iperf test with wanproxy

Iheanyi Obasi iobasi at hotmail.com
Tue Aug 20 16:27:18 PDT 2013 

Yes there is certainly a possibility of a loop on the downstream end. I will have to do some more tinkering to eventually pinpoint the culprit. For now a firewall rule for WANProxy’s traffic is inevitable.

 

I will update on my findings for everyone’s benefit.

 

 

From: Juli Mallett [mailto:juli at clockworksquid.com] 
Sent: Tuesday, August 20, 2013 9:14 PM
To: iobasi
Cc: wanproxy at lists.wanproxy.org
Subject: Re: iperf test with wanproxy

 

Any chance that there's some kind of loop in redsocks?  I wonder if you can somehow exclude WANProxy's traffic from going through redsocks?

 

On Tue, Aug 20, 2013 at 1:10 PM, Iheanyi Obasi <iobasi at hotmail.com> wrote:

Thanks for the tip Juli.

 

So I have tried to be more thorough this time around and I can say one thing – the iperf doesn’t work well on a SOCKS connection. When the connection is initiated the SOCKS proxy keeps sending data to the iperf server without returning output to the iperf client. I’m not sure why it behaves this way but I will give it some more investigation when I have more time.

 

The tests you asked me to carry out all turned out positive, from the upstream server, I can curl urls through the SOCKS port on the upstream server (not via 3302 but via 3301). I can also use the upstream SOCKS proxy from my local computer.

 

A look at packet captures on the downstream proxy showed the bizarre behaviour during iperf tests so I guess I’ll have to look for another way to measure throughput with my socks proxies. Any tips will be appreciated.

 

Thanks again.

 

From: Juli Mallett [mailto:juli at clockworksquid.com] 
Sent: Tuesday, August 20, 2013 8:56 AM
To: iobasi at hotmail.com
Cc: wanproxy at lists.wanproxy.org
Subject: Re: iperf test with wanproxy

 

First, as for simplifying, you can use references to other fields in your config, which might simplify things, e.g. "set if2.port $peer0.port" or similar.

 

Since you've already disabled the codecs (which means you won't get any optimization, but is useful for testing), I'd suggest you go step-by-step verifying that things work as expected.

 

So first, log in to 4.4.4.4, and use something to try making a socks connection there via port 3302, e.g. curl with --socks5 or whatever.

 

Then try using 4.4.4.4:3301 as a socks proxy from your local system that's running WANProxy.  See if you can even reach it with netcat or telnet if that doesn't work for some reason.

 

If that works, then I'd guess there's some problem with redsocks — does it do any logging or could you turn any on?  My first guess would be that it's failing to authenticate properly since WANProxy doesn't support authentication.

 

You may try passing -v to each WANProxy instance, and then see if WANProxy logs anything.

 

Likewise, you could use tcpdump on each system to see what traffic is being generated.  You seem pretty comfortable with networking, but if you need help with that let me and/or the list know.

 

Thanks,

Juli.

 

On Mon, Aug 19, 2013 at 11:48 PM, Iheanyi Obasi <iobasi at hotmail.com> wrote:

Hello,

 

This a great project.  However, I have this strange thing that happens with wanproxy. I can redirect my TCP sessions through it. However, when I initiate an iperf test, it reaches the other end and then immediately resets the connection. So all I end up getting for my SYN request is a RST ACK. I am wondering if there is something wrong with my setup so I’m posting it for someone to please raise a flag here. My topology looks like this

 

LAN ---> SOCKS ---> WANPROXY CLIENT ---> WANPROXY SERVER (WITH SOCKS) ----> INTERNET (IPERF SERVER)

 

I use the socks proxy to get many TCP ports through the proxy. I would appreciate information about another way of doing this. So that’s the topology, here are the wanproxy configs

 

CLIENT SOCKS PROXY

redsocks {

     local_ip = 0.0.0.0;

     local_port = 5001;

 

     ip = 127.0.0.1;

     port = 3300;

}

 

CLIENT CONFIG

 

create interface if0

set if0.family IPv4

set if0.host "127.0.0.1"

set if0.port "3300"

activate if0

 

create peer peer0

set peer0.family IPv4

set peer0.host "4.4.4.4"

set peer0.port "3301"

activate peer0

 

create proxy proxy0

set proxy0.type TCP-TCP

set proxy0.interface if0

set proxy0.interface_codec None

set proxy0.peer peer0

set proxy0.peer_codec None

activate proxy0

 

SERVER CONFIG

 

create interface if0

set if0.family IP

set if0.host "4.4.4.4"

set if0.port "3301"

activate if0

 

create peer peer0

set peer0.family IPv4

set peer0.host "localhost"

set peer0.port "3302"

activate peer0

 

create proxy proxy0

set proxy0.type TCP-TCP

set proxy0.interface if0

set proxy0.interface_codec None

set proxy0.peer peer0

set proxy0.peer_codec None

activate proxy0

 

create interface if2

set if2.family IPv4

set if2.host "localhost"

set if2.port "3302"

activate if2

 

create proxy-socks proxy-socks0

set proxy-socks0.interface if2

activate proxy-socks0

 

It feels like overkill to me so suggestions to simplify are welcome. Thank you.

 

_______________________________________________
wanproxy mailing list
wanproxy at lists.wanproxy.org
http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130821/75ea701d/attachment-0003.htm>

More information about the wanproxy mailing list