I have been tinkering with setting up a vtun Cloud Tunnel server in AWS. I have my Mikrotik node connected to it. I may have figured out a way to make this work, at least for now. I am looking for someone else willing to work with me and be a client to see if we can get you connected to that AWS server as well and if our nodes can then see each other. Unfortunately, I dont have a 2nd node at another location I can use to test with. I am hoping I get this to work as it would be a major break through in the Cloud Tunnel efforts.
If you are willing to test things out with me, shoot me an email.
Thanks,
Jared
KW4JLB
kw4jlb@arrl.net
If you are willing to test things out with me, shoot me an email.
Thanks,
Jared
KW4JLB
kw4jlb@arrl.net
If anyone wants to follow along with this, here is what I have done so far.
I deployed a t2.micro instance in AWS using the debian-10-amd64-20210208-542 AMI.
I setup a security group with the following rules
TCP port 5525 from Anywhere
UDP port 5525 from Anywhere <--- dont think this is needed. Still need to test that
TCP port 22 (SSH) from my house
I then SSHed to the box and did the following
1. sudo apt update
2. sudo apt upgrade -y
3. sudo apt install vtun -y
4. Edit /etc/default/vtun to uncomment the RUN_SERVER and PORT options
RUN_SERVER=yes
SERVER_ARGS="-P 5525
5. I moved the original vtund.conf file
mv /etc/vtund.conf /etc/vtund.conf.orig
6. I then created a new vtun.conf file with the following contents
options {
ifconfig /usr/sbin/ifconfig;
route /usr/sbin/route;
syslog local7;
}
default {
compress lzo:9;
speed 0;
encrypt yes;
}
KW4JLB-01-BH-172-31-210-76 {
type tun;
proto tcp;
device tun0;
compress lzo:9;
encrypt no;
stat yes;
keepalive yes;
passwd SuperSecretPassWord; # Password is REQUIRED.
up {
ifconfig "%% 172.31.210.76 pointopoint 172.31.210.75";
program /usr/sbin/arp "-Ds 172.31.210.75 %% pub";
program /usr/sbin/arp "-Ds 172.31.210.75 eth0 pub";
route "add -net 172.31.210.0/24 gw 172.31.210.75";
};
down {
program /usr/sbin/arp "-d 172.31.210.75 -i %%";
program /usr/sbin/arp "-d 172.31.210.75 -i eth0";
route "del -net 172.31.210.0/24 gw 172.31.210.75";
};
}
7. I then probed for tun devices
modprobe tun
8. I then setup a config to create several tun devices in /etc/network/interfaces.d/network_tun
sudo sysctl -p
On the Client side (my AREDN node) I setup a tunnel client with the following
PWD: The password I set in step 5
Network: 172.31.210.76
After all of that I am seeing my Client connect tot he AWS server. From my AREDN node I am seeing
On the server side I am seeing
Sep 13 18:42:57 ip-172-31-87-61 vtund[11227]: Use SSL-aware challenge/response
Sep 13 18:42:57 ip-172-31-87-61 vtund[11227]: Session KW4JLB-01-BH-172-31-210-76[66.73.199.222:47330] opened
Sep 13 18:42:57 ip-172-31-87-61 vtund[11227]: LZO compression[level 9] initialized
Sep 13 18:46:32 ip-172-31-87-61 vtund[11227]: Session KW4JLB-01-BH-172-31-210-76 network timeout
Sep 13 18:46:32 ip-172-31-87-61 vtund[11227]: Session KW4JLB-01-BH-172-31-210-76 closed
To spite the session closed messages on the server side, the AREDN node still shows it connected