iperf test with wanproxy

Tue Aug 20 13:14:24 PDT 2013

Any chance that there's some kind of loop in redsocks?  I wonder if you can
somehow exclude WANProxy's traffic from going through redsocks?

On Tue, Aug 20, 2013 at 1:10 PM, Iheanyi Obasi <iobasi at hotmail.com> wrote:

> Thanks for the tip Juli.****
>
> ** **
>
> So I have tried to be more thorough this time around and I can say one
> thing – the iperf doesn’t work well on a SOCKS connection. When the
> connection is initiated the SOCKS proxy keeps sending data to the iperf
> server without returning output to the iperf client. I’m not sure why it
> behaves this way but I will give it some more investigation when I have
> more time.****
>
> ** **
>
> The tests you asked me to carry out all turned out positive, from the
> upstream server, I can curl urls through the SOCKS port on the upstream
> server (not via 3302 but via 3301). I can also use the upstream SOCKS proxy
> from my local computer.****
>
> ** **
>
> A look at packet captures on the downstream proxy showed the bizarre
> behaviour during iperf tests so I guess I’ll have to look for another way
> to measure throughput with my socks proxies. Any tips will be appreciated.
> ****
>
> ** **
>
> Thanks again.****
>
> ** **
>
> *From:* Juli Mallett [mailto:juli at clockworksquid.com]
> *Sent:* Tuesday, August 20, 2013 8:56 AM
> *To:* iobasi at hotmail.com
> *Cc:* wanproxy at lists.wanproxy.org
> *Subject:* Re: iperf test with wanproxy****
>
> ** **
>
> First, as for simplifying, you can use references to other fields in your
> config, which might simplify things, e.g. "set if2.port $peer0.port" or
> similar.****
>
> ** **
>
> Since you've already disabled the codecs (which means you won't get any
> optimization, but is useful for testing), I'd suggest you go step-by-step
> verifying that things work as expected.****
>
> ** **
>
> So first, log in to 4.4.4.4, and use something to try making a socks
> connection there via port 3302, e.g. curl with --socks5 or whatever.****
>
> ** **
>
> Then try using 4.4.4.4:3301 as a socks proxy from your local system
> that's running WANProxy.  See if you can even reach it with netcat or
> telnet if that doesn't work for some reason.****
>
> ** **
>
> If that works, then I'd guess there's some problem with redsocks — does it
> do any logging or could you turn any on?  My first guess would be that it's
> failing to authenticate properly since WANProxy doesn't support
> authentication.****
>
> ** **
>
> You may try passing -v to each WANProxy instance, and then see if WANProxy
> logs anything.****
>
> ** **
>
> Likewise, you could use tcpdump on each system to see what traffic is
> being generated.  You seem pretty comfortable with networking, but if you
> need help with that let me and/or the list know.****
>
> ** **
>
> Thanks,****
>
> Juli.****
>
> ** **
>
> On Mon, Aug 19, 2013 at 11:48 PM, Iheanyi Obasi <iobasi at hotmail.com>
> wrote:****
>
> Hello,****
>
>  ****
>
> This a great project.  However, I have this strange thing that happens
> with wanproxy. I can redirect my TCP sessions through it. However, when I
> initiate an iperf test, it reaches the other end and then immediately
> resets the connection. So all I end up getting for my SYN request is a RST
> ACK. I am wondering if there is something wrong with my setup so I’m
> posting it for someone to please raise a flag here. My topology looks like
> this****
>
>  ****
>
> LAN ---> SOCKS ---> WANPROXY CLIENT ---> WANPROXY SERVER (WITH SOCKS)
> ----> INTERNET (IPERF SERVER)****
>
>  ****
>
> I use the socks proxy to get many TCP ports through the proxy. I would
> appreciate information about another way of doing this. So that’s the
> topology, here are the wanproxy configs****
>
>  ****
>
> CLIENT SOCKS PROXY****
>
> redsocks {****
>
>      local_ip = 0.0.0.0;****
>
>      local_port = 5001;****
>
>  ****
>
>      ip = 127.0.0.1;****
>
>      port = 3300;****
>
> }****
>
>  ****
>
> CLIENT CONFIG****
>
>  ****
>
> create interface if0****
>
> set if0.family IPv4****
>
> set if0.host "127.0.0.1"****
>
> set if0.port "3300"****
>
> activate if0****
>
>  ****
>
> create peer peer0****
>
> set peer0.family IPv4****
>
> set peer0.host "4.4.4.4"****
>
> set peer0.port "3301"****
>
> activate peer0****
>
>  ****
>
> create proxy proxy0****
>
> set proxy0.type TCP-TCP****
>
> set proxy0.interface if0****
>
> set proxy0.interface_codec None****
>
> set proxy0.peer peer0****
>
> set proxy0.peer_codec None****
>
> activate proxy0****
>
>  ****
>
> SERVER CONFIG****
>
>  ****
>
> create interface if0****
>
> set if0.family IP****
>
> set if0.host "4.4.4.4"****
>
> set if0.port "3301"****
>
> activate if0****
>
>  ****
>
> create peer peer0****
>
> set peer0.family IPv4****
>
> set peer0.host "localhost"****
>
> set peer0.port "3302"****
>
> activate peer0****
>
>  ****
>
> create proxy proxy0****
>
> set proxy0.type TCP-TCP****
>
> set proxy0.interface if0****
>
> set proxy0.interface_codec None****
>
> set proxy0.peer peer0****
>
> set proxy0.peer_codec None****
>
> activate proxy0****
>
>  ****
>
> create interface if2****
>
> set if2.family IPv4****
>
> set if2.host "localhost"****
>
> set if2.port "3302"****
>
> activate if2****
>
>  ****
>
> create proxy-socks proxy-socks0****
>
> set proxy-socks0.interface if2****
>
> activate proxy-socks0****
>
>  ****
>
> It feels like overkill to me so suggestions to simplify are welcome. Thank
> you.****
>
>
> _______________________________________________
> wanproxy mailing list
> wanproxy at lists.wanproxy.org
> http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130820/7bd7ea12/attachment-0003.htm>