You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ip netns add torns
ip link set tun0 netns torns
ip -n torns addr add 198.19.0.1/15 dev tun0
ip -n torns link set dev tun0 up
ip -n torns route add default via 198.19.0.1 dev tun0 metric 100
Inside the namespace, all request go through tun0 and then via socks proxy on the unix socket. Everything works as expected except for ping.
ping should either not work or go through proxy. But instead goes through host's default network stack. I am able to ping devices in local network.
CLI or Config
No response
Logs
No response
How to Reproduce
Create network namespace as shown above and start a shell in the namespace.
ping a local resource. It should not be able to ping.
❯ ping -c3 192.168.XX.YY
PING 192.168.XX.YY (192.168.XX.YY) 56(84) bytes of data.
64 bytes from 192.168.XX.YY: icmp_seq=1 ttl=64 time=0.257 ms
64 bytes from 192.168.XX.YY: icmp_seq=2 ttl=64 time=0.270 ms
64 bytes from 192.168.XX.YY: icmp_seq=3 ttl=64 time=0.267 ms
Other requests work just fine.
❯ curl --resolve check.torproject.org:443:116.202.120.181 -sL https://check.torproject.org | grep -A5 'Congratula' | tail
<link rel="icon" type="image/x-icon" href="/torcheck/img/tor-not.png" />
<style>
html { height: 100%; }
--
Congratulations. This browser is configured to use Tor.
</h1>
<p>Your IP address appears to be: <strong>109.70.100.2</strong></p>
The text was updated successfully, but these errors were encountered:
Thank you! Is it possible to provide a cli flag to disable ICMP?
As a workaround, If I set NoNewPrivileges=yes when starting the shell, ping does not work but regular connections work. But it would be good if it is blocked in the interface level.
Verify steps
Version
latest
What OS are you seeing the problem on?
Linux
Description
Started tun2socks using below command
And moved the device to a network namespace.
Inside the namespace, all request go through
tun0
and then via socks proxy on the unix socket. Everything works as expected except forping
.ping
should either not work or go through proxy. But instead goes through host's default network stack. I am able to ping devices in local network.CLI or Config
No response
Logs
No response
How to Reproduce
Create network namespace as shown above and start a shell in the namespace.
ping a local resource. It should not be able to ping.
Other requests work just fine.
The text was updated successfully, but these errors were encountered: