remove phantun and switch to mimic

9 files changed, 52 insertions, 22 deletions

diff --git a/etc/mimic/ens18.conf b/etc/mimic/ens18.conf
new file mode 100644
index 00000000..3179d091
--- /dev/null
+++ b/etc/mimic/ens18.conf
@@ -0,0 +1,42 @@
+# This is an example configuration for Mimic. For each interface, you may
+# create <interface>.conf in /etc/mimic and in the following format to
+# pass arguments to Mimic's systemd service (mimic@<interface>.service).
+#
+# Each configuration should be in the format of `key=value`. There might be
+# whitespaces between key, '=' and value, and should be kept in one line. Empty
+# lines and ones that start with '#' are ignored.
+
+# Sets log verbosity. Log level equal to or higher (in number) than log
+# verbosity will be discarded. Both number and string matching log levels are
+# accepted. Number must be greater than or equal to 0. Defaults to info (2).
+#
+# Log levels:
+#   0 - error (cannot be discarded)
+#   1 - warn
+#   2 - info
+#   3 - debug
+#   4 - trace
+#log.verbosity = trace
+
+# Specify link layer type, can be 'eth' (Ethernet) or 'none' (no L2 header,
+# like PPP or TUN). Defaults to 'eth'.
+#link_type = eth
+
+# Force XDP attach mode, either 'skb' or 'native'. Defaults to 'native' if
+# target interface supports it, or 'skb'.
+#xdp_mode = skb
+
+# Use libxdp instead of libbpf to load XDP program. libxdp supports chaining
+# multiple XDP programs on one interface. Mimic loads libxdp dynamically using
+# dlopen. Defaults to false.
+#use_libxdp = false
+
+# Whether to always use maximum window size in TCP packets. Defaults to false.
+#max_window = false
+
+# Specifies which packets should be processed by Mimic. Can be set more
+# than once to allow parallel rules (OR'ed).
+#
+# Filter format follows `(local|remote)=IP:port`. For IPv6, IP addresses
+# need to be surrounded by square brackets. See below for examples.
+filter = local=104.224.159.210:54635
diff --git a/etc/mimic/ens19.conf b/etc/mimic/ens19.conf
new file mode 120000
index 00000000..32c22750
--- /dev/null
+++ b/etc/mimic/ens19.conf
@@ -0,0 +1 @@
+ens18.conf
\ No newline at end of file
diff --git a/etc/mimic/ipv6net@ens18.conf b/etc/mimic/ipv6net@ens18.conf
new file mode 120000
index 00000000..32c22750
--- /dev/null
+++ b/etc/mimic/ipv6net@ens18.conf
@@ -0,0 +1 @@
+ens18.conf
\ No newline at end of file
diff --git a/etc/nftables.conf b/etc/nftables.conf
index ec199ffb..ecac4baa 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -29,9 +29,11 @@ table inet my_table {
 		tcp dport ssh accept
 		tcp dport iperf3 accept
 		udp dport wireguard accept
+		# mimic is both tcp and udp see perma link:
+		# https://github.com/hack3ric/mimic/blob/572a2ae5aeaa156afc2d6064a763e842962735bf/docs/getting-started.md#firewall
+		tcp dport swgp accept
 		udp dport swgp accept
 		tcp dport monerod-p2p accept
-		tcp dport phantun accept
 
 		pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
 		counter comment "count any other traffic"
@@ -47,9 +49,6 @@ table inet my_table {
 		#iifname $pub_iface oifname $wg_iface accept
 		iifname $wg_iface accept
 		oifname $wg_iface accept
-		# needed for phantun?
-		iifname pt0 accept
-		oifname pt0 accept
 	}
 
 	chain my_output {
@@ -67,15 +66,12 @@ table inet nat {
 	# also vice versa, no need `chain postrouting` if has `chain prerouting`
 	# more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/
 	chain prerouting {
-		type nat hook prerouting priority dstnat
+		type nat hook prerouting priority -100
 		policy accept
 		# port forwarding from client
 		# https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet
 		iifname $pub_iface tcp dport monerod-p2p dnat ip to 10.0.0.1:monerod-p2p
 		iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p
-		# needed for phantun
-		iifname $pub_iface tcp dport phantun dnat ip to 10.0.2.2
-		iifname $pub_iface tcp dport phantun dnat ip6 to fdc9:281f:04d7:9eeb::2
 	}
 	# for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface
 	chain postrouting {
diff --git a/etc/services b/etc/services
index 1b762adf..d571596b 100644
--- a/etc/services
+++ b/etc/services
@@ -11523,6 +11523,7 @@ inspider        49150/tcp
 monerod-p2p     18080/tcp
 wireguard       49432/udp
 iperf3          53497/tcp
+swgp            54635/tcp
 swgp            54635/udp
 # phantun server listen
 phantun         59083/tcp
diff --git a/etc/systemd/system/multi-user.target.wants/mimic@ens18.service b/etc/systemd/system/multi-user.target.wants/mimic@ens18.service
new file mode 120000
index 00000000..dce9a731
--- /dev/null
+++ b/etc/systemd/system/multi-user.target.wants/mimic@ens18.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/mimic@.service
\ No newline at end of file
diff --git a/etc/systemd/system/multi-user.target.wants/mimic@ens19.service b/etc/systemd/system/multi-user.target.wants/mimic@ens19.service
new file mode 120000
index 00000000..dce9a731
--- /dev/null
+++ b/etc/systemd/system/multi-user.target.wants/mimic@ens19.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/mimic@.service
\ No newline at end of file
diff --git a/etc/systemd/system/multi-user.target.wants/mimic@ipv6net.service b/etc/systemd/system/multi-user.target.wants/mimic@ipv6net.service
new file mode 120000
index 00000000..dce9a731
--- /dev/null
+++ b/etc/systemd/system/multi-user.target.wants/mimic@ipv6net.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/mimic@.service
\ No newline at end of file
diff --git a/etc/systemd/system/phantun_server.service b/etc/systemd/system/phantun_server.service
deleted file mode 100644
index 68a57480..00000000
--- a/etc/systemd/system/phantun_server.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=phantun client
-After=network.target
-
-[Service]
-Type=simple
-Environment=RUST_LOG=info
-ExecStart=/usr/bin/phantun_server --local 59083 --remote [::1]:54635 --tun-local 10.0.2.1 --tun-peer 10.0.2.2 --tun-local6 fdc9:281f:04d7:9eeb::1 --tun-peer6 fdc9:281f:04d7:9eeb::2 --tun pt0
-#ExecStart=/usr/bin/env RUST_LOG=info /usr/bin/phantun_server --local 59083 --remote [::1]:54635 --tun-local 10.0.2.1 --tun-peer 10.0.2.2 --tun-local6 fdc9:281f:04d7:9eeb::1 --tun-peer6 fdc9:281f:04d7:9eeb::2 --tun pt0
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-