- This topic has 55 replies, 3 voices, and was last updated 2 years, 2 months ago by
.
-
Posts
-
Currently the client do not log when it receives a handshake response, it would be helpful so that we know if the handshake has been completed.
Is the client have problems running with Adguard as both of them use WFP?
OK, I will add the corresponding log entry on handshake response receive event.
Wiresock is not based on WFP, it is NDIS Lightweight Filter. I don’t think it will conflict with adguard.
Here is the link to the test build. Please try to test in your environment. If you have Wiresock VPN Client installed, then you can run these binaries from any folder on your machine.
https://1drv.ms/u/s!AqMWR3uDO7eagdpfVHFLOBkJ7Ai5hg?e=XUmJME
Below is the sample configuration, please note the extension parameter Socks5Proxy. If you don’t have a SOCKS5 proxy under hand, I can add your IP to allow access to one I have set at 132.226.194.27:1080.
[Interface] PrivateKey = __REMOVED__ Address = 10.10.11.3/24 DNS = 8.8.8.8, 1.1.1.1 MTU = 1412 [Peer] PublicKey = __REMOVED__ AllowedIPs = 0.0.0.0/0 Endpoint = __REMOVED__:50555 PersistentKeepalive = 25 AllowedApps = chrome DisallowedIPs = 192.168.1.0/24 Socks5Proxy = 132.226.194.27:1080Thank you for your work, I’ve tested the version above and it connects to the socks proxy: associate_to_socks5_proxy: SOCKS5 ASSOCIATE SUCCESS port: 9070
but I don’t see the handshake response in log and my IP didn’t change and keep getting this in log: “[TUN]: wireguard_write result = 0 size = 0” and another FILTER logs.
I don’t know if I’m missing something or if I’m doing it wrong.I’ve tested it with wstunnel (like what I’ve been doing with the official client) and it works and keeps working after changing default interface (which wasn’t possible in the previous version).
Below is my log to compare. If you can’t see “Handshake response”, then there are two possibilities:
1. Handshake is blocked despite the SOCKS5 wrap.
2. The socks5 proxy you use is not correctly configured for UDP (if the server is behind the NAT, like in my case in Oracle cloud, it requires some extra configuration for UDP).If you share the IP you test from, then I could add you to the exceptions list so that you could test using my socks5 server.
D:\projects\winpkfilter\wiresock-client\bin\exe\x64\Release>wiresock-client run -config chk.conf -log-level all 2021-12-20 19:08:53 WireSock LightWeight WireGuard VPN Client Service The service is starting using chk.conf WireGuard client configuration. WireSock LightWeight WireGuard VPN Client is running as a regular process. 2021-12-20 19:08:53 WireSock Service has started. 2021-12-20 19:08:53 [TUN]: Detected default interface {EBCAE00D-53EC-438F-92F4-0F470C0E1428} 2021-12-20 19:08:53 [TUN]: Using local IPv4 = 192.168.1.26 for the {EBCAE00D-53EC-438F-92F4-0F470C0E1428} 2021-12-20 19:08:53 [TUN]: Using local IPv6 = 2002:9eff:33d9:0:81c5:c4d3:f979:722e for the {EBCAE00D-53EC-438F-92F4-0F470C0E1428} associate_to_socks5_proxy: SOCKS5 ASSOCIATE SUCCESS port: 41701 C2S: 192.168.1.26 : 53417 -> 195.135.213.87 : 50555 C2S: 192.168.1.26 : 53417 -> 132.226.194.27 : 41701 2021-12-20 19:08:54 [TUN]: Sent handshake packet to the WireGuard server at 195.135.213.87:50555 2021-12-20 19:08:54 [MGR]: Tunnel has started 2021-12-20 19:08:54 Wireguard tunnel has been started. S2C: 132.226.194.27 : 41701 -> 192.168.1.26 : 53417 S2C: 195.135.213.87 : 50555 -> 192.168.1.26 : 53417 2021-12-20 19:08:54 [TUN]: Handshake response received from 195.135.213.87 : 43462 2021-12-20 19:08:54 [FILTER]: Skipping ignored IP: PROTOCOL 6 : 192.168.1.26 -> 192.168.1.166It works and I’m receiving handshake responses and according to log the traffic goes through tunnel but when checking my ip address it doesn’t change as I’ve tested multiple sites and only 2 sites reported vpn ip not mine. Is there anything that leaks my ip using this configration?
So, it probably was incorrect configuration of your SOCKS proxy.
What is your configuration and what sites have you tested with? Something like https://www.speedtest.net and https://www.whatismyip.com?
I’m sorry for that.
I’ve checked the following:
http://www.whatismyip.com = real ip
whatismyipaddress.com = real ip
http://www.mon-ip.com = real ip
ipaddress.my = real ip
http://www.myip.com = real ip
ipcost.com = real ip
http://www.speedtest.net = vpn ip
http://www.mio-ip.eu = vpn ip
http://www.iplocation.net = vpn ipMy config:
[Interface]
PrivateKey = ————————
Address = 172.16.0.2/32
DNS = 1.1.1.1
MTU = 1280
[Peer]
PublicKey = ————————-
AllowedIPs = 0.0.0.0/0
DisallowedIPs = 10.10.137.0/28
Endpoint = 162.159.192.1:2408
PersistentKeepalive = 25
Socks5Proxy = 132.226.194.27:1080This is confusing, I have tested these URLs with my configuration posted above, which actually less restrictive than yours and tunnels only Google Chrome and only for non-local addresses. And all the web-sites from your list report the VPN address.
Anyway, IP leak should have an explanation. What browser have you been using? I would also try to test on the system without any other low-level networking software installed for the cleanliness. May be one of these VPNs/tunnels you have tested with causes the leak. Besides this, I could create the configuration on my VPN server to test for the case if the problem in VPN server.
I’ve been using Firefox 95.0.1 and even MS Edge, I’ve mentioned before that I’m using adguard with dns protection (adguard dns over DNSCrypt) and kaspersky total security (which is disabled for long time).
To make sure adguard doesn’t act weird I’ve disabled it too.
Now sometimes it is not working (logs show it is working but no website load) until I disable and re-enable my wifi connection, I don’t know why !! and it still leaks ip.When started with
-log-level allwiresock stores the traffic into pcap files which can be analyzed in Wireshark. If you are interested I could take a look at these captures to understand what is wrong with them.P.S. Also it might be reasonable to test the fresh Windows setup.
Thank you for your time, I really appreciate it.
I could do more testing on other machines as for mine it has been more than 3 years since I’ve installed this windows and doing a fresh install isn’t an option, I’m sorry.These are my pcap file: https://ufile.io/hkkf4vvp
It’s not the best host, my apologies. I hope you find them helpful.I’ve done some more testing and with wstunnel only >> no ip leaks, using another wireguard service other than warp+ (using official wireguard client) >> no ip leaks, both tests done with adguard running as usual (I suspected it is some sort of dns leak).
So I guess it has something to do with warp+ wireguard service, Sorry for the inconvenience.
- You must be logged in to reply to this topic.