iperf test with wanproxy

Juli Mallett juli at clockworksquid.com
Tue Aug 20 16:44:19 PDT 2013 

Thank you Iheanyi.  Look at Diego's configs posted earlier today for a
similar setup or perhaps try having redsocks on a separate machine just as
a test?  Good luck and thanks for being willing to report back.

On 2013-08-20, at 16:27, Iheanyi Obasi <iobasi at hotmail.com> wrote:

Yes there is certainly a possibility of a loop on the downstream end. I
will have to do some more tinkering to eventually pinpoint the culprit. For
now a firewall rule for WANProxy’s traffic is inevitable.



I will update on my findings for everyone’s benefit.





*From:* Juli Mallett [mailto:juli at clockworksquid.com<juli at clockworksquid.com>]

*Sent:* Tuesday, August 20, 2013 9:14 PM
*To:* iobasi
*Cc:* wanproxy at lists.wanproxy.org
*Subject:* Re: iperf test with wanproxy



Any chance that there's some kind of loop in redsocks?  I wonder if you can
somehow exclude WANProxy's traffic from going through redsocks?



On Tue, Aug 20, 2013 at 1:10 PM, Iheanyi Obasi <iobasi at hotmail.com> wrote:

Thanks for the tip Juli.



So I have tried to be more thorough this time around and I can say one
thing – the iperf doesn’t work well on a SOCKS connection. When the
connection is initiated the SOCKS proxy keeps sending data to the iperf
server without returning output to the iperf client. I’m not sure why it
behaves this way but I will give it some more investigation when I have
more time.



The tests you asked me to carry out all turned out positive, from the
upstream server, I can curl urls through the SOCKS port on the upstream
server (not via 3302 but via 3301). I can also use the upstream SOCKS proxy
from my local computer.



A look at packet captures on the downstream proxy showed the bizarre
behaviour during iperf tests so I guess I’ll have to look for another way
to measure throughput with my socks proxies. Any tips will be appreciated.



Thanks again.



*From:* Juli Mallett [mailto:juli at clockworksquid.com]
*Sent:* Tuesday, August 20, 2013 8:56 AM
*To:* iobasi at hotmail.com
*Cc:* wanproxy at lists.wanproxy.org
*Subject:* Re: iperf test with wanproxy



First, as for simplifying, you can use references to other fields in your
config, which might simplify things, e.g. "set if2.port $peer0.port" or
similar.



Since you've already disabled the codecs (which means you won't get any
optimization, but is useful for testing), I'd suggest you go step-by-step
verifying that things work as expected.



So first, log in to 4.4.4.4, and use something to try making a socks
connection there via port 3302, e.g. curl with --socks5 or whatever.



Then try using 4.4.4.4:3301 as a socks proxy from your local system that's
running WANProxy.  See if you can even reach it with netcat or telnet if
that doesn't work for some reason.



If that works, then I'd guess there's some problem with redsocks — does it
do any logging or could you turn any on?  My first guess would be that it's
failing to authenticate properly since WANProxy doesn't support
authentication.



You may try passing -v to each WANProxy instance, and then see if WANProxy
logs anything.



Likewise, you could use tcpdump on each system to see what traffic is being
generated.  You seem pretty comfortable with networking, but if you need
help with that let me and/or the list know.



Thanks,

Juli.



On Mon, Aug 19, 2013 at 11:48 PM, Iheanyi Obasi <iobasi at hotmail.com> wrote:

Hello,



This a great project.  However, I have this strange thing that happens with
wanproxy. I can redirect my TCP sessions through it. However, when I
initiate an iperf test, it reaches the other end and then immediately
resets the connection. So all I end up getting for my SYN request is a RST
ACK. I am wondering if there is something wrong with my setup so I’m
posting it for someone to please raise a flag here. My topology looks like
this



LAN ---> SOCKS ---> WANPROXY CLIENT ---> WANPROXY SERVER (WITH SOCKS) ---->
INTERNET (IPERF SERVER)



I use the socks proxy to get many TCP ports through the proxy. I would
appreciate information about another way of doing this. So that’s the
topology, here are the wanproxy configs



CLIENT SOCKS PROXY

redsocks {

     local_ip = 0.0.0.0;

     local_port = 5001;



     ip = 127.0.0.1;

     port = 3300;

}



CLIENT CONFIG



create interface if0

set if0.family IPv4

set if0.host "127.0.0.1"

set if0.port "3300"

activate if0



create peer peer0

set peer0.family IPv4

set peer0.host "4.4.4.4"

set peer0.port "3301"

activate peer0



create proxy proxy0

set proxy0.type TCP-TCP

set proxy0.interface if0

set proxy0.interface_codec None

set proxy0.peer peer0

set proxy0.peer_codec None

activate proxy0



SERVER CONFIG



create interface if0

set if0.family IP

set if0.host "4.4.4.4"

set if0.port "3301"

activate if0



create peer peer0

set peer0.family IPv4

set peer0.host "localhost"

set peer0.port "3302"

activate peer0



create proxy proxy0

set proxy0.type TCP-TCP

set proxy0.interface if0

set proxy0.interface_codec None

set proxy0.peer peer0

set proxy0.peer_codec None

activate proxy0



create interface if2

set if2.family IPv4

set if2.host "localhost"

set if2.port "3302"

activate if2



create proxy-socks proxy-socks0

set proxy-socks0.interface if2

activate proxy-socks0



It feels like overkill to me so suggestions to simplify are welcome. Thank
you.



_______________________________________________
wanproxy mailing list
wanproxy at lists.wanproxy.org
http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130820/2b3fcd3c/attachment-0002.htm>

More information about the wanproxy mailing list