Q: How can I know my Re6st neighbors of a Re6st-installed server
Since re6st uses openvpn
to create tunnels, you can find the process simply by ps aux
$ ps aux | grep openvpn
root 815 0.0 0.0 7124 5308 ? S sept.12 0:01 openvpn --dev-type tap --dev re6stnet-tcp --persist-tun --persist-key --script-security 2 --up /opt/re6st/eggs/re6stnet-0.583-py2.7.egg/re6st/ovpn-client --tls-server --mode server --client-connect /opt/re6st/eggs/re6stnet-0.583-py2.7.egg/re6st/ovpn-server 11 --client-disconnect /opt/re6st/eggs/re6stnet-0.583-py2.7.egg/re6st/ovpn-server 11 --dh /var/lib/re6stnet/dh.pem --max-clients 21 --port 1194 --proto tcp-server --ping-exit 60 --socket-flags TCP_NODELAY --ca ca.crt --cert cert.crt --key cert.key --cipher none --ncp-disable
root 83358 0.0 0.0 7256 6004 ? S 11:01 0:00 openvpn --dev-type tap --dev re6stnet7 --persist-tun --persist-key --script-security 2 --up /opt/re6st/eggs/re6stnet-0.583-py2.7.egg/re6st/ovpn-client --nobind --client --remote 163.172.45.209 1194 tcp --verify-x509-name 43/32 name --resolv-retry 0 --connect-retry-max 3 --tls-exit --remap-usr1 SIGTERM --ping-exit 60 --route-up /opt/re6st/eggs/re6stnet-0.583-py2.7.egg/re6st/ovpn-client 9 --socket-flags TCP_NODELAY --ca ca.crt --cert cert.crt --key cert.key --cipher none --ncp-disable
root 85044 0.0 0.0 7256 5712 ? S 11:23 0:00 openvpn --dev-type tap --dev re6stnet2 --persist-tun --persist-key --script-security 2 --up /opt/re6st/eggs/re6stnet-0.583-py2.7.egg/re6st/ovpn-client --nobind --client --remote 118.238.216.67 1194 tcp --verify-x509-name 87/32 name --resolv-retry 0 --connect-retry-max 3 --tls-exit --remap-usr1 SIGTERM --ping-exit 60 --route-up /opt/re6st/eggs/re6stnet-0.583-py2.7.egg/re6st/ovpn-client 9 --socket-flags TCP_NODELAY --ca ca.crt --cert cert.crt --key cert.key --cipher none --ncp-disable
lu 85066 0.0 0.0 14676 2572 pts/1 S+ 11:23 0:00 grep --color=auto openvpn
Here, re6stnet-tcp
is used for others connecting to your server; re6stnet*
(e.x. re6stnet7 and re6stnet2) is used for re6stnet client tunnels. You can already find the IPs and ports in the line.
Besides, if you don't want your server to be a client, you can simply modify the re6stnet.conf
:
$ sudo vim /etc/re6stnet/re6stnet.conf
and add:
max-clients 0
In the configuration file. And restart the re6stnet:
$ systemctl restart re6stnet.service
To verify it, you can type ip l
to check if the re6stnet-tcp
interface is no longer there, meaning your server will not allow to be connected as a client.
Attachment: get-re6st-ip.sh:
#!/bin/bash
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
TMP="/tmp/re6st_ip"
trap ctrl_c INT
function ctrl_c() {
cat $TMP | sort | uniq -c
rm -f $TMP
exit
}
while true; do
systemctl restart re6stnet;
sleep 300;
ps aux | grep openvpn | grep remote | sed 's/.*remote \([0-9\.]* [0-9]*\).*/\1/g' >> $TMP
done