Mudfish Server =============== .. note:: Please leave any comments or opinions about this document at Mudfish Forum (http://forums.en.loxch.com) This document is for who want to operate Mudfish VPN server yourself and explain about how to set up and run. At current of Mudfish Server, it's designed working on the following operating systems. * Amazon Linux - EC2 (64 bit) Should work smoothly on macro instance. :-) * CentOS 5.x and 6.x (64 bit) Be aware before installation ---------------------------- .. warning:: When Mudfish Server is launched on your system, the following information are automatically stored on Mudfish main server. Please be aware about these and **don't install** if you don't agree with it. 1. If there are any sort of warning, error or higher level messages from Mudfish Server daemons, it's collected and reported to Mudifhs main server. Please note that messages related with Mudfish Server daemons only and /var/log/messages file is used. 2. Traffic usage statistics from Mudfish Server daemons are collected and reported to Mudfish main server. It's to calculate traffic usage per a user. 3. Periodically, the heartbeat is sent to Mudfish main server to let him know whether it's alive or dead. 4. RTT (Round Trip Time) information between Mudfish VPN server and the backend server (pointing normally the game server) are collected and reported to Mudfish main server. These information are used when a user opens wizard menu of Mudfish Web UI. Download -------- Mudfish Server package is distributed by homepage (http://en.loxch.com). Please visit if you want to download latest one. Installation ------------ .. warning:: If you're trying to install Mudfish Server package on the virtualization evironment, please aware that OpenVZ isn't supported. Only the following hypervisors are supported. * KVM * Xen To install the package, root permission is required and there are some dependency to other packages like below: * gcc Cache-Terminator depends on this package because VCL (Varnish Configuration Language) should use it to compile the configuration. * GeoIP Cache-Terminator depends on this package to know country information based on user's IP address. .. note:: For CentOS 5.x, please check system's yum repositories for "extras". It could be disabled by some reasons. For CentOS 6.x, you need to install EPEL(Extra Packages for Enterprise Linux) yum repository on your system if you failed to search GeoIP. Use the following commands to install it then retry. .. code-block:: none # cd /tmp/ # wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # rpm -ivh epel-release-6-8.noarch.rpm Installs above two packages with ``yum`` command. .. code-block:: none # yum install gcc GeoIP Loaded plugins: priorities, security, update-motd, upgrade-helper amzn-main | 2.1 kB 00:00 amzn-updates | 2.3 kB 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package GeoIP.x86_64 0:1.4.8-1.5.amzn1 will be installed ---> Package gcc.noarch 0:4.6.2-1.8.amzn1 will be installed --> Processing Dependency: gcc46 = 4.6.2 for package: gcc-4.6.2-1.8.amzn1.noarch --> Running transaction check ---> Package gcc46.x86_64 0:4.6.2-2.65.amzn1 will be installed --> Processing Dependency: cpp46 = 4.6.2-2.65.amzn1 for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Processing Dependency: libgcc46 = 4.6.2 for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Processing Dependency: binutils >= 2.20.51.0.2-12 for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Processing Dependency: libgomp >= 4.6.2-2.65.amzn1 for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Processing Dependency: libmpfr.so.1()(64bit) for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Processing Dependency: libmpc.so.2()(64bit) for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Processing Dependency: libgomp.so.1()(64bit) for package: gcc46-4.6.2-2.65.amzn1.x86_64 --> Running transaction check ---> Package binutils.x86_64 0:2.20.51.0.7-8.29.amzn1 will be installed ---> Package cpp46.x86_64 0:4.6.2-2.65.amzn1 will be installed ---> Package glibc-devel.x86_64 0:2.12-1.80.42.amzn1 will be installed --> Processing Dependency: glibc-headers = 2.12-1.80.42.amzn1 for package: glibc-devel-2.12-1.80.42.amzn1.