I wrote a tunnel program using TUN/TAP devices in Linux to tunnel network traffic to remote server, set tun device to default route and route all traffic through tun device to a server and get back packet and write them to tun device. All traffic forward correctly and all services like DNS, PING, HTTP request works but HTTPS request failed. for example below are HTTP and HTTPS response to youtube.com through tun device using curl.
curl -vvvv http://youtube.com * Host youtube.com:80 was resolved.* IPv6: 2a00:1450:4026:805::200e* IPv4: 216.58.209.206* Trying 216.58.209.206:80...* Trying [2a00:1450:4026:805::200e]:80...* Immediate connect fail for 2a00:1450:4026:805::200e: Network is unreachable* Connected to youtube.com (216.58.209.206) port 80> GET / HTTP/1.1> Host: youtube.com> User-Agent: curl/8.9.1> Accept: */*> * Request completely sent off< HTTP/1.1 301 Moved Permanently< Content-Type: application/binary< X-Content-Type-Options: nosniff< Cache-Control: no-cache, no-store, max-age=0, must-revalidate< Pragma: no-cache< Expires: Mon, 01 Jan 1990 00:00:00 GMT< Date: Mon, 16 Sep 2024 13:28:29 GMT< Location: https://youtube.com/< Server: ESF< Content-Length: 0< X-XSS-Protection: 0< X-Frame-Options: SAMEORIGIN< * Connection #0 to host youtube.com left intactcurl -vvvv https://youtube.com * Host youtube.com:443 was resolved.* IPv6: 2a00:1450:4026:805::200e* IPv4: 216.58.210.174* Trying 216.58.210.174:443...* Trying [2a00:1450:4026:805::200e]:443...* Immediate connect fail for 2a00:1450:4026:805::200e: Network is unreachable* Connected to youtube.com (216.58.210.174) port 443* ALPN: curl offers h2,http/1.1* TLSv1.3 (OUT), TLS handshake, Client hello (1):* CAfile: /etc/ssl/certs/ca-certificates.crt* CApath: none* Recv failure: Connection reset by peer* OpenSSL SSL_connect: Connection reset by peer in connection to youtube.com:443 * closing connection #0curl: (35) Recv failure: Connection reset by peerI route network to tun device with below command,
"ip route replace default via " + gateway +" dev \"" + tun_dev_name +"\""And route server IP through internet adapter with below command,
"ip route add " + server_ip +" via 192.168.1.1 dev wlan0"what is the problem ?
