testing out wireguard and network namespace

General support for problems installing or using Deluge
Post Reply
spmskr
Member
Member
Posts: 10
Joined: Sat Jul 25, 2020 3:10 am

testing out wireguard and network namespace

Post by spmskr »

I got a netns running with a short term wireguard account

Any suggestions what I can try next?

I can run firefox in the netns
  • verify my IP shows as the VPN provider
  • verify no DNS leaks
And ... I can't run deluged in the namespace. I shell into the namespace and
  • run deluged
  • run socat
    • cannot connect with deluge-gtk from outside the NS
    • cannot connect with deluge-console from within the NS
      • deluge-console shows the server in green (it's red for 3 minutes then turns green)
[/list]


I needed this in the namespace

Code: Select all

ip netns exec container sysctl -w net.ipv4.ping_group_range="0 2000"
I set the log level to debug and deluged is not noticing any program trying to connect
mhertz
Moderator
Moderator
Posts: 2195
Joined: Wed Jan 22, 2014 5:05 am
Location: Denmark

Re: testing out wireguard and network namespace

Post by mhertz »

If you cannot connect with deluge-console inside namespace, then presumably not running under same user as deluged, or add arg to use same profile folder as deluged, for auth to work.

Anyway, deluge UIs comunicate with deluged daemon through a TCP port, and not unix socket like e.g. rtorrent supports when using xmlrpc to comunicate with it from outside. That TCP port isn't available outside namespace however, so, you need prepend the 'sudo ip netns xxx' command infront of deluge UIs also, e.g add aliases for it in your .zshrc/.bashrc and/or if wanna run deluge-gtk from outside terminal, e.g. dmenu run prompt or whatever, then make e.g. deluge-vpn shell-script to run deluge-gtk from namespace(or even use same name, if having it inside user bin-dir added infront of $PATH) - start the command in the script with 'exec' so script not lingers untill deluge closed.

Edit: I actually just learned now, through some reading and trial/error, that alternatively you could use socat to redirect the deluge UIs from outside namespace to the isolated deluged daemon in namespace. Here's example for if running deluged on localhost and works for all UIs:

Code: Select all

sudo socat tcp-l:58846,fork,reuseaddr exec:'ip netns exec protected socat - tcp-connect\:localhost\:58846',nofork|sudo socat tcp-l:8112,fork,reuseaddr exec:'ip netns exec protected socat - tcp-connect\:localhost\:8112',nofork&
spmskr
Member
Member
Posts: 10
Joined: Sat Jul 25, 2020 3:10 am

Re: testing out wireguard and network namespace

Post by spmskr »

Hi, thanks for the reply.

I missed some step but can't figure it out.
I'm sure I'm using the same user to run the daemon and the console - running both from an xterm / rxvt / alacritty, whatever (choice doesn't make a difference)

Outside the netns I use a terminal to start both deluged and deluge-console. That works fine.

I run a terminal in the netns

Code: Select all

ip netns exec fredns doas -u fred xterm &
(makes no difference if I use sudo or su instead of doas)

and I use this same terminal window to run both deluged and deluge-console

Code: Select all

deluged  --config=/home/fred/.config/deluge/
deluge-console  --config=/home/fred/.config/deluge/
deluge-console just stays there, with the green connect string. This is in the log:

Code: Select all

]
21:37:42 [DEBUG   ][deluge.ui.client      :302 ] sslproxy.disconnect()
21:37:42 [DEBUG   ][deluge.ui.hostlist    :203 ] Host status failed for esdf7d94ad3dff4asfsd81cadf8esfdf: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.TimeoutError'>: User timeout caused connection failure.
]
(END)
What is this esdf7d94ad3dff4asfsd81cadf8esfdf identifier in the DEBUG?

On that deluge-console start screen, when I try to add a host I get this:

Code: Select all

                         ┌──────────────Error adding host────────────────┐
                         │127.0.0.1: Invalid port. Must be an integer    │
                         │                                               │
                         │                                               │
                         └───────────────────────────────────────────────┘
Last edited by spmskr on Sat May 29, 2021 11:14 am, edited 1 time in total.
spmskr
Member
Member
Posts: 10
Joined: Sat Jul 25, 2020 3:10 am

Re: testing out wireguard and network namespace

Post by spmskr »

LOL - my bad, mea culpa, I'll wear a hair shirt.
I noticed on ip addr that the lo interface was DOWN.
this fixed my issues:

Code: Select all

ip -n fred_namespace link set lo up
Thanks for giving me your time, mhertz - much appreciated.
spmskr
Member
Member
Posts: 10
Joined: Sat Jul 25, 2020 3:10 am

Re: testing out wireguard and network namespace

Post by spmskr »

And I can access the daemon using deluge-gtk (outside the ns). I'm using this socat command

(run this OUTSIDE the ns - the exec piece puts part of the pair inside the ns)

Code: Select all

 socat tcp-listen:<DAEMON_LISTEN_PORT>,fork,reuseaddr \
    exec:'ip netns exec wga_brws socat STDIO "tcp-connect:127.0.0.1:<DAEMON_LISTEN_PORT>"',nofork &
Post Reply