Server :: PPTP Traffic - Gre Traffic Is Being Generated During The Browsing / Reduce Traffic
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
ADVERTISEMENT
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
Feb 21, 2011
everything works fine, clients can connect to the vpn server with no problems and they can ping local machines! but no internet access through the vpn connection unless i uncheck the default gateway option on my client machine which is not what i want. I want my clients to get my server's ip address. my server is behind a router (router's ip : 192.168.0.1 | server's local ip: 192.168.0.100) so i used localip 192.168.0.100 & remoteip 192.168.0.234-238 in pptpd.conf. it think there is something wrong with routing or firewall rules, because it seems that the DNS resolution works .. when i try to browse a website my browser says "Waiting for xxxxx.com..." and it stays on that stage forever ! the funny part is that google.com works fine (don't know how).
p.s :
* I have already opened the port in on my router. I even tried it locally to make sure that the router is not the problem here. * already added ms-dns 208.67.222.222 / ms-dns 208.67.220.220 to pptpd-options. (found another guide that suggested to do this, before adding these two lines even dns resolution was not working.)
View 1 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Aug 12, 2010
I've noticed recently that a lot of outgoing internet traffic is generated by my laptop (running Ubuntu 10.04 - 64 bit). This wasn't the case previously. I only found out because my wireless broadband traffic allowance suddenly was used up very quickly. I've installed ntop to try to find out where all this traffic is going to.
I did find that there were a very high number (at one stage over 11.000) of active TCP/UDP sessions (see attached screenshot). Although the traffic generated by each is only small (about 100 bits/bytes - not sure what) multiplied by thousands, makes a fair bit of traffic. I wonder if I've got some kind of a virus/bug or do I have a configuration problem with my laptop?
View 6 Replies
View Related
Mar 2, 2011
How to analyse the IT and Traffic file generated in CRCN simulation? What they represent i.e what is the format?
View 7 Replies
View Related
Dec 12, 2010
I installed the PPTP Client [URL] and can successfully connect to my VPN (creates interface ppp0). The problem is, I'm trying to tunnel all of my traffic on my system through the connection. I've seen conflicting howtos and scripts including pptpclient's documentation (the ip-up and ip-down scripts don't work). How does one simply (even if I type it manually) tunnel the traffic?
System Info:
OS: Debian Squeeze, Kernel 2.6.32-5-686
GUI: Gnome (standard one from netisnt unstable install)
Main interface: eth1
PPTP interface: ppp0
View 1 Replies
View Related
Feb 16, 2011
I use a PPTP VPN for privacy and bittorrent. I have been over all very happy, only taking about a 1/4 hit to my over all network speed. However, I recently downgraded my VPN package, and the new sever I connect through is sometimes unstable with a high throughput. Because of this I am trying to find a way to block ALL (HTTP, bittorrent, email, etc) outgoing network traffic when the VPN fails, and then resume the traffic when the VPN reconnects. Essentially forcing all data through the VPN, and creating the illusion of simply having no network connection to the outside world at all when the VPN is offline/re-connecting. This is opposed to the current situation when the VPN will fail, all my traffic will switch to direct (visible) access through my ISP, and the VPN will re-establish sometime later (2-3mins, normally. Unless I manually restart it sooner).
I have tried Google, but have only been finding information on configuring local web access outside of the VPN for the sake of speed. Information of which I cannot seem to find a way to apply to this.
View 1 Replies
View Related
Mar 28, 2016
I am in serious situation involving PPTP protocol VPN in Debian 8 Jessie stable. I recently became a paid VPN subscriber. Using PPTP; Is there a way to automatically route all traffic through ppp0? Im getting the vpn service killed (ip address goes back to normal unmasked state) whenever there is a power outage (modem reset) and there are alot of those where I live, Im going to get astabilizer and I need a software solution for the situation as well. Theres gotta be a way to route all traffic through the VPN route ppp0 . I tried adding persist and maxfail 0 to the pptp config file but it did not do what i wanted.
Here's my peer configuration file :
pty "pptp blabla.net --nolaunchpppd"
name blablabla
password blablabla
remotename PPTP
file /etc/ppp/options.pptp
require-mppe-128
refuse-eap noauth
persist
maxfail 0
On a second note, its clear to add that I basically need a way to also auto load the line
pppd call blabla.net
and
route add default dev ppp0
On system startup by default so the computer does not use "Wired" connection ^at all^ when not through ppp0. Any other way of not losing VPN anonymity ever due to hardware malfunction.
