some strange problem about internet

[saccleo]

i met some internet connection problems, i don't know when they happened.
problem 1#:
when devices connect to the asus router via openvpn, such as computer with windows os , or android cell phones, they can't visit github.com, and other sites can be visited. But if the devices connect directly to the asus router via WIFI or a cable, then the site (github.com) is reachable.
problem 2#:
The devices that connect directly to the router can not fetch files from dl.google.com when using 'apt update' in debian testing. But if the devices connect to other router(router without os like asuswrt, which can not customed and install softwares ), the command 'apt update' in debian testing works fine.
other info:
I have set up an transparent proxy in the asus router via shadowsocks and chinadns.

does it related with dns resolve? i have used dig same site in different conditions , no useful infomations found.

So any suggestions to help me to check out what cause the problems? thanks a lot!

 

[loveleeyoungae]

i met some internet connection problems, i don't know when they happened.
problem 1#:
when devices connect to the asus router via openvpn, such as computer with windows os , or android cell phones, they can't visit github.com, and other sites can be visited. But if the devices connect directly to the asus router via WIFI or a cable, then the site (github.com) is reachable.
problem 2#:
The devices that connect directly to the router can not fetch files from dl.google.com when using 'apt update' in debian testing. But if the devices connect to other router(router without os like asuswrt, which can not customed and install softwares ), the command 'apt update' in debian testing works fine.
other info:
I have set up an transparent proxy in the asus router via shadowsocks and chinadns.

does it related with dns resolve? i have used dig same site in different conditions , no useful infomations found.

So any suggestions to help me to check out what cause the problems? thanks a lot!

You make me remember that Skynet on my setup usually said there was no internet activity, while the author said that Skynet is programmed to ping github & google for online status, which meant the script tried to ping those sites but got no result. I run an OpenVPN server and there is a remote router connect to this one.

Btw, can you share the tutorial to setup shadowsocks?

 

[saccleo]

You make me remember that Skynet on my setup usually said there was no internet activity, while the author said that Skynet is programmed to ping github & google for online status, which meant the script tried to ping those sites but got no result. I run an OpenVPN server and there is a remote router connect to this one.

Btw, can you share the tutorial to setup shadowsocks?

You make me remember that Skynet on my setup usually said there was no internet activity, while the author said that Skynet is programmed to ping github & google for online status, which meant the script tried to ping those sites but got no result. I run an OpenVPN server and there is a remote router connect to this one.

Btw, can you share the tutorial to setup shadowsocks?

basically setup entware first, and then install shadowsocks-libev(redir and tunnel), fill shadowsocks configuration in /opt/etc.
set up rules that using shadowsocks by ipset and iptables.

 

[saccleo]

For the first problem, i have found the answer.

just add "redirect-gateway def1" into .opvn file, import the config file and restart openvpn client.

Then 'github.com' will be reachable.

But i still have no idea about problem two.

 

[saccleo]

I found something about problem 2.
If the debian testing box connect to the router by cable, then 'apt update' works fine with 'dl.google.com'. And if the Entware was removed(by format jffs and unplug udisk), both cable and wifi works fine.
So this problem may related with the transparent proxy using shadowsocks and chinadns or the Entware.

After restore to the state of transparent proxy, i made a test below with wifi connection.
When using 'wget' to fetch 'http://dl.google.com/linux/chrome/deb/dists/stable/InRelease' in debian box, it took a long time to get the result as pasted below.
Connecting to dl.google.com (dl.google.com)|xx.xx.xx.xx|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

When using 'wget' in the router, the result was:
Connecting to dl.google.com|xx.xx.xx.xx|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-12-08 23:55:37 ERROR 404: Not Found.
i got the result immediately after input the command.

Why same routers with different connection(cable and wifi) method cause different results? and there is also difference between the debian box and the router through wifi connection.

Any help or suggestions? 3x

 

[saccleo]

I found something about problem 2.
If the debian testing box connect to the router by cable, then 'apt update' works fine with 'dl.google.com'. And if the Entware was removed(by format jffs and unplug udisk), both cable and wifi works fine.
So this problem may related with the transparent proxy using shadowsocks and chinadns or the Entware.

After restore to the state of transparent proxy, i made a test below with wifi connection.
When using 'wget' to fetch 'http://dl.google.com/linux/chrome/deb/dists/stable/InRelease' in debian box, it took a long time to get the result as pasted below.
Connecting to dl.google.com (dl.google.com)|xx.xx.xx.xx|:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

When using 'wget' in the router, the result was:
Connecting to dl.google.com|xx.xx.xx.xx|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-12-08 23:55:37 ERROR 404: Not Found.
i got the result immediately after input the command.

Why same routers with different connection(cable and wifi) method cause different results? and there is also difference between the debian box and the router through wifi connection.

Any help or suggestions? 3x

i have solved the problem.
Because dl.google.com and github.com match the rules in the gfwlist, and they are treated as blacklist sites, so all the trafic to the sites are redirected to remote shadowsocks proxy servers. but in the fact the two sites can be visited directly. Then cause problems as mentioned.
add such sites to whitelist by ipset and dnsmasq

#ipset -N whitelist iphash​

give right config file to dnsmasq:

server=/dl.google.com/8.8.8.8#53
ipset=/dl.google.com/whitelist​

copy upper two line to the file in conf dir of dnsmasq, such as '/opt/etc/dnsmasq.d'
Then use iptable return whitelist in PREROUTING chain in nat table

#iptable -t nat -A PREROUTING -m set --match-set whitelist dst -j RETURN​