Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(re)sent tcp syn loop wireguard #543

Open
dxwil opened this issue Nov 8, 2024 · 2 comments
Open

(re)sent tcp syn loop wireguard #543

dxwil opened this issue Nov 8, 2024 · 2 comments

Comments

@dxwil
Copy link

dxwil commented Nov 8, 2024

I am trying to set up udp2raw with wireguard. I have it run as PreUp command on my client.

This is the log:

[2024-11-08 23:21:25][INFO]argc=10 udp2raw_mp -c -l 0.0.0.0:51821 -r REDACTED:4440 -k labas --raw-mode faketcp 
[2024-11-08 23:21:25][INFO]parsing address: 0.0.0.0:51821
[2024-11-08 23:21:25][INFO]its an ipv4 adress
[2024-11-08 23:21:25][INFO]ip_address is {0.0.0.0}, port is {51821}
[2024-11-08 23:21:25][INFO]parsing address: REDACTED:4440
[2024-11-08 23:21:25][INFO]its an ipv4 adress
[2024-11-08 23:21:25][INFO]ip_address is {REDACTED}, port is {4440}
[2024-11-08 23:21:25][INFO]important variables: log_level=4:INFO raw_mode=faketcp cipher_mode=aes128cbc auth_mode=md5 key=labas local_addr=0.0.0.0:51821 remote_addr=REDACTED:4440 socket_buf_size=1048576 
[2024-11-08 23:21:25][WARN]you can run udp2raw with non-root account for better security. check README.md in repo for more info.
[2024-11-08 23:21:25][INFO]remote_ip=[REDACTED], make sure this is a vaild IP address
[2024-11-08 23:21:25][INFO]const_id:363a2a34
[2024-11-08 23:21:25][INFO]--dev have not been set, trying to detect automatically, avaliable deives:
[2024-11-08 23:21:25][INFO]avaliable deives(device name: ip address ; description):
en0: [fe80::870:8c5c:d440:3aec] [192.168.88.62] [fd6a:be0:1e2a:14d:c09:99d4:5dce:cc71]; (no description avaliable)
awdl0: [fe80::ca2:5ff:fece:1873]; (no description avaliable)
llw0: [fe80::ca2:5ff:fece:1873]; (no description avaliable)
utun0: [fe80::77f8:6635:d763:80bb]; (no description avaliable)
utun1: [fe80::608b:cbd1:ab33:6fab]; (no description avaliable)
utun2: [fe80::82d1:163d:7cfc:2f47]; (no description avaliable)
utun3: [fe80::ce81:b1c:bd2c:69e]; (no description avaliable)
utun4: [fe80::4cd5:d6a1:86c1:fdeb]; (no description avaliable)
utun5: [fe80::b7a:1fd6:a797:9bcc]; (no description avaliable)
utun6: [no ip found]; (no description avaliable)
lo0: [127.0.0.1] [::1] [fe80::1]; (no description avaliable)
anpi2: [no ip found]; (no description avaliable)
anpi1: [no ip found]; (no description avaliable)
anpi0: [no ip found]; (no description avaliable)
en4: [no ip found]; (no description avaliable)
en5: [no ip found]; (no description avaliable)
en6: [no ip found]; (no description avaliable)
en1: [no ip found]; (no description avaliable)
en2: [no ip found]; (no description avaliable)
en3: [no ip found]; (no description avaliable)
bridge0: [no ip found]; (no description avaliable)
gif0: [no ip found]; (no description avaliable)
stf0: [no ip found]; (no description avaliable)
ap1: [no ip found]; (no description avaliable)
[2024-11-08 23:21:25][INFO]using device:[en0], ip: [192.168.88.62]
[2024-11-08 23:21:25][INFO]source_addr is now 192.168.88.62
[2024-11-08 23:21:25][INFO]using port 20459
[2024-11-08 23:21:25][INFO]filter expression is [ip and tcp and src REDACTED and src port 4440 and dst port 20459]
[2024-11-08 23:21:25][INFO]breakloop() succeed after 4 attempt(s)
[2024-11-08 23:21:25][INFO]state changed from client_idle to client_tcp_handshake
[2024-11-08 23:21:25][INFO](re)sent tcp syn
[2024-11-08 23:21:26][INFO]state changed from client_tcp_handshake to client_handshake1
[2024-11-08 23:21:26][INFO](re)sent handshake1
[2024-11-08 23:21:28][INFO](re)sent handshake1
[2024-11-08 23:21:29][INFO](re)sent handshake1
[2024-11-08 23:21:30][INFO](re)sent handshake1
[2024-11-08 23:21:31][INFO](re)sent handshake1
[2024-11-08 23:21:32][INFO]state back to client_idle from client_handshake1