Is there a way to do this? Ive looked on the net and everything seems like its either from the nineties or can fry my pc , Im no debian expert, less than a year at linux..
Need it to use wired only if ppp0 is being used so if its no vpn, no connection at all period,
View 1 Replies
View Related
Mar 5, 2010
I am using CentOS 5.4 and did a yum install of cacti. I installed all the necessay packages, like net-snmp, php net snmp and all that. Everything else works but I can't for the life figure out how to monitor traffic on eth0. I do not have any SNMP Interface Statistics or alike in either the Associated Graph Templates or Associated Data Queries.
Heres the output of "snmpwalk localhost -c public -v2c" , SNMPv2-MIB::sysDescr.0 = STRING: Linux xxx.xxxx.net 2.6.18-164.6.1.el5xen #1 SMP Tue Nov 3 17:53:47 EST 2009 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7515443) 20:52:34.43
[Code]...
I am trying to monitor the interfaces on the local computer only.
View 4 Replies
View Related
Oct 7, 2010
I was wondering what the best way of redirecting all traffic, not just http traffic, from my hosted web server on hostmonster (with a domain name) to my home server.... I wondered if it would be possible to do it with a simple script running on the hosted web server?? Also is there a way of getting round having all the ports open on the hosted web server that I want to use on my home server??
View 2 Replies
View Related
Jul 12, 2010
any plans to include (or not include) Apache Traffic Server in Squeeze?
View 1 Replies
View Related
May 20, 2010
I'm currently tunnelling to my Ubuntu pc at home from my laptop in order to bypass my schools false-positive prone filter. Is there a way to record traffic that both comes to and is delivered by my pc?
View 1 Replies
View Related
Oct 25, 2010
Which is best server monitoring (Traffic ) tool ?
Can you provide some form of monitoring on this server or recommend any server-side applications that could monitor the status, in high detail, including traffic, etc?
View 9 Replies
View Related
Feb 18, 2010
I have a squid3 on a debian lenny box but cannot get access to any site.
If i remove the http_access deny all works, but i just want those ip to get access to squid
My squid.conf
Code:
intranet:/etc/squid3# cat squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl all src 0.0.0.0/0
[Code].....
View 3 Replies
View Related
Dec 28, 2010
How could I configure Ubuntu to be setup as follows...
Wireless Client ----> Wireless Router ----> Home Server ----> Internet
What is needed to make all of the wireless traffic go to my internet connection port. I will be having two ethernet cables plugged into the system one from the wireless router and one to my internet router.
View 1 Replies
View Related
Apr 25, 2011
I like AWstats for viewing/visualizing web traffic to my server. However, I am in a situation where I would like to visualize ALL traffic to/from a network, in a way similar to AWstats. That is to say, Free and Visual. The program will have to be linux/http/java based as it will run on a linux server off of a Network Tap.
View 5 Replies
View Related
Dec 30, 2010
I have just recently switched my setup to have my server be in the middle of traffic and act as my new router while making my other routers just switches. However, after doing this I can no longer access my UPnP devices. They used to show up in my router but I am assuming either there is an issue with my iptables rules or that some how having my server run the dhcp and dns routing is messing with UPnP.
View 2 Replies
View Related
Jan 3, 2011
is any apache-module out there that allows duplicating traffic?
I want to test an new Application Server by duplicating the traffic from the old production system. Answers of the new will be DROPped ...
View 1 Replies
View Related
Apr 13, 2010
I want to know that squid in 5 min ago and 1 hour ago how much traffic transferred for monitoring purposes?? where can I get this info from running squid? of course I get I have to note that access.log is disabled for some reasons.
View 3 Replies
View Related
May 5, 2010
The network in my company use Squid Proxy serveto browse internet.Browser is IE or Firefox, and OS is Windows XP.The company need to use a new software for work, but the software don't have function that can configure Proxy server to connect to Server outside.I don't want to NAT port on router because I cannot control the traffic.Is there any software same as Proxy Client ... installed on Windows XP?My idea is that the software same as ISA server - ISA client
View 1 Replies
View Related
Jan 29, 2010
I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
View 2 Replies
View Related
Sep 30, 2010
I tried to setup a home server that will redirect the internet traffic through the server before it reach the client. Because i don't want to install anti virus on every machine, it will slow them down a lot. There are some anti virus for ubuntu. Most of my home machines are running windows, which is a pain with virus.
p/s: I'm running 1 ubuntu server 10.04 and the rest are windows 7 machines.
View 9 Replies
View Related
May 1, 2011
Last night my old Sony Vaio laptop which connects via wired Ethernet and runs Ubuntu 10.10 started hammering the network out onto the Internet. Fired up Wireshark and found lots of traffic between my machine and 174.129.193.12 which I did a whois on and found belonged to Amazon EC2 Cloud Server. The port on my machine was an unknown 5000+ but the port on the remote system was 443 the port used by https, however no browser was running. Did a search and put together a couple of iptable commands to block this IP address which stopped the traffic. I then used nmap and netstat and found port 3000 open and another connection to IP address 91.189.89.76 which I also blocked. Unusually no info exists on this IP when you do a whois. At first I thought it might be some sort of sync as this machine has Ubuntu One running on it, however it could also be something else.
View 3 Replies
View Related
May 21, 2010
I have set up a Virtual machine on a dedicated server from 1and1. I hoped to use a bridge to give the vm direct access to the internet but 1and1 do mac filtering and so the only option is to use NAT.
I used Virtual Machine Manager on my Ubuntu 10.04 machine at home to install Debain Lenny on the vm on the server using KVM and all went well. I put it on a virtual network 192.168.100.0 and i can access it from the host and i can access the internet from the guest using NAT that libvirt set-up.
I bought another ip address from 1and1 with the hope of forwarding packets to the new ip address 11.22.33.02 to the guest vm.
I have tried all sorts of routing rules using iptables without any success.
my virtual network is on virbr1 the guest ip is 192.168.100.50 my external network device is ip say 11.22.33.01 on eth0 with the secondary ip say 11.22.33.02 on eth0:1
Here are the latest rules i tried:
Quote:
iptables -t nat -A PREROUTING -d 11.22.33.02 -i eth0 -j DNAT --to-destination 192.168.100.50
iptables -t nat -A POSTROUTING -s 192.168.100.50 -o eth0 -j SNAT --to-source 11.22.33.02
iptables -A FORWARD -p tcp -i eth0 -o virbr1 -d 192.168.100.50 -m state --state NEW -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code].....
View 2 Replies
View Related
Aug 2, 2011
I have searched and searched for a reverse proxy solution for non-website traffic. TCP but not http, on ports other than 80, 443, 8080, etc. Basically I just need a TCP forwarder that works with multiple TCP servers, WITHOUT webpage caching features. I do not need or want any webpage caching. Can squid work as a reverse proxy for TCP traffic without http? The other program I came across in searching was HAproxy. Both programs are for http but I am curious if they would work for TCP servers that do not serve webpages.
View 2 Replies
View Related
Nov 3, 2010
For some years now I have been able to use openssl (apache-mod_ssl) to process encrypted traffic because I had, in effect, only one host - the main server - as the sole entry in our ssl_vhost.conf file.
Now we are working toward serving a couple of more secure sites for closely related organizations, but with their own distinct identities. This, in the past, would have meant additional static IPs with matching nic cards for starters. But my understanding is that since 2007/8 we have been able to use gnutls (apache-mod_gnutls) which gets around the old problem of Apache not being able to direct name-based traffic because that would not yet have been decoded. This is referred to as SNI - Server Name Indication.
Here my confusion begins. Is there an overlap between SSL and TLS? For instance, I would have generated RSA keys and a self-signed certificate with the genrsa command. Is this sufficient for gnutls or does it need to generate its own keys and certificates? I realize gnutls is relatively a new kid on the block but it is appealing and I'd like to give it a try.
I am working with the Mandriva/Mageia cooker with an x86_64 architecture so all packages are up-to-the-minute.
View 3 Replies
View Related
May 10, 2010
I am running Redhat linux 8.0 with 2.4.22 kernel. I am using this server for traffic shaping my static ip clients using tc. There are about 250 clients and I am running mrtg to monitor traffic via cronjobs each 5 minutes. When mrtg run I see too much packets loss in my network. What could be the problem in my server?
RAM is 1gb and processor is Intel Pentium D 2.66GHz.
View 8 Replies
View Related
Sep 16, 2010
We have a production web site running apache 2.2.3 across several web servers. we also have a major problem with SPAM comments right now. our method of identifying valid IPs (whether by external clients/customers, or internal personnel) vs SPAM'ers is not ideal - its prone to erroneously labeling legit IP's as targets to be blacklisted.
What we need is.. a way to see how much distinct request traffic is coming from any given IP address to the site in real time (or very near realtime). Essentially we want to see in some graphic/chart way requests per sec to apache / per ip sorted by requests per sec.Would nTop do this? I've only used this in a limited form at a branch office, not on a production web server.
View 3 Replies
View Related
