OpenVPN and BTsync

[UmedaBound]

I have BTsync running on several boxes, all of them Windows 7, except one.

That one is running on an Ubuntu server which functions as my NAS. I also run OpenVPN on that server (outgoing). I have set up routing so that any requests to the LAN (e.g. 10.0.0.0/24) are routed through eth0 instead of tun0 (OpenVPN's virtual adapter).

sudo ip rule add from 10.0.0.9 table 128
sudo ip route add table 128 to 10.0.0.0/24 dev eth0
sudo ip route add table 128 default via 10.0.0.254

This works for all the other applications I run on that server... except for BTsync. When the OpenVPN daemon is running, it cannot find the other machines running BTsync. I have enabled lan_use_tcp in the config file, and have Search Lan turned on for all sync'd folders.

I'm a bit of a Linux newb, particularly when it comes to networking/firewall/router rules.

Any advice would be appreciated. It's kind of a PITA to have to stop my OpenVPN daemon every time I want the server to rediscover the other machines. (Once they're discovered, they work, even with OpenVPN turned on... until the next time they go offline for a while, or until the next time I stop and start BTsync on the Linux box.)

[goli]

Hey there.

Without any profound information and investigation, I would guess that it's broadcasting your're upset on.

The btsync "Search LAN" feature completely relies on default broadcast.

For a simple explanation (even though it's not that simple in all cases), it's like this:

If your local network has 192.168.0.0/24, that means that 192.168.0.1 is the very first available IP in this range, 192.168.0.253 the very last. The number 192.168.0.0 is your network name and not available as IP address. The number 192.168.0.254 isn't available as IP address since that's the broadcast address.

Broadcast addresses are defined as "everybody can address this, and everybody is allowed to respond". And ontop of this, boradcasts don't get routed, by default. Broadcast requests are bound to the very local wire.

I guess you have to investigate how to allow OpenVPN to route broadcasts, then you'll be fine. Or you should use the known hosts feature and assign the VPN IPs here. This way is ost likely the easier one.

Regards,

Stephan.

[Alajjana]

I wish i could help more than this, but this is my ip table:

ip route show

0.0.0.0/1 via XXX.241.65.1 dev tap0

default via YYY.196.15.1 dev eth0 metric 100

YYY.196.15.0/24 dev eth0 proto kernel scope link src YYY.196.15.26

ZZZ.85.17.136.251 via YYY.196.15.1 dev eth0

128.0.0.0/1 via XXX.241.65.1 dev tap0

XXX.241.65.0/25 dev tap0 proto kernel scope link src XXX.241.65.6

but I think mine works because i allow some communication in on eth0 to ports 3000,3838, but all outgoing is via tap0.

[UmedaBound]

Thanks for the responses!

@Stephan: I thought the default broadcast address was x.y.z.255 on a /24 network?

The "known hosts" feature is a good suggestion. I had tried it before, but I thought I needed to configure it on the Linux box. Turns out, it's the other peers who needed the Linux box's address.

That works for me because I use static addressing assigned via DHCP, but the mobile client doesn't seem to have a "known hosts" option. I forgot to mention that one device is an Android phone that backs up its Titanium Backup folders to the Linux box.

As for finding out how OpenVPN handles broadcasting, I think I can't figure out the right search terms, as I've come up with nothing useful. Also, in this case, the remote OpenVPN server is 3rd party; I have no control over settings server-side, which complicates my google search on how to set this up.

@Alajjana: Routing tables are a bit beyond me. This is mine now:

93.114.45.13 via 10.77.77.254 dev eth0
10.8.0.1 via 10.8.0.237 dev tun0
10.8.0.237 dev tun0  proto kernel  scope link  src 10.8.0.238
10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.9
0.0.0.0/1 via 10.8.0.237 dev tun0
128.0.0.0/1 via 10.8.0.237 dev tun0
default via 10.0.0.254 dev eth0  metric 100

I use tun rather than tap.

10.0.0.254 is my router.

10.8.0.238 is the address assigned by the remote OpenVPN server

Any advice you can provide (along with CLI commands to implement) would be welcome.

[UmedaBound]

Found the solution! I remembered having configured my backup software to always use eth0, and I managed to find the little text file I wrote myself.

Here was the solution:

Download bind.c from

http://daniel-lange....searchButton]=>

Copy to a temp dir and do:

gcc -nostartfiles -fpic -shared bind.c -o bind.so -ldl -D_GNU_SOURCE
strip bind.so
cp -i bind.so /usr/lib/

Then change the start line for any software needing to go out on local to:

BIND_ADDR="[local adapter address]" LD_PRELOAD=/usr/lib/bind.so [full path & command line]

Example:

BIND_ADDR="10.0.0.99" LD_PRELOAD=/usr/lib/bind.so /usr/bin/btsync restart

Voila! Problem solved!