:05:54.345Z DEBUG vopono_core::util > PIDs active in vopono_nordvpn_spain: []
 2022-08-19T22:05:54.345Z DEBUG vopono_core::util > Removing dead namespace: vopono_nordvpn_spain
 2022-08-19T22:05:54.346Z DEBUG vopono_core::util > ip netns delete vopono_nordvpn_spain
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.375Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T22:05:54.375Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T22:05:54.375Z WARN  vopono::exec                            > Multiple network interfaces are active: [
    "nordvpn_spain_d@if34",
    "eth0@if143",
], consider specifying the interface with the -i argument. Using nordvpn_spain_d@if34
 2022-08-19T22:05:54.375Z DEBUG vopono::exec                            > Interface: nordvpn_spain_d@if34
 2022-08-19T22:05:54.375Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.376Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.396Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es170.ovpn
 2022-08-19T22:05:54.397Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T22:05:54.397Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T22:05:54.398Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T22:05:54.399Z DEBUG vopono_core::util                       > Existing interfaces: 35: nordvpn_spain_d@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7a:b6:c5:bb:77:79 brd ff:ff:ff:ff:ff:ff link-netnsid unknown
    inet 10.200.1.1/24 scope global nordvpn_spain_d
       valid_lft forever preferred_lft forever
142: eth0@if143: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T22:05:54.399Z DEBUG vopono_core::util                       > Assigned IPs: [10.200.1.1/24, 172.18.0.6/16]
 2022-08-19T22:05:54.399Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T22:05:54.478Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T22:05:54.510Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T22:05:54.510Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T22:05:54.510Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T22:05:54.511Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T22:05:54.512Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T22:05:54.547Z DEBUG vopono_core::util                       > ip addr add 10.200.2.1/24 dev nordvpn_spain_d
 2022-08-19T22:05:54.547Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.2.2/24 dev nordvpn_spain_s
 2022-08-19T22:05:54.598Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.2.1 dev nordvpn_spain_s
 2022-08-19T22:05:54.650Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.2.2
 2022-08-19T22:05:54.650Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.2.1
 2022-08-19T22:05:54.650Z DEBUG vopono_core::util                       > nft add table inet vopono_nat
 2022-08-19T22:05:54.719Z DEBUG vopono_core::util                       > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
Error: Could not process rule: No such file or directory
add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:05:54.779Z INFO  vopono_core::network::netns             > Shutting down vopono namespace - as there are no processes left running inside
 2022-08-19T22:05:54.779Z DEBUG vopono_core::util                       > ip link delete nordvpn_spain_d
 2022-08-19T22:05:54.811Z DEBUG vopono_core::util                       > ip netns delete vopono_nordvpn_spain
Error: Failed to create nft postrouting chain in vopono_nat

Caused by:
    Command failed: nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }

With IpTables:

vopono --verbose exec --no-killswitch "curl ifconfig.co/country"
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.145Z DEBUG vopono            > pactl not found, will not set PULSE_SERVER
 2022-08-19T22:12:07.145Z WARN  vopono_core::util > Running vopono as root user directly!
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.145Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Existing namespaces: []
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.148Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: enum Protocol does not have variant constructor TCP
 2022-08-19T22:12:07.149Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.149Z DEBUG vopono_core::util > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.149Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2022-08-19T22:12:07.149Z DEBUG vopono_core::network::network_interface > ip addr
 2022-08-19T22:12:07.152Z DEBUG vopono::exec                            > Interface: eth0@if151
 2022-08-19T22:12:07.152Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.152Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.170Z INFO  vopono_core::util                       > Chosen config: /root/.config/vopono/nordvpn/openvpn/spain-es191.ovpn
 2022-08-19T22:12:07.171Z DEBUG vopono_core::util                       > Existing namespaces: []
 2022-08-19T22:12:07.171Z DEBUG vopono_core::util                       > ip netns add vopono_nordvpn_spain
 2022-08-19T22:12:07.171Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_nordvpn_spain
 2022-08-19T22:12:07.172Z DEBUG vopono_core::util                       > Existing interfaces: 150: eth0@if151: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.6/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever

 2022-08-19T22:12:07.173Z DEBUG vopono_core::util                       > Assigned IPs: [172.18.0.6/16]
 2022-08-19T22:12:07.173Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 127.0.0.1/8 dev lo
 2022-08-19T22:12:07.255Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip link set lo up
 2022-08-19T22:12:07.287Z DEBUG vopono_core::network::veth_pair         > NetworkManager not detected running
 2022-08-19T22:12:07.287Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2022-08-19T22:12:07.287Z DEBUG vopono_core::util                       > ip link add nordvpn_spain_d type veth peer name nordvpn_spain_s
 2022-08-19T22:12:07.291Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_d up
 2022-08-19T22:12:07.293Z DEBUG vopono_core::util                       > ip link set nordvpn_spain_s netns vopono_nordvpn_spain up
 2022-08-19T22:12:07.336Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev nordvpn_spain_d
 2022-08-19T22:12:07.339Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip addr add 10.200.1.2/24 dev nordvpn_spain_s
 2022-08-19T22:12:07.415Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain ip route add default via 10.200.1.1 dev nordvpn_spain_s
 2022-08-19T22:12:07.459Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2022-08-19T22:12:07.459Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2022-08-19T22:12:07.459Z DEBUG vopono_core::util                       > iptables -t nat -A POSTROUTING -s 10.200.1.0/24 -o eth0@if151 -j MASQUERADE
 2022-08-19T22:12:07.462Z DEBUG vopono_core::util                       > iptables -I FORWARD -i nordvpn_spain_d -o eth0@if151 -j ACCEPT
 2022-08-19T22:12:07.465Z DEBUG vopono_core::util                       > iptables -I FORWARD -o nordvpn_spain_d -i eth0@if151 -j ACCEPT
 2022-08-19T22:12:07.467Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.ip_forward=1
 2022-08-19T22:12:07.481Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.481Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.481Z DEBUG vopono_core::config::vpn                > Read auth file: /root/.config/vopono/nordvpn/openvpn/auth.txt
 2022-08-19T22:12:07.482Z DEBUG vopono_core::network::dns_config        > Setting namespace vopono_nordvpn_spain DNS server to 103.86.96.100, 103.86.99.100
 2022-08-19T22:12:07.486Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.486Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.491Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /root/.config
 2022-08-19T22:12:07.491Z DEBUG vopono_core::util                       > Using config dir from XDG dirs: /root/.config
 2022-08-19T22:12:07.491Z INFO  vopono_core::network::openvpn           > Launching OpenVPN...
 2022-08-19T22:12:07.491Z DEBUG vopono_core::network::openvpn           > Detected IPv6 enabled in /sys/module/ipv6/parameters/disable
 2022-08-19T22:12:07.491Z DEBUG vopono_core::network::openvpn           > Found remotes: [Remote { host: IPv4(185.199.100.3), port: 443, protocol: TCP }]
 2022-08-19T22:12:07.491Z DEBUG vopono_core::network::netns             > ip netns exec vopono_nordvpn_spain openvpn --config /root/.config/vopono/nordvpn/openvpn/spain-es191.ovpn --machine-readable-output --log /root/.config/vopono/logs/vopono_nordvpn_spain_openvpn.log --auth-user-pass /root/.config/vopono/nordvpn/openvpn/auth.txt --pull-filter ignore block-outside-dns
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532718 40 WARNING: file '/root/.config/vopono/nordvpn/openvpn/auth.txt' is group or others accessible
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532734 1 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532741 1 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532849 40 WARNING: --ping should normally be used with --ping-restart or --ping-exit
 2022-08-19T22:12:07.532Z DEBUG vopono_core::network::openvpn           > 1660947127.532854 1 NOTE: --fast-io is disabled since we are not using UDP
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533106 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533125 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533230 1 TCP/UDP: Preserving recently used remote address: [AF_INET]185.199.100.3:443
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533280 2b000003 Socket Buffers: R=[131072->131072] S=[16384->16384]
 2022-08-19T22:12:07.533Z DEBUG vopono_core::network::openvpn           > 1660947127.533284 1 Attempting to establish TCP connection with [AF_INET]185.199.100.3:443 [nonblock]