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.80.42.amzn1.x86_64 ---> Package libgcc46.x86_64 0:4.6.2-2.65.amzn1 will be installed ---> Package libgomp.x86_64 0:4.7.2-2.69.amzn1 will be installed ---> Package libmpc.x86_64 0:0.8.2-1.4.amzn1 will be installed ---> Package mpfr.x86_64 0:2.4.2-1.7.amzn1 will be installed --> Running transaction check ---> Package glibc-headers.x86_64 0:2.12-1.80.42.amzn1 will be installed --> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.80.42.amzn1.x86_64 --> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.80.42.amzn1.x86_64 --> Running transaction check ---> Package kernel-headers.x86_64 0:3.2.39-6.88.amzn1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: GeoIP x86_64 1.4.8-1.5.amzn1 amzn-main 783 k gcc noarch 4.6.2-1.8.amzn1 amzn-main 2.7 k Installing for dependencies: binutils x86_64 2.20.51.0.7-8.29.amzn1 amzn-main 3.6 M cpp46 x86_64 4.6.2-2.65.amzn1 amzn-main 4.8 M gcc46 x86_64 4.6.2-2.65.amzn1 amzn-main 14 M glibc-devel x86_64 2.12-1.80.42.amzn1 amzn-main 1.0 M glibc-headers x86_64 2.12-1.80.42.amzn1 amzn-main 648 k kernel-headers x86_64 3.2.39-6.88.amzn1 amzn-updates 847 k libgcc46 x86_64 4.6.2-2.65.amzn1 amzn-main 98 k libgomp x86_64 4.7.2-2.69.amzn1 amzn-updates 113 k libmpc x86_64 0.8.2-1.4.amzn1 amzn-main 49 k mpfr x86_64 2.4.2-1.7.amzn1 amzn-main 182 k Transaction Summary ================================================================================ Install 12 Package(s) Total download size: 26 M Installed size: 50 M Is this ok [y/N]: y Downloading Packages: (1/12): GeoIP-1.4.8-1.5.amzn1.x86_64.rpm | 783 kB 00:00 (2/12): binutils-2.20.51.0.7-8.29.amzn1.x86_64.rpm | 3.6 MB 00:00 (3/12): cpp46-4.6.2-2.65.amzn1.x86_64.rpm | 4.8 MB 00:00 (4/12): gcc-4.6.2-1.8.amzn1.noarch.rpm | 2.7 kB 00:00 (5/12): gcc46-4.6.2-2.65.amzn1.x86_64.rpm | 14 MB 00:00 (6/12): glibc-devel-2.12-1.80.42.amzn1.x86_64.rpm | 1.0 MB 00:00 (7/12): glibc-headers-2.12-1.80.42.amzn1.x86_64.rpm | 648 kB 00:00 (8/12): kernel-headers-3.2.39-6.88.amzn1.x86_64.rpm | 847 kB 00:00 (9/12): libgcc46-4.6.2-2.65.amzn1.x86_64.rpm | 98 kB 00:00 (10/12): libgomp-4.7.2-2.69.amzn1.x86_64.rpm | 113 kB 00:00 (11/12): libmpc-0.8.2-1.4.amzn1.x86_64.rpm | 49 kB 00:00 (12/12): mpfr-2.4.2-1.7.amzn1.x86_64.rpm | 182 kB 00:00 -------------------------------------------------------------------------------- Total 15 MB/s | 26 MB 00:01 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : mpfr-2.4.2-1.7.amzn1.x86_64 1/12 Installing : libmpc-0.8.2-1.4.amzn1.x86_64 2/12 Installing : cpp46-4.6.2-2.65.amzn1.x86_64 3/12 Installing : kernel-headers-3.2.39-6.88.amzn1.x86_64 4/12 Installing : glibc-headers-2.12-1.80.42.amzn1.x86_64 5/12 Installing : glibc-devel-2.12-1.80.42.amzn1.x86_64 6/12 Installing : libgcc46-4.6.2-2.65.amzn1.x86_64 7/12 Installing : libgomp-4.7.2-2.69.amzn1.x86_64 8/12 Installing : binutils-2.20.51.0.7-8.29.amzn1.x86_64 9/12 Installing : gcc46-4.6.2-2.65.amzn1.x86_64 10/12 Installing : gcc-4.6.2-1.8.amzn1.noarch 11/12 Installing : GeoIP-1.4.8-1.5.amzn1.x86_64 12/12 Verifying : binutils-2.20.51.0.7-8.29.amzn1.x86_64 1/12 Verifying : glibc-headers-2.12-1.80.42.amzn1.x86_64 2/12 Verifying : GeoIP-1.4.8-1.5.amzn1.x86_64 3/12 Verifying : libmpc-0.8.2-1.4.amzn1.x86_64 4/12 Verifying : gcc46-4.6.2-2.65.amzn1.x86_64 5/12 Verifying : gcc-4.6.2-1.8.amzn1.noarch 6/12 Verifying : libgomp-4.7.2-2.69.amzn1.x86_64 7/12 Verifying : libgcc46-4.6.2-2.65.amzn1.x86_64 8/12 Verifying : mpfr-2.4.2-1.7.amzn1.x86_64 9/12 Verifying : cpp46-4.6.2-2.65.amzn1.x86_64 10/12 Verifying : glibc-devel-2.12-1.80.42.amzn1.x86_64 11/12 Verifying : kernel-headers-3.2.39-6.88.amzn1.x86_64 12/12 Installed: GeoIP.x86_64 0:1.4.8-1.5.amzn1 gcc.noarch 0:4.6.2-1.8.amzn1 Dependency Installed: binutils.x86_64 0:2.20.51.0.7-8.29.amzn1 cpp46.x86_64 0:4.6.2-2.65.amzn1 gcc46.x86_64 0:4.6.2-2.65.amzn1 glibc-devel.x86_64 0:2.12-1.80.42.amzn1 glibc-headers.x86_64 0:2.12-1.80.42.amzn1 kernel-headers.x86_64 0:3.2.39-6.88.amzn1 libgcc46.x86_64 0:4.6.2-2.65.amzn1 libgomp.x86_64 0:4.7.2-2.69.amzn1 libmpc.x86_64 0:0.8.2-1.4.amzn1 mpfr.x86_64 0:2.4.2-1.7.amzn1 Complete! # Installs ``mudfish-server`` RPM package when it's completed. .. code-block:: none # rpm -ivh mudfish-server-1.0.0-0.x86_64.rpm Preparing... ########################################### [100%] 1:mudfish-server ########################################### [100%] Done to install Mudfish Server. Now we need to set up the firewall for Mudfish users to allow to connect your Mudfish VPN server. Set up firewall --------------- For Mudfish VPN server to work correctly the following firewall policy should be made. * Port 10007 and 10008 ports for TCP/UDP Port 10007 and 10008 are used by Mudfish Server daemons. It's to receive traffics from outside. Please make sure that it's listening on both TCP and UDP protocols. * ICMP ICMP protocol is used to calculate RTT (Round Trip Time) between Mudfish users and your Mudfish VPN server when your Mudfish VPN server is registered in Mudfish main server. Depending on the configuration of users, UDP or TCP protocols are used too. So it's impossible letting Mudfish users know RTT information without allowing ICMP protocol. Done to set up firewall. Next step is for OS. System ------ There are three parts for System; NAT, IP forwarding and ICMP echo ignoring. Using the following commands you can set up. If you encounter any kind of error messages while you're setting up your system, please ask problems through Mudfish Forum. .. code-block:: none # /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 10.252.0.0/14 # /sbin/sysctl net.ipv4.ip_forward=1 If the version of Mudfish Server you're using is v1.0.4 or higher, the following command is required by sysctl command. .. code-block:: none # /sbin/sysctl net.ipv4.icmp_echo_ignore_all=1 .. note:: If your system was rebooted by some reasons, please aware that your settings you did on above are reset. Please use the following commands if you want to set up permanently after setting above. .. code-block:: none # /etc/init.d/iptables save # echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf # echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf If you want to run Mudfish Server automatically when it's booted. Please use the following command to register mudfish-server script. .. code-block:: none # /sbin/chkconfig --level 2345 mudfish-server on OK it's done for your OS. Next step is the configuration part of Mudfish Server. Configuration ------------- If you're launching Mudfish Server without any modification of configuration, the following rules are applied: * If ``name`` file doesn't exist or empty, your server name picked by Mudfish main server including your public IP and country code. * ``owner_name`` or ``owner_email`` files don't exist or empty, 'Unknown' string will be shown. * If you don't have any ACL (Access Control List) policy using ``users_allow`` or ``users_deny``, it means all users are accessible to your server. The configuration file are always under ``/etc/mudfish-server/`` directory. * ``/etc/mudfish-server/commercial_node`` If this content body of this file is "True" or "Yes", it's