Jorge Fuentes González's questions

I have a server with 1 interface bridged to tap0. Also a client with 2 interfaces that have public Internet connection (eth1 and eth2) and a tunnel for interface 2, so I can send traffic through tap0 and will actually send data through eth2.

if I do

curl ifconfig.co

I get the public IP of eth1. If I do

curl ifconfig.co --interface eth2

I get the public IP of eth2, and if I do

curl ifconfig.co --interface tap0

I get the public IP of the server (it went through the tunnel, so everything is fine).

tap0 is in 192.168.0.0/24 subnet (the other ones are 192.168.1.0/24 and 192.168.3.0/24, so no conflict here) and I can connect correctly to 192.168.0.1, 192.168.0.22 (which is the server local IP) and etc.

I have set in the server router (192.168.0.1) a redirection for the ports I need to the machine at 192.168.0.22 (iperf3, 80, OpenVPN and such).

In short, I think that I have everything working correctly up to this point.

The problem comes when I want to connect to the server public IP. Lets say the public IP is 1.2.3.4 through the VPN. If I do

curl 1.2.3.4

I get all the info I need, as the connection goes through eth1 to the server router, which redirects it to the local machine where the server sits. But if I do

curl 1.2.3.4 --interface tap0

NOTHING HAPPENS!

Checking client tap0 with tcpdump I can see that a request is created
But that request never reaches tap0 on the server (checked eth0 on the server for incoming OpenVPN UDP packets and no new packets arrive when this one is created in client tap0). This is eth0 on the server when connecting to whatever else from client:
This becomes a decrypted packet on tap0 and needless to say that no decrypted packet appears on tap0 when no UDP packet appears there.

I don't know what is happening here. I thought that all packets that go through tap0 on the client will be sent to the server, without limitations, but this don't seem the case.

Also, if I go to the server machine 192.168.0.22 and do a curl to the public IP, I get a connect back to the web server and curl receives the result, so the server don't has problems connecting to itself.

Diagram (Don't kill me):

What can I do so connections to my server public IP works when sent over tap0?

I have a server with 2 WAN interfaces, eth1 and eth2. Each one have one router connected which gives them these IPs: 192.168.3.101 and 192.168.1.101.

The thing is that I want to completely avoid traffic through eth1 and instead create a tun0 which will tunnel all the traffic eth1 should receive.

I have complete control on which interface my programs should use (MPTCP will use all the interfaces it can that can reach the server), so I prepared a simple OpenVPN client/server configuration (binding to local 192.168.3.101), with server IP 192.168.99.1 and client IP 192.168.99.2. With this I have a working interface where I can send/receive data to 192.168.99.1 without problems.

Now the problem comes when I want to send/receive data to ifconfig.co (for example) using interface tun0. What I though it would do is to send data through eth1 to my server, then my server redirect the traffic to ifconfig.co, but that's not what is happening. It simply drops the connection:

If I try with interfaces eth1 and eth2 everything works as expected.

I've read/tried a lot of things for about 7 hours without stop and now I'm really lost. I'm not sure what is happening or what I'm doing wrong.

I think is a routing problem because when I try the command above tcpdump shows nothing on server. Zero packets received. This is what I have for now:

I see everything equal to each other, but eth0/eth1 are working and tun0 is not.

Just in case, this is my OpenVPN config (a simple point to point config):

;SERVER
dev tun
ifconfig 192.168.99.1 192.168.99.2
secret /etc/openvpn/static.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

;CLIENT
dev tun
remote XXXXXXXXXXXX
resolv-retry infinite
local 192.168.3.101
lport 0
ifconfig 192.168.99.2 192.168.99.1
secret /etc/openvpn/static.key
keepalive 10 60
ping-timer-rem
persist-tun
persist-key

NOTE: I know that the convention for VPN IPs are 10.*, but I changed to 192.168.* as a desperate move to have a similar configuration as the other 2 interfaces.

The reason of all this is an idea to workaroud this issue: https://github.com/Ysurac/openmptcprouter/issues/670#issuecomment-533816813

I'm looking for a system to create a live sockets application through sockets.io and that can be balanced without problem.

There are tons of solutions to balance the load between multiple socket instances, like SocketCluster, but the problem I'm facing is that, when the load balancer decides that instead of 10 instances I need 8 instances and closes 2 of them, how can I keep the socket connections of those instances?

Trying to explain it better, I have an event streaming company that streams events almost all weekends but nothing in between. If I use Amazon EC2 I'm only going to have 1 instance along the time that there are almost 0 users connected, but in the weekend Amazon will launch some instances when an event starts streaming and will route each connection to a different server. The problem that I see is, when an event ends and people starts quitting, the load balancer will start closing instances and people still connected to those instances will start losing connection to the chat. I know that I can overcome this simply by reconnecting the people but is possible that they lose some messages meanwhile they reconnect.

Is there a system that will route the connection to another server and know that was the same user that was connected to the other instance without reconnecting?

I have a strange behaviour in my server :-/. Is a OpenVZ VPS (I think is OpenVZ, because /proc/user_beancounters exists and df -h returns /dev/simfs drive. Also ifconfig returns venet0). When I do cat /proc/stat, I can see how each second about 50-100 processes are created and happens about 800k-1200k context switches! All that info is with the server completely idle, no traffic nor programs running.

Top shows 0 load average and 100% idle CPU.

I've closed all non-needed services (httpd, mysqld, sendmail, nagios, named...) and the problem still happens. I do ps -ALf each second too and I don't see any changes, only a new ps process is created each time and the PID is just the same as before + 1, so new processes are not created, so I thought that process growing in cat /proc/stat must be threads (Yes, seems that processes in /proc/stat counts threads creation too as this states: http://webcache.googleusercontent.com/search?q=cache:8NLgzKEzHQQJ:www.linuxhowtos.org/System/procstat.htm&hl=es&tbo=d&gl=es&strip=1).

I've changed to /proc dir and done cat [PID]\status with all PIDs listed with ls (Including kernel ones) and in any process voluntary_ctxt_switches nor nonvoluntary_ctxt_switches are growing at the same speed as cat /proc/stat does (just a few tens/second), Threads keeps the same also.

I've done strace -p PID to all process too so I can see if any process is crating threads or something but the only process that has a bit of movement is ssh and that movement is read/write operations because of the data is sending to my terminal.

After that, I've done vmstat -s and saw that forks is growing at the same speed processes in /proc/stat does. As http://linux.die.net/man/2/fork says, each fork() creates a new PID but my server PID is not growing!

The last thing I can think of is that all process data that proc/stat and vmstat -s show is shared with all the other VPS stored in the same machine, but I don't know if that is correct... If someone can throw some light on this I would be really grateful.