How to limit Retroshare to lan.

For questions and discussion that is NOT (I repeat NOT) specific to a certain Operating System.

How to limit Retroshare to lan.

Postby dhead » Tue Feb 14, 2012 5:46 pm

I would like to use Retroshare on our uni' private network.
The most important feature is to be able to limit all network communication to be over lan only.
As we have no limit at all on lan traffic but on internet traffic we have to pay.
We do have a darknet based on Alliance, but the software is very buggy.
The main benefit of Alliance is the lan only limit feature, i don't sure how it's work because i don't have a local lan ip, the ip i see on windows is the same public ip used on the internet.
I'm pretty sure it's really working as i can check my internet cap details and bills.

Anyone have any idea? should i request it as a new feature?
dhead
 
Posts: 1
Joined: Tue Feb 14, 2012 5:29 pm

Re: How to limit Retroshare to lan.

Postby Tom » Tue Feb 14, 2012 10:36 pm

We use DC++ in the uni network. It works perfectly - The Server should only allow the IPs from your network - voila!

Also I see no Problem with RetroShare. The Traffic goes alwas "the shortest way".

Example:
Your IP 193.123.0.1
Your Friends: 193.123.0.13

All others from network have a 193.123.0.xxx IP.

It goes dirctly and doesnt count as "internet" traffic.
Tom
 
Posts: 6
Joined: Thu Feb 09, 2012 11:44 pm

Re: How to limit Retroshare to lan.

Postby deadlyquirk » Wed Mar 07, 2012 10:50 am

In theory, as long as you don't add anyone from outside of your lan, you won't connect to internet directly.

If someone from your lan did connect to someone from the internet, then all traffic to and from the internet would only be routed through that person.
deadlyquirk
 
Posts: 3
Joined: Tue Mar 06, 2012 5:58 pm

Re: How to limit Retroshare to lan.

Postby NyvenZA » Fri Mar 09, 2012 5:39 am

We have a distributed network with lots of Subnets (172 IP range). Each client has their own little subnet (8 to 30 IPs) and if they don't want to expose all their PCs to the LAn, they NAT their network (usually using 192.168. range).
Everything is routed on the entire network using the 172 range, so it is not a "open" Lan as such. Some of the clients have Internet access but it is not shared on the network and the network doesn't have Internet access.

We have tested Retroshare between 5 clients. 3 has internet and 2 don't.
Retroshare only picks up the Internal IP and int Internal IP of the PC that it is running on.
So if you want to specify your 172 IP that is NATted, you can't, so the software can't connect to the other clients on the 172 range.
Now the traffic tries to go through he internet, since that is a route that works. But you can only share via the internet which make the LAN option useless.

The other software that we use DC and Torrent, you can specify the IP that the software must send as the "source" IP and then we can specify only our 172 ip. Also we limit the traffic to just the 172 range using IPFilter rules.
This way there is no internet traffic required.
This is what our aim is here too.

I am currently trying to get the software to compile, to see if I can make a patch to at least limit all traffic to a specific range only, but no luck compiling yet. (Have posted int he development section)
NyvenZA
 
Posts: 20
Joined: Mon Mar 05, 2012 4:49 pm

Re: How to limit Retroshare to lan.

Postby apoapo » Mon Mar 12, 2012 11:17 am

Please consider adding this to the wishlist:

http://sourceforge.net/tracker/?atid=88 ... unc=browse
apoapo
 
Posts: 189
Joined: Sun Jan 10, 2010 12:55 pm

Re: How to limit Retroshare to lan.

Postby NyvenZA » Sat May 26, 2012 8:15 pm

I have now added this.
NyvenZA
 
Posts: 20
Joined: Mon Mar 05, 2012 4:49 pm

Re: How to limit Retroshare to lan.

Postby NyvenZA » Wed Dec 25, 2013 7:42 am

I have finally got some time to try this again.
I posted the feature request and got a reply that this facility is already available.
http://sourceforge.net/p/retroshare/fea ... quests/97/

So I tried this and it doesn't work. My PC has internet access and the other client doesn't have internet. My client keeps trying to connect to the internet to connect to the client and the other guys client is not connecting to me. Has anyone else tried this?
NyvenZA
 
Posts: 20
Joined: Mon Mar 05, 2012 4:49 pm

Re: How to limit Retroshare to lan.

Postby terminal1 » Wed Jan 01, 2014 2:27 pm

I've also tried, to use Retroshare without internet access.
Retroshare 0.3.52A is the latest Version, where the own external IP-address can be set manually. All newer versions seem to discover the external address automatically from the internet. I found no way to change the address to my local lan/sublan. The former mechanism should be built in again.
terminal1
 
Posts: 1
Joined: Wed Jan 01, 2014 2:11 pm

Re: How to limit Retroshare to lan.

Postby NyvenZA » Tue Jun 16, 2015 12:47 pm

So version 0.6 is out and we still can't get the WAN facility to work properly on our Wifi network.

We have setup 2 test clients. Both behind NAT firewalls. Internal Range 192.168.x.x and the other side 192.168.y.y.
Our Firewalls are connected to the Wifi network with 172.18.x.x/29 and 172.18.y.y/29 ranges assigned to each. We are about 10 hops apart. Using the default install options our internet 192 Ips are assigned to our Identities. In my case the external IP is assigned to my internet IP which is accessible through he same firewall. We have exchange the the required identities and we can both see that the internal 192 Ips are show in the Peer address lists.
We have changed those IPs to the 172.18.x.x and 172.18.y.y addresses. Ont he Network nodes we also added our FQDN for our 172.18 addresses that resolve correctly on both sides.

The BDBoot.txt files has been cleared and we added both our IPs and the port 7200 that both of us configured in the network config. We have tried the following combinations int he network config without success:

1. Firewalled + darknet (No traffic between us, nothing seems to happen)

2. Manually port forwarded + Dark net ( which is the actual config that we expected to be running. We don't see any network traffic hitting the firewalls for port 7200)

3. Manually port forwarded/Firewalled + Public DHT & discovery ( With this one we a can see UDP traffic on port 7200 between us. If we view the DHT statistics, we can see each other listed there and it states disconnected. the Status flags are 0xf07 and EX:0x2. don't know what that means. I can see the Last Recv and Last Sent are updated regularly and reset back down to 1 second)

We are still very interested in running Retro share, but so far it still seems that it doesn't work on LANs that are not connected to the inernet and subnetted.

Any additional tests that we can try would be greatly appreciated.
NyvenZA
 
Posts: 20
Joined: Mon Mar 05, 2012 4:49 pm

Re: How to limit Retroshare to lan.

Postby electron » Fri Jun 19, 2015 10:22 am

NyvenZA wrote:So version 0.6 is out and we still can't get the WAN facility to work properly on our Wifi network.

Retroshare makes assumptions on the adresses and the network. This is bad.

We have a branch for IPv6, which also cleans out this problem. Unfortunately the branch is not merged yet.

In case you can compile Retroshare:
Checkout trunk, go to the "sockaddr_storage_samenet" function in rsnet_ss.cc:377, and change it to always return true.
electron
 
Posts: 96
Joined: Sun Aug 12, 2012 9:39 am

Next

Return to General RetroShare discussion

Who is online

Users browsing this forum: No registered users and 1 guest

cron