regisitered as the premium node that not free. If you'd like to open a free server, you don't need to create the file or save the file with "False" or "No". * ``/etc/mudfish-server/commercial_node_currency`` Sets the currency applied to ``commercial_node_price_domestic`` and ``commercial_node_price_international`` files. Availabel currencies are as follows: * KRW * USD This option is only valid if the server is set for the premium node. .. code-block:: none $ cat /etc/mudfish-server/commercial_node_currency USD * ``/etc/mudfish-server/commercial_node_price_domestic`` Points the price for the domestic traffics per Gbytes. Its value type is float so allows a value like 0.0123. This option is only valid if the server is set for the premium node. .. code-block:: none $ cat /etc/mudfish-server/commercial_node_price_domestic 0.0012 * ``/etc/mudfish-server/commercial_node_price_international`` Points the price for the international traffics per Gbytes. Its value type is float so allows a value like 0.0123. This option is only valid if the server is set for the premium node. .. code-block:: none $ cat /etc/mudfish-server/commercial_node_price_international 0.0012 * ``/etc/mudfish-server/country`` *Auto genenrated file.* This file contains country code of your Mudfish VPN server. Calculated based on GeoIP database. * ``/etc/mudfish-server/name`` Names your Mudfish VPN server shown to Mudfish users. Limited characters (including alphabets, number and some special characters) are allowed that other exceptional characters are converted to '_' (underscore) character. .. note:: Please note that always the country code based on GeoIP is prepended before your server name to let users know where your server is located. .. code-block:: none $ cat /etc/mudfish-server/name US West (Weongyo's server) If you want to change your server name, please restart Mudfish Server package. * ``/etc/mudfish-server/owner_name`` .. note:: This option is available at Mudfish Server v1.0.2 or higher. Could contain operator's name. If not set, "Unknown" is set automatically. * ``/etc/mudfish-server/owner_email`` .. note:: This option is available at Mudfish Server v1.0.2 or higher. Could contain operator's email which could be used to contact by Mudfish users or mudfish teams. * ``/etc/mudfish-server/public_ip`` *Auto genenrated file.* This file contains public IP address of your Mudfish VPN server. * ``/etc/mudfish-server/users_allow`` Lists IDs of Mudfish accounts to allow connections to your Mudfish VPN server. Please aware that any Mudfish users who didn't be listed on here are denied to access. One user per a line. Please note that a ID can't place on both users_allow and users_deny files. .. code-block:: none $ cat /etc/mudfish-server/users_allow weongyo userid1 mijung * ``/etc/mudfish-server/users_deny`` Lists IDs of Mudfish accounts to deny connections to your Mudfish VPN server. Please aware that any Mudfish users who didn't be listed on here are allowed to access. Please note that a ID can't place on both users_allow and users_deny files. * ``/etc/mudfish-server/type`` Normally ``S`` character only to point the type of Mudfish VPN server. * ``/etc/mudfish-server/v2_tapip`` *Auto genenrated file.* This file contains the private IP address assigned for your Mudfish VPN server. * ``/etc/mudfish-server/varnishd_listen_address`` *Auto genenrated file.* This file contains the listening address for Cache-Terminator. * ``/etc/mudfish-server/version`` Contains the version of Mudfish Server you'd like to use. Depending on this file, the specific Mudfish Server's selected which under ``/opt/mudfish-server//`` directory. Start Mudfish Server -------------------- Please use the following command to launch Mudfish Server after you set up the configuration of Mudfish Server under ``/etc/mudfish-server/`` directory correctly. .. code-block:: none # /etc/init.d/mudfish-server start If there are any issues while it's launching, please check ``/var/log/messages`` file to know what's going on. Now you should check whether your Mudfish VPN server is registered to Mudfish main server correctly. Easiest way to check whether it's on or not is that with visiting the following URL: * Mudfish: Realtime VPN Server's status http://en.loxch.com/servers.php Stop Mudfish Server ------------------- To stop Mudfish Server, please use the following command. .. code-block:: none # /etc/init.d/mudfish-server stop Please make sure that all processes of Mudfish Server are terminated using ps command. Release Notes ------------- v1.5.0 (2013/09/06) ^^^^^^^^^^^^^^^^^^^ * mudcrond * Now system uptime is reported to the master server. * mudd * No more mudd daemon supports ADN mode because it'd be handled by mudfish process. * mudfish * Mudfish Cloud VPN client version is upgraded to v3.5.0. * mudwatchdog * Fixed a option to launch mudfish process for ADN mode. v1.0.10 (2013/07/29) ^^^^^^^^^^^^^^^^^^^^ * mudfish * Mudfish Cloud VPN client application is upgraded to the latest one (v3.3.2) v1.0.9 (2013/07/17) ^^^^^^^^^^^^^^^^^^^ * mudd * Changes the error log level. * mudmeshd * Be more verbose for error messages * Changes the RTT checking interval from 30 to 60 seconds. v1.0.8 (2013/07/08) ^^^^^^^^^^^^^^^^^^^ * mudcrond * Fixes an issue that PID file didn't be checked properly for mudlmond and mudmeshd. * Fixes a bug that the value overflow on i386 machine didn't handled properly * Builds on i386 * mudd * Changes the log level for some messages. * mudumond * Fixes an issue when the communication between daemon and the master wasn't good. * Builds on i386 * Misc * Ships mudfish and mudflow for ADN (Application Delivery Network) mode. v1.0.7 (2013/06/17) ^^^^^^^^^^^^^^^^^^^ * mudinit * Exits with 1 explicitly if the response body isn't set with the proper settings. * mudcrond * Reports packet drop and overruns caused by QoS to the master server. * mudmeshd * Introduces a new daemon which calculates RTT for ICMP, UDP and TCP in the mesh mode. This daemon is useful to know whether the network line is good or bad. * Misc * Supports CentOS 6. v1.0.6 (2013/06/12) ^^^^^^^^^^^^^^^^^^^ * Cache-Terminator * Fixes some type issues for printf(3)-like functions. * Adds an additional assertion for a case that writev(2) returns 0. * mudcrond * Added -c, -p, -s options which could be used for disabling the features. * Fixes an issue that the format of /proc/dev/net little bit diffs depending on the Linux kernel version. * mudlmond * Don't send log messages if its level is [WARN]. * mudrttd * Lowers the log level for a case that it's timed out for RTT tests. * mudumond * Be more efficient to handle and store the internal structures. * Sends user's IP address and its destination IP to the master server. * Fixes an issue that recording the last processed time wasn't worked correctly. v1.0.5 (2013/06/02) ^^^^^^^^^^^^^^^^^^^ * Cache-Terminator * Denies UDP_ASSOCIATE or BIND commands for SOCKS v5. * Fixes an issue of gethostbyname(3) because it's not thread-safe. * mudcrond * Reports periodically a statistic of Mudfish VPN server about CPU CPU (user, system, idle, steal), NIC interfaces. * mudd * Be more verbose for error messages. * mudechod * Now it's non-blocking based implementation for TCP protocol. * mudumond * Stores and uses to know where was the last point of the log. v1.0.4 (2013/05/17) ^^^^^^^^^^^^^^^^^^^ * Fixes an issue of Cache-Terminator that the assertion failure happened if the filesize it's downloading is too big. * Support ICMP turnneling. * Checks the configuration of OS using sysctl command for ICMP turnneling.