#StackBounty: #iptables #openvpn #route #iproute2 #dante Two instances of Dante proxy server with two interfaces

Bounty: 50

I’m running 2 instances of Dante server on my Linux machine, one of them is called danted which is supposed to connect me to the internet through the ethernet cable and the other is sockd which is supposed to connect me through an OpenVPN connection..

The first one, danted is configured to use my ethernet cable (ens33):

internal: ens33 port=1080
external: ens33

The second one, sockd is configured to use the OpenVPN interface (tun0):

internal: ens33 port=2080
external: tun0

The Dante servers are configured properly and when OpenVPN is not connected, danted works fine but when OpenVPN connects, danted doesn’t work anymore. When I check it’s logs, I just see that the connection times out.

My routing table when OpenVPN is not connected looks like this:

default via 192.168.1.1 dev ens33 src 192.168.1.10 metric 202 
default via 192.168.1.1 dev ens33 proto dhcp metric 20001 
169.254.0.0/16 dev ens33 scope link metric 1000 
192.168.1.0/24 dev ens33 proto kernel scope link src 192.168.1.10 metric 1 
192.168.1.0/24 dev ens33 proto dhcp scope link src 192.168.1.10 metric 202 

And when OpenVPN connects, it looks like this:

0.0.0.0/1 via 10.123.58.1 dev tun0 
default via 192.168.1.1 dev ens33 src 192.168.1.10 metric 202 
default via 192.168.1.1 dev ens33 proto dhcp metric 20001 
10.123.58.0/23 dev tun0 proto kernel scope link src 10.123.58.65 
128.0.0.0/1 via 10.123.58.1 dev tun0 
169.254.0.0/16 dev ens33 scope link metric 1000 
openvpn.server.wan.ipaddress via 192.168.1.1 dev ens33 
192.168.1.0/24 dev ens33 proto kernel scope link src 192.168.1.10 metric 1 
192.168.1.0/24 dev ens33 proto dhcp scope link src 192.168.1.10 metric 202

So OpenVPN adds 4 new routes to my table. I’ve tried individually deleting each of these rules or also did ip route flush dev tun0 or deleted the 0/1 rule and added a default rule for the tun0 interface; but when I try these, and test the sockd proxy server, my IP is my ethernet cable’s IP, not OpenVPN’s server IP.

I have no idea how to fix this, I’ve been Googling this a lot, I thought this was an easy task since Dante proxy server just binds to external connections.

Summary for the bounty:

I’ve tried using my interface’s IPv4 addresses instead of the interface names, for example I used 192.168.1.10 instead of ens33 and used 10.123.58.1 instead of tun0, but didn’t fix the issue (I know that OpenVPN’s internal address changes every time we reconnect).

I am specifying the external (outgoing) interface in Dante configs, so from my understanding, it really shouldn’t be using the Ubuntu’s routing table, doesn’t it just listen to incoming connections and forward them to the external interface? I don’t understand why the OpenVPN added routes causes me issues, even thought I can easily ping computers on my local network, I’ve checked there are no firewall rules added to my iptables (iptables -n -v -L).

Here are the logs when I test the SOCKS server:

[18:18] Testing Started.
    Proxy Server
    Address:    192.168.1.10:1080
    Protocol:   SOCKS 5
    Authentication: NO

[18:18] Starting: Test 1: Connection to the Proxy Server
[18:18] IP Address: 192.168.1.10
[18:18] Connection established
[18:18] Test passed.
[18:18] Starting: Test 2: Connection through the Proxy Server
[18:18] Authentication was successful.
[18:49] Error : the proxy server cannot establish connection to www.google.com:80
    Error = 0x06 (Timeout).
    Please confirm that the target host address is correct.
    The error may also indicate that the proxy server is not operating properly.
[18:49] Test failed.
[18:49] Testing Finished.

The target host address is correct, I’ve checked dante-server’s logs as I’ve said above, and I can see google.com’s IP address:

Aug 26 19:01:11 (1629988271.706256) danted[106897]: info: pass(2): tcp/connect ]: 0 -> 192.168.1.15.9786 192.168.1.10.1080 -> 0, 0 -> 192.168.1.10.9786 142.250.186.174.443 -> 0: connect timeout.  Session duration: 31s

When OpenVPN is disconnected, a successful connection looks like this:

Aug 26 19:06:18 (1629988578.802869) danted[106897]: info: pass(2): tcp/connect ]: 0 -> 192.168.1.15.9796 192.168.1.10.1080 -> 0, 0 -> 192.168.1.129.9796 142.250.185.238.443 -> 0: local client closed.  Session duration: 10s

My question is specific about Dante-SOCKS5-Server, although I have tried Squid-HTTPS-Server and I had the same issue with it:

My question is specific about Dante-SOCKS5-Server, although I have tried Squid-HTTPS-Server and I had the same issue with it:
[05:40] Starting: Test 1: Connection to the Proxy Server
[05:40] IP Address: 192.168.1.10
[05:40] Connection established
[05:40] Test passed.
[05:40] Starting: Test 2: Connection through the Proxy Server
[06:40] Error : the proxy server cannot establish connection with 142.250.186.174:443
    The error indicates that the target host is down or unreachable.
    Please try to use another host and/or port as a test target.
    The proxy server reply header is:
        HTTP/1.1 503 Service Unavailable
        Server: squid/4.10
        Mime-Version: 1.0
        Date: Thu, 26 Aug 2021 16:36:40 GMT
        Content-Type: text/html;charset=utf-8
        Content-Length: 3438
        X-Squid-Error: ERR_CONNECT_FAIL 110
        Vary: Accept-Language
        Content-Language: en
[06:40] Test failed.
[06:40] Testing Finished.


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.