Can I select the default interface when using WireSock VPN client on win10

Home Forums Discussions Support Portal Can I select the default interface when using WireSock VPN client on win10

Viewing 15 posts - 16 through 30 (of 56 total)
  • Author
    Posts
  • #11960
    Mustafa.Mah
    Participant

    Currently the client do not log when it receives a handshake response, it would be helpful so that we know if the handshake has been completed.

    Is the client have problems running with Adguard as both of them use WFP?

    #11961
    Vadim Smirnov
    Keymaster

    OK, I will add the corresponding log entry on handshake response receive event.

    Wiresock is not based on WFP, it is NDIS Lightweight Filter. I don’t think it will conflict with adguard.

    #11962
    Vadim Smirnov
    Keymaster

    Here is the link to the test build. Please try to test in your environment. If you have Wiresock VPN Client installed, then you can run these binaries from any folder on your machine.

    https://1drv.ms/u/s!AqMWR3uDO7eagdpfVHFLOBkJ7Ai5hg?e=XUmJME

    Below is the sample configuration, please note the extension parameter Socks5Proxy. If you don’t have a SOCKS5 proxy under hand, I can add your IP to allow access to one I have set at 132.226.194.27:1080.

    [Interface]
    PrivateKey = __REMOVED__
    Address = 10.10.11.3/24
    DNS = 8.8.8.8, 1.1.1.1
    MTU = 1412
    
    [Peer]
    PublicKey = __REMOVED__
    AllowedIPs = 0.0.0.0/0
    Endpoint = __REMOVED__:50555
    PersistentKeepalive = 25
    AllowedApps = chrome
    DisallowedIPs = 192.168.1.0/24
    Socks5Proxy = 132.226.194.27:1080
    #11964
    Mustafa.Mah
    Participant

    Thank you for your work, I’ve tested the version above and it connects to the socks proxy: associate_to_socks5_proxy: SOCKS5 ASSOCIATE SUCCESS port: 9070
    but I don’t see the handshake response in log and my IP didn’t change and keep getting this in log: “[TUN]: wireguard_write result = 0 size = 0” and another FILTER logs.
    I don’t know if I’m missing something or if I’m doing it wrong.

    I’ve tested it with wstunnel (like what I’ve been doing with the official client) and it works and keeps working after changing default interface (which wasn’t possible in the previous version).

    #11965
    Vadim Smirnov
    Keymaster

    Below is my log to compare. If you can’t see “Handshake response”, then there are two possibilities:

    1. Handshake is blocked despite the SOCKS5 wrap.
    2. The socks5 proxy you use is not correctly configured for UDP (if the server is behind the NAT, like in my case in Oracle cloud, it requires some extra configuration for UDP).

    If you share the IP you test from, then I could add you to the exceptions list so that you could test using my socks5 server.

    D:\projects\winpkfilter\wiresock-client\bin\exe\x64\Release>wiresock-client run -config chk.conf -log-level all
    2021-12-20 19:08:53 WireSock LightWeight WireGuard VPN Client Service
     The service is starting using chk.conf WireGuard client configuration.
    WireSock LightWeight WireGuard VPN Client is running as a regular process.
    2021-12-20 19:08:53 WireSock Service has started.
    2021-12-20 19:08:53 [TUN]: Detected default interface {EBCAE00D-53EC-438F-92F4-0F470C0E1428}
    2021-12-20 19:08:53 [TUN]: Using local IPv4 = 192.168.1.26 for the {EBCAE00D-53EC-438F-92F4-0F470C0E1428}
    2021-12-20 19:08:53 [TUN]: Using local IPv6 = 2002:9eff:33d9:0:81c5:c4d3:f979:722e for the {EBCAE00D-53EC-438F-92F4-0F470C0E1428}
    associate_to_socks5_proxy: SOCKS5 ASSOCIATE SUCCESS port: 41701
    C2S: 192.168.1.26 : 53417 -> 195.135.213.87 : 50555
    C2S: 192.168.1.26 : 53417 -> 132.226.194.27 : 41701
    2021-12-20 19:08:54 [TUN]: Sent handshake packet to the WireGuard server at 195.135.213.87:50555
    
    2021-12-20 19:08:54 [MGR]: Tunnel has started
    2021-12-20 19:08:54 Wireguard tunnel has been started.
    S2C: 132.226.194.27 : 41701 -> 192.168.1.26 : 53417
    S2C: 195.135.213.87 : 50555 -> 192.168.1.26 : 53417
    2021-12-20 19:08:54 [TUN]: Handshake response received from 195.135.213.87 : 43462
    2021-12-20 19:08:54 [FILTER]: Skipping ignored IP: PROTOCOL 6 : 192.168.1.26 -> 192.168.1.166
    #11967
    Mustafa.Mah
    Participant

    This is my public ip: 197.36.2.166 and my ISP is using CGNAT, I hope this doesn’t cause problems.