THIS IS WHEN THE WIREGUARD CONNECTION STARTS

[2024-11-08 23:21:32][INFO]source_addr is now 10.8.0.2
[2024-11-08 23:21:32][INFO]using port 20946
[2024-11-08 23:21:32][INFO]filter expression is [ip and tcp and src REDACTED and src port 4440 and dst port 20946]
[2024-11-08 23:21:32][INFO]breakloop() succeed after 2 attempt(s)
[2024-11-08 23:21:32][INFO]state changed from client_idle to client_tcp_handshake
[2024-11-08 23:21:32][INFO](re)sent tcp syn
[2024-11-08 23:21:33][INFO](re)sent tcp syn
[2024-11-08 23:21:34][INFO](re)sent tcp syn
[2024-11-08 23:21:36][INFO](re)sent tcp syn
[2024-11-08 23:21:37][INFO](re)sent tcp syn
[2024-11-08 23:21:37][INFO]state back to client_idle from client_tcp_handshake
[2024-11-08 23:21:38][INFO]source_addr is now 10.8.0.2
[2024-11-08 23:21:38][INFO]using port 17037
[2024-11-08 23:21:38][INFO]filter expression is [ip and tcp and src REDACTED and src port 4440 and dst port 17037]
[2024-11-08 23:21:38][INFO]breakloop() succeed after 3 attempt(s)
[2024-11-08 23:21:38][INFO]state changed from client_idle to client_tcp_handshake
[2024-11-08 23:21:38][INFO](re)sent tcp syn
[2024-11-08 23:21:39][INFO](re)sent tcp syn
[2024-11-08 23:21:40][INFO](re)sent tcp syn
[2024-11-08 23:21:41][INFO](re)sent tcp syn
[2024-11-08 23:21:42][INFO](re)sent tcp syn

If I instead run udp2raw manually without staring wireguard, it connects succesfully and says client_ready, but as soon as I then start wireguard it says source_addr is now 10.8.0.2 and starts the tcp syn loop.

Client
sudo udp2raw_mp -c -l 0.0.0.0:51821 -r REDACTED:4440 -k "labas" --raw-mode faketcp > /var/log/VersmiuTCP.log 2>&1 &

Server
udp2raw -s -l 0.0.0.0:4440 -r 127.0.0.1:51820 -k "labas" --raw-mode faketcp -a > udp2raw.log 2>&1 &

My server is inside a proxmox vm, which might have something to do with NAT or Bridge network setup. But the client connects without starting wireguard so that makes me think that the vm is not the issue.

Wireguard config client

[Interface]
PrivateKey = 
Address = 10.8.0.2/24
DNS = 1.1.1.1
MTU = 1280
PreUp = sudo udp2raw_mp -c -l 0.0.0.0:51821 -r REDACTED:4440 -k "labas" --raw-mode faketcp > /var/log/VersmiuTCP.log 2>&1 &
PostDown = sudo killall udp2raw_mp

[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = 127.0.0.1:51821
@iopq
Copy link

iopq commented Nov 23, 2024

You need to do one of the steps here:

https://github.com/wangyu-/udp2raw/wiki/Known-issues-and-solutions

ip route add ${udp2raw_server_ip} via ${default_network_gateway}

@dxwil
Copy link
Author

dxwil commented Nov 23, 2024

So on Linux, that fixes the issue. But my main client is a MacOS machine, so I used the -g option and followed the instructions to add the rules:

pfctl -sr shows:

No ALTQ support in kernel
ALTQ related functions disabled
block drop inet proto tcp from REDACTED port = 4440 to any

and I also added sudo route -nv add -net REDACTED 192.168.88.1 which from what I understand is the equivalent of the ip route commant above.
Now the client MacOS shows client_ready in the logs, so all should work, but still no websites load and ping requests timeout.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants