metakgp / iit-kgp-network Goto Github PK

• Update ExpressVPN results

https://github.com/sheharyaar/iit-kgp-network/blob/d7250aae2eb8dd0270a033d05c52d0f02e6533d1/README_technical.md?plain=1#L445

Since ExpressVPN is not the best now; it has a new contender -- Speedify, the whole testing thing shall be changed to Speedify if we get some tester(I might be the one; but I ain't into gaming so that will not suffice). Speedify has active servers in Mumbai, India and no future plans to remove them and cheaper( in terms of 3-yr plan ) than ExpressVPN.

Thus a general suggestion to change the essence of documentation to something not based on ExpressVPN or atleast mention about the "now" issue with ExpressVPN in the documentation as a highlight.
Shall I make a PR regarding this after Speedify test results PR gets merged?

• work in progress

It started yesterday but it works fine when we connect to to it over WiFi.

Add a legal document and a disclaimer for the usage of vpn .

Since many things were added to the repo, and many changes were made.. we should update the status of netlify version of this doc too

• Update it

KGP Network does not need a proper VPN with heavy encryption and stuff.
We just need to have a server that unloads the packet and then forwards it to the correct destination.

• Trying to send UDP over TCP and then routing it through Wireguard or using a resource heavy VPN like OpenVPN creates a performance loss and packet loss ( not ideal for gaming). OpenVPN causes much speed loss, causing only 24 Mbps on Wifi networks and causes huge instant packet losses in games.

A few methods I propose, which can work much better on free servers like AWS, Azure and DigitalOcean aree :

• Basic packet transforming in the kernel via BPF/XDP hooks ??
• Testing a basic/encrypted proxy at userspace
• Testing a basic/encrypted in kernel proxy (will be faster than userspace)
• An in kernel VPN similar to Wireguard which works on TCP -> This eliminates sending UDP over TCP which is again unpacked by Wireguard to be forwarded, causing a performance loss
• Bypass linux kernel network stack and use custom stack developed using something like DPDK and can be hosted online

Need more input on these.

Some resources:
Wireguard Whitepaper
Kernel Bypass
DPDK

• NOTES.md and vpnNotes.md can be organised in one folder named as todo or notes.
  This won't have any issues with other part of documentation as these are not referred anywhere else.
• putting pdfs like vpn-expressvpnAudit.pdf in folder named pdfs or docs.

Suggest changes if needed, will push the changes accordingly.

There is a strange behavior with the firewall dropping TCP and UDP packets. After hosting a server using netcat on cloud (both EC2 and DigitalOcean),

I tested TCP using netcat and telnet. Both connected successfully. For UDP testing, I used netcat only. The servers were created on even reserved category ports which are not in use.

The strange behaviour I noticed was that, both TCP and UDP connections were dropped on both netcat and telnet exactly after 6 data transfers ( the 7th couldn't
be processed by the server and the conenction was reset ).

More information from important tools like wireshark or tcpdump would be helpful.
Information can be gathered about this behaviour by changing the size of the messages and forcing fragmentation. Tinkering with MTU size can also provide some insight.

Umm.. why to use ✔️, why not ✅
The first one has almost same shade as that of background of github.. and that decreases the readability to some extent..
looks for both versions are attached below:

• No errors encountered

• Works after choosing OpenVPN protocol with TCP port 443 and enabling bridge mode in the settings

• DNS leak test: passed

• Contents of /etc/resolv.conf

  • Before connecting to the vpn:

    # Generated by NetworkManager
    search iitkgp.ac.in
    nameserver 172.16.1.164
    nameserver 172.16.1.180

  • After connecting to the vpn:

    nameserver 10.5.0.1
    search iitkgp.ac.in

• iptables rules

  • Before connecting to the vpn:

    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
    
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL
    
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination         
    MASQUERADE  all  --  172.17.0.0/16        anywhere            
    MASQUERADE  all  --  anywhere             anywhere            
    
    Chain DOCKER (2 references)
    target     prot opt source               destination         
    RETURN     all  --  anywhere             anywhere            

  • After connecting to the vpn:

    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
    
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL
    
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination         
    MASQUERADE  all  --  172.17.0.0/16        anywhere            
    MASQUERADE  all  --  anywhere             anywhere            
    
    Chain DOCKER (2 references)
    target     prot opt source               destination         
    RETURN     all  --  anywhere         
    

I have set up OpenVPN on Azure and it worked fine, but from last few days when chatgpt and some other websites got blocked the vpn has stopped connecting. Is there any fix for this?

Enable the discussion area for this repository, idk how exactly to refer it.. thus attaching an image to clarify..
This will provide a good platform for ordered discussion regarding multiple topics right here on github.

Add AWS tutorial for the following :

• Opening an AWS account
• Creating an instance for VPN usage only
• Managing billing and alerts
• Removing instances, releasing resources and maybe shutting down instances for good

Server: Azure Central India
TCP Port: 443
Location: Nehru Hall
Connection: Gigabit Ethernet

Without VPN Results:
Speed:
Speedtest.net -> [Server: Mutiny Systems, Pune] 290Mbps Down, 230Mbps Up
Fast.com -> [Server: Block EP Sector V, Saltlake, IN  |  Patna, IN  |  Nagpur, IN] 670Mbps Down, 480Mbps Up

With VPN Results:
Speed:
Speedtest.net -> [Server: Mutiny Systems, Pune] 178Mbps Down, 45 Mbps Up
(NOT INDIAN SERVER) Fast.com -> [Server: Ciudad de Buenos Aires, AR  |  Barranquilla, CO] 85Mbps down, 17 Mbps up

Ping:
Valorant -> 55-60ms, Packet loss ~ 0%

VPN Without TCP_NODELAY Results:
Speed:
Speedtest.net -> [Server: Mutiny Systems, Pune] 201Mbps Down, 13Mbps up
(NOT INDIAN SERVER) Fast.com -> [Server: Ciudad de Buenos Aires, AR  |  Barranquilla, CO] 41Mbps Down, 4.8Mbps Up

Ping:
Valorant -> 76-80ms, Packet loss ~ 0%

As suggested by this blog, UDP port 19302 (among others) is not blocked and is used by Gmeet on Campus Network.

I tried running OpenVPN on Azure with UDP protocol and port 19302 and here are the results

Linux, Ethernet 1000 Mbps
Azure Central India Server [Pune]

1. Without VPN
   fast.com[servers: Block EP Sector V, Saltlake, IN | Patna, IN | Nagpur, IN]: 640 Mbps down, 250 Mbps up
   speedtest.net[server: Airtel, KGP, IN]: 550 Mbps down, 52 Mbps up
   speedtest.net[server: Gazon Comm, Pune, IN]: 540 Mbps dpwm, 135 Mbps up

2. With VPN
   fast.com[servers: Ciudad de Buenos Aires, AR | Barranquilla, CO]: 8 Mbps down, 78 Mbps up (unreliable, chooses servers outside the country)
   speedtest.net[server: Gazon Comm, Pune, IN]: 135 Mbps down, 140 Mbps up

Windows, Ethernet 1000 Mbps
Azure Central India Server [Pune]

Valorant: 60ms ping, 2-5ms jitter, ~0% packet loss

As @thealphadollar mentioned in slack; yes hotspotshield did end up being slow on MacOS and refusing to connect on windows with time; abiding by what the company said - capping the speed to 2 mbps.

I am going to try a few things, to fix - if fixed then automate; and update the situation on the repository whatever be the results of those efforts.

Related to #28.

Speedify removed Indian servers from its list.

The following sections need to be updated accordingly:
https://github.com/sheharyaar/iit-kgp-network/blob/2ae92f0218f9eb71dcc101f6f760b9b87a8e30be/README_technical.md?plain=1#L43
https://github.com/sheharyaar/iit-kgp-network/blob/2ae92f0218f9eb71dcc101f6f760b9b87a8e30be/README_technical.md?plain=1#L51
https://github.com/sheharyaar/iit-kgp-network/blob/2ae92f0218f9eb71dcc101f6f760b9b87a8e30be/README_technical.md?plain=1#L80
https://github.com/sheharyaar/iit-kgp-network/blob/2ae92f0218f9eb71dcc101f6f760b9b87a8e30be/README_technical.md?plain=1#L452

Maybe this as well?
https://github.com/sheharyaar/iit-kgp-network/blob/2ae92f0218f9eb71dcc101f6f760b9b87a8e30be/README_technical.md?plain=1#L129-L139

Network Book: https://github.com/sheharyaar/iit-kgp-network-book

Why

To automate the process of syncing Network book with this repository because that looks better to read.

How

• Transfer the Network Book to a separate branch in this repository.
• Automate the syncing between these two branches.

Review the bug in dns file config update issue in raspberry pi after connecting to ExpressVPN. For more details - here