@aniplayIt
Copy link
Author

Any idea? @jamesmcm

@jamesmcm
Copy link
Owner

Can you test just nftables alone, like:

sudo ip netns add testnetns2
sudo ip netns exec testnetns2 ip addr add ::1/8 dev lo
sudo ip netns exec testnetns2 ip link set lo up
sudo ip link add testnetns2_d type veth peer name testnetns2_s
sudo ip link set testnetns2_d up
sudo ip link set testnetns2_s netns testnetns2 up
sudo ip addr add 10.200.3.1/24 dev testnetns2_d
sudo ip netns exec testnetns2 ip addr add 10.200.3.2/24 dev testnetns2_s
sudo ip netns exec testnetns2 ip route add default via 10.200.3.1 dev testnetns2_s
sudo ip netns exec testnetns2 ip -6 route add default via fe80::c418:42ff:fec9:62b6 dev testnetns2_s
sudo nft add table inet testnetns2_nat
sudo nft add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ; }
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip saddr 10.200.3.0/24 counter masquerade
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip6 saddr fe80::c418:42ff:fec9:62b6/24 counter masquerade
sudo nft add table inet testnetns2_bridge
sudo nft add chain inet testnetns2_bridge forward { type filter hook forward priority -10 ; }
sudo nft add rule inet testnetns2_bridge forward iifname testnetns2_d oifname enp3s0f3u1 counter accept
sudo nft add rule inet testnetns2_bridge forward oifname testnetns2_d iifname enp3s0f3u1 counter accept
sudo sysctl -q net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 bash

Then run:

ping 8.8.8.8

Inside that test network namespace?

@aniplayIt
Copy link
Author

Can you test just nftables alone, like:

sudo ip netns add testnetns2
sudo ip netns exec testnetns2 ip addr add ::1/8 dev lo
sudo ip netns exec testnetns2 ip link set lo up
sudo ip link add testnetns2_d type veth peer name testnetns2_s
sudo ip link set testnetns2_d up
sudo ip link set testnetns2_s netns testnetns2 up
sudo ip addr add 10.200.3.1/24 dev testnetns2_d
sudo ip netns exec testnetns2 ip addr add 10.200.3.2/24 dev testnetns2_s
sudo ip netns exec testnetns2 ip route add default via 10.200.3.1 dev testnetns2_s
sudo ip netns exec testnetns2 ip -6 route add default via fe80::c418:42ff:fec9:62b6 dev testnetns2_s
sudo nft add table inet testnetns2_nat
sudo nft add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ; }
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip saddr 10.200.3.0/24 counter masquerade
sudo nft add rule inet testnetns2_nat postrouting oifname enp3s0f3u1 ip6 saddr fe80::c418:42ff:fec9:62b6/24 counter masquerade
sudo nft add table inet testnetns2_bridge
sudo nft add chain inet testnetns2_bridge forward { type filter hook forward priority -10 ; }
sudo nft add rule inet testnetns2_bridge forward iifname testnetns2_d oifname enp3s0f3u1 counter accept
sudo nft add rule inet testnetns2_bridge forward oifname testnetns2_d iifname enp3s0f3u1 counter accept
sudo sysctl -q net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 sysctl -w net.ipv6.conf.default.forwarding=1
sudo ip netns exec testnetns2 bash

Then run:

ping 8.8.8.8

Inside that test network namespace?

Mmm... I got stuck at:
sudo nft 'add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ;}'
Error: Could not process rule: No such file or directory
add chain inet testnetns2_nat postrouting { type nat hook postrouting priority 100 ;}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

@jamesmcm
Copy link
Owner

Can you please check your version of nftables:

$ nft --version
  nftables v1.0.5 (Lester Gooch #4)

And Linux kernel:

$ uname -a
  Linux vivobook 5.19.5-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Mon, 29 Aug 2022 15:51:08 +0000 x86_64 GNU/Linux

@aniplayIt
Copy link
Author

nftables v0.9.3 (Topsy)
Linux 7662bcca328e 4.19.0-21-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64 x86_64 x86_64 GNU/Linux

@jamesmcm
Copy link
Owner

Try to update if you're able to, I think the issue is that that version lacks support for postrouting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamesmcm @aniplayIt