    #11968
    Vadim Smirnov
    Keymaster

    I have added 197.36.2.166 to the allow list. You can try

    Socks5Proxy = 132.226.194.27:1080

    #11969
    Mustafa.Mah
    Participant

    It works and I’m receiving handshake responses and according to log the traffic goes through tunnel but when checking my ip address it doesn’t change as I’ve tested multiple sites and only 2 sites reported vpn ip not mine. Is there anything that leaks my ip using this configration?

    #11970
    Vadim Smirnov
    Keymaster

    So, it probably was incorrect configuration of your SOCKS proxy.

    What is your configuration and what sites have you tested with? Something like https://www.speedtest.net and https://www.whatismyip.com?

    #11971
    Mustafa.Mah
    Participant

    I’m sorry for that.

    I’ve checked the following:
    http://www.whatismyip.com = real ip
    whatismyipaddress.com = real ip
    http://www.mon-ip.com = real ip
    ipaddress.my = real ip
    http://www.myip.com = real ip
    ipcost.com = real ip
    http://www.speedtest.net = vpn ip
    http://www.mio-ip.eu = vpn ip
    http://www.iplocation.net = vpn ip

    My config:
    [Interface]
    PrivateKey = ————————
    Address = 172.16.0.2/32
    DNS = 1.1.1.1
    MTU = 1280
    [Peer]
    PublicKey = ————————-
    AllowedIPs = 0.0.0.0/0
    DisallowedIPs = 10.10.137.0/28
    Endpoint = 162.159.192.1:2408
    PersistentKeepalive = 25
    Socks5Proxy = 132.226.194.27:1080

    #11972
    Vadim Smirnov
    Keymaster

    This is confusing, I have tested these URLs with my configuration posted above, which actually less restrictive than yours and tunnels only Google Chrome and only for non-local addresses. And all the web-sites from your list report the VPN address.

    Anyway, IP leak should have an explanation. What browser have you been using? I would also try to test on the system without any other low-level networking software installed for the cleanliness. May be one of these VPNs/tunnels you have tested with causes the leak. Besides this, I could create the configuration on my VPN server to test for the case if the problem in VPN server.

    #11973
    Mustafa.Mah
    Participant

    I’ve been using Firefox 95.0.1 and even MS Edge, I’ve mentioned before that I’m using adguard with dns protection (adguard dns over DNSCrypt) and kaspersky total security (which is disabled for long time).
    To make sure adguard doesn’t act weird I’ve disabled it too.
    Now sometimes it is not working (logs show it is working but no website load) until I disable and re-enable my wifi connection, I don’t know why !! and it still leaks ip.

    #11974
    Vadim Smirnov
    Keymaster

    When started with -log-level all wiresock stores the traffic into pcap files which can be analyzed in Wireshark. If you are interested I could take a look at these captures to understand what is wrong with them.

    P.S. Also it might be reasonable to test the fresh Windows setup.

    #11975
    Mustafa.Mah
    Participant

    Thank you for your time, I really appreciate it.
    I could do more testing on other machines as for mine it has been more than 3 years since I’ve installed this windows and doing a fresh install isn’t an option, I’m sorry.

    These are my pcap file: https://ufile.io/hkkf4vvp
    It’s not the best host, my apologies. I hope you find them helpful.

    #11976
    Mustafa.Mah
    Participant

    I’ve done some more testing and with wstunnel only >> no ip leaks, using another wireguard service other than warp+ (using official wireguard client) >> no ip leaks, both tests done with adguard running as usual (I suspected it is some sort of dns leak).
    So I guess it has something to do with warp+ wireguard service, Sorry for the inconvenience.

Viewing 15 posts - 16 through 30 (of 56 total)
  • You must be logged in to reply to this topic.