by Guest on 2018/04/24 12:07:02 AM
Summary:
When I run tixati as another user I always get the Link association popup on startup and then get spammed with the Download Folder Not Found popup despite everything else functioning normally. I also imported my settings from my normal user.
What I'm trying to do:
Run tixati as another user so I can force that users traffic through my vpn using the following commands:
(cole@alderaan) ~ $ xhost +
(cole@alderaan) ~ $ DISPLAY=":0" XAUTHORITY=$XAUTHORITY sudo -u vpn -H tixati
What works:
Vpn split tunnel
Loading of existing torrents from folders in /stor
Adding and full download of ubuntu torrent via .torrent file.
Adding and full download of high seeded torrent via magnet link.
Both files were successfully downloaded to the correct /stor/torrents/downloading then moved to /stor/torrents on completion with no issues.
What doesn't
Saving link association settings.
Setting any download related file location to somewhere in /stor.
Getting rid of the Download Folder Not Found popup.
Every option is grayed out other than /tmp and /home/vpn for file selection.
Info:
Linux alderaan 4.16.3-1-ARCH #1 SMP PREEMPT Thu Apr 19 09:17:56 UTC 2018 x86_64 GNU/Linux
Tixati 2.57
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /stor ext4 rw 0 0
// `sudo setfacl -R -m group::rwx /stor` was used during my error fixing attempts
(cole@alderaan) ~ $ getfacl /stor
getfacl: Removing leading '/' from absolute path names
# file: stor
# owner: cole
# group: stor
user::rwx
user:vpn:rwx
group::rwx
mask::rwx
other::r-x
(cole@alderaan) ~ $ groups
disk wheel audio cole vpn stor
(vpn@alderaan) cole $ groups
disk wheel cole vpn stor
by Guest on 2018/04/26 04:25:28 AM
I solved this issue by switching the way I was doing my split tunnel from running it as another user to running it in a cgroup.
up.sh Before:
#!/bin/sh
iptables -t mangle -I OUTPUT -m owner --owner-uid vpn -j MARK --set-mark 42
iptables -t mangle -I OUTPUT -d 192.168.100.0/24 -m owner --owner-uid vpn -j RETURN
iptables -t nat -I POSTROUTING -o torrent-tun -j MASQUERADE
ip rule add fwmark 42 table 42
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $f
done
ip route add default via $(ifconfig -a torrent-tun | grep -o 'inet .*$' | cut -d ' ' -f2) table 42
chgrp vpn $XAUTHORITY
chmod 640 $XAUTHORITY
Then starting tixati by doing this:
xhost +
DISPLAY=":0" XAUTHORITY=$XAUTHORITY sudo -u vpn -H tixati &
up.sh After:
#!/bin/sh
iptables -t mangle -I OUTPUT -m cgroup --cgroup 0x00110011 -j MARK --set-mark 42
iptables -t mangle -I OUTPUT -d 192.168.100.0/24 -m cgroup --cgroup 0x00110011 -j RETURN
iptables -t nat -I POSTROUTING -o torrent-tun -j MASQUERADE
ip rule add fwmark 42 table 42
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $f
done
ip route add default via $(ifconfig -a torrent-tun | grep -o 'inet .*$' | cut -d ' ' -f2) table 42
Then starting tixati by doing this:
mkdir /sys/fs/cgroup/net_cls/vpn
echo 0x00110011 > /sys/fs/cgroup/net_cls/vpn/net_cls.classid
cgcreate -t $USER:$USER -a $USER:$USER -g net_cls:vpn
nohup cgexec -g net_cls:vpn tixati &
