- This topic has 55 replies, 3 voices, and was last updated 2 years, 2 months ago by
.
-
Posts
-
Yes, Keepalive packets were sent through the SOCKS proxy, and it caused some problems. Please test the build below:
https://1drv.ms/u/s!AqMWR3uDO7eagdployq7zTR7TJOIdA?e=tUgS7D
Normally, Handshakes are sent every two minutes, while Keepalive packets are sent if no other packets were sent after PersistentKeepalive interval.
I’ve tested it but unfortunately only first handshake sent and response received, the config has only one app to route in allowedapps and it is not running during test, so the expected behavior is that a keep-alive packet sent every 25 secs but there is nothing sent other than first handshake.
I’ve also tested it with firefox it works fine until I stop using firefox for about 30 sec then the connection dropped by ISP router (I think) and no keepalive packets are sent during this idle time.
Here are PCAP files: https://easyupload.io/rb00q9I’ve looked through the capture logs. The problem is not in keepalive packet. After some timeout, connection to SOCKS proxy is broken (probably ISP NAT removes by timeout) and handshakes can’t reach the destination.
The build below attempts to refresh SOCKS proxy connection after fist non-responded handshake.
I’m afraid that the client only attempts to send only the first handshake and no more handshakes after that, the issue is still present unfortunately.
PCAP/log files: https://upload1.easyupload.io/2sz5co
Logs are not representative, capture file for the tunnel is empty. Besides this, you could intersect with my tests stopping SOCKS proxy to simulate SOCKS server failure. Below is a slightly updated build, please give it a try. Also, please note that while you are not sending anything over the tunnel boringtun seems to sleep (I can’t see it generating any traffic), but when you start the tunneled application it immediately initiates the handshake and starts tunneling. So, after a pause, try to run something which is supposed to be tunneled.
It works really good, thank you so much for your work.
I tried tunneling MSEdge and worked just fine then waited for couple of min and it still works, even when tunneled app is not running it seems to do just fine and continue working after starting the app.
PCAP files: https://upload1.easyupload.io/o3lf49Sorry, I can’t post for hours as it says my ip belongs to spam network!!
Another PCAP files: https://upload1.easyupload.io/a4vsj6Thank you for testing and feedback. I will devote some time to review the changes and create the final build. Maybe I will also add one SOCKS5 authorization method for the consistency. As soon as it is ready, I would appreciate if you give it a try in your environment. If you find out any issues with the current version, then please let me know. Please don’t hesitate to e-mail me directly at vadim(at)ntkernel.com.
I’ve done more testing with MSEdge, it works fine then I left my computer for about 15 min and when I came back no more websites load (dns address couldn’t be found).
I don’t know if connection dropped by ISP router again, I could test it again with persistentKeepalive=20 for example rather than 25.
PCAP files: https://easyupload.io/dp2r8q
I’ve tested it again but with persistentKeepalive=20 and it has been more than 3 hours, tunnel and websites work fine, so I guess it dropped connection and couldn’t get it up again last time.
I have finally released v.1.0.48 of WireSock VPN Client with SOCKS5 support for WireGuard handshakes. This build supports username/password authentication. If you have a chance to test it, then please update me on how it works in your environment.
Here is the short guide on setting up free SOCKS5 server with UDP ASSOCIATE support in Oracle Cloud: https://www.ntkernel.com/wireguard-and-socks5/
- You must be logged in to reply to this topic.