MPTCP proxy setup at home: easier now!

  • Focus
  • 0 comments

MPTCP is easier than ever.

(Photo by Valdemaras D. https://unsplash.com/@deko_lt on Unsplash unsplash.com)

 

Thanks to a huge collaborative effort from various people and companies, getting the benefits of Multipath TCP: redundancy, bonding and handover is easier than ever!

Indeed, recent GNU/Linux distributions like Ubuntu 22.04 LTS, Fedora 36, RHEL 9 and many more come with a recent Linux kernel having MPTCP support enabled. It is no longer necessary to modify the system to install and use alternative kernels and core applications to have Multipath TCP on client and server hosts.

Here, we can show you an example by putting in place a simple MPTCP proxy on a Raspberry Pi 4 in a home network and on a basic server online. This works with any Raspberry 2 or newer but also with any similar devices, home gateways and servers as long as you can install a recent GNU/Linux distributions mentioned above. 

 

Server side

The only requirement here is to have Ubuntu 22.04 (or later) installed with administration rights on your VPS or dedicated server. This is often easy as many cloud providers already have pre-installed Ubuntu 22.04 images: you simply have to select this distribution from a list and connect to your server.

Once logged in, it is time to install some applications from the official Ubuntu repositories:

     sudo apt update
     sudo apt install shadowsocks-libev mptcpize rng-tools5

Shadowsocks needs to use MPTCP:

     sudo mptcpize enable shadowsocks-libev.service

It also needs to accept connections from the outside world:

     sudo sed -i 's/"server":.*/"server":["::0","0.0.0.0"],/' \
          /etc/shadowsocks-libev/config.json

Please also note the password from this configuration file somewhere, it will be needed for the client:

     grep password /etc/shadowsocks-libev/config.json | cut -d\" -f4

Now shadowsocks can be restarted:

     sudo systemctl restart shadowsocks-libev.service

That’s it!

 

Client side

Similar to the server side, the only requirement is to have Ubuntu 22.04 (or later) installed on your home device. This tutorial can be followed to help installing Ubuntu 22.04 on a Raspberry Pi. To use multiple networks, a USB dongle can be plugged in to connect to a 4G/5G network.

Once logged in in a terminal, it is time to install the same applications as the ones installed on the server side:

     sudo apt update
     sudo apt install shadowsocks-libev mptcpize rng-tools5

Also here, Shadowsocks needs to use MPTCP:

     sudo mptcpize enable shadowsocks-libev.service

More modifications of Shadowsocks configuration are needed, so the best is to open the JSON file with a text editor, e.g.:

     sudo nano /etc/shadowsocks-libev/config.json

Make sure:

  • The “server” key has the IP of your own server, e.g.:
    "server":["1.2.3.4"]
  • The password is the same as the one set on the server side, e.g.:
    "password":"tessares"

It is also needed to use “ss-local” application instead of “ss-server” to act as a local SOCKS TCP to MPTCP proxy:

     sudo systemctl edit shadowsocks-libev.service

Then add:

     [Service]
     ExecStart=
     ExecStart=/usr/bin/ss-local -c $CONFFILE $DAEMON_ARGS

(yes, two “ExecStart” to completely override the default command)

One last step is to tell the kernel it can use multiple interfaces, e.g. here, the usb0 interface was used to reach Internet via the cellular network through 192.168.10.1 gateway:

     sudo ip mptcp limits set subflow 2
     sudo ip mptcp endpoint add 192.168.10.2 dev usb0 subflow
     sudo ip rule add from 192.168.10.2 table 42
     sudo ip route add default via 192.168.10.1 table 42

End User devices side

Often, you can configure the whole system,  just your browser or some specific apps to use this new TCP to MPTCP proxy by mentioning:

  • Host: <IP of the Raspberry Pi>
  • Port: 1080

Examples:

  • Ubuntu: Settings → Network → Network Proxy → Manual → Socks
  • MacOSx: System Preferences → Network → Advanced → Proxy → Socks
  • iOS: Settings → WiFi Settings → <WiFi AP> → Manual Proxy
  • Android: Settings → Network → <WiFi AP> → Edit → Advanced → Proxy
  • Windows 11: Control Panel → Internet Options → Connections tab → LAN settings → Use a proxy server for your LAN → Active Bypass proxy server for local addresses → Advanced → Disable “Use the same proxy server for all protocols” → Socks

For the tests, brave users can execute this useful command from a terminal:

     curl -x socks5h://<IP of the Raspberry Pi>:1080 http://example.com

It is possible to check MPTCP is correctly used by executing any of these commands on either the proxy client or server when there is some MPTCP traffic in progress:

     nstat
     ss -Ma
     sudo tcpdump -n "tcp and port 8388 and tcp[tcpflags] & (tcp-syn) != 0"

Notes

In this setup, the “Upstream” Linux re-implementation of MPTCP with the MPTCPv1 protocol has been used. This implementation doesn’t support MPTCPv0 that was usually deployed before, e.g. on multipath-tcp.org and amiusingmptcp.de servers. This is then normal if these services tell the MPTCPv1 users they are not MPTCP(v0) capable.

Please note that the work around the MPTCP “Upstream” implementation is still in progress. New features and other improvements, some of them present in the previous Linux fork project, are still being developed.

 

Conclusion

Thanks to the recent kernel and hours of work by multiple people, it is now just a matter of using “mptcpize” tool to force a generic application or service to use MPTCP instead of TCP. 

 

This work is supported by NGI POINTER (NGI Program for Open Internet Renovation) which has received funding from the European Commission, as part of the Horizon 2020 Research and Innovation Programme, under Grant Agreement Nº871528.

 

Matthieu Baerts

  • Share