Can’t start instalation WireSock on Windows7 x64

Home Forums Discussions Support Portal Can’t start instalation WireSock on Windows7 x64

Tagged: 

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #12139
    DziadekMatt
    Participant

    Hi dear Vadim, when I start instalation wiresock-vpn-client-x64-1.1.2.1.msi on Windows7 x64 (SP1 with all updates) I get the error bellow:

    Can you help me with sollution please.

    #12141
    Vadim Smirnov
    Keymaster

    Hi,

    Sorry, this is my fault, I had not tested the installer on Windows 7. I’ve just updated the installer, please re-download and try to install.

    -Vadim

    #12142
    DziadekMatt
    Participant

    Vadim, good evening, thanks for your fast response.

    The program has been successfully installed, but, after the start of the WireSock service, the handshake does not occur, and the following error is recorded to a log file screenshot bellow:

    WireGuard and Dante servers are on the same VPS (Debian 10) with the one IP address.

    Dante (SOCKS5 proxy) server, configured according by your instructions. I checked on the client computer: by writing the address of my proxy in the browser settings, browser traffic is redirected through the proxy server correctly.

    I can’t find where the problem could be, or may be win7 unable to work correctly by redirecting udp traffic via socks5?

    #12143
    Vadim Smirnov
    Keymaster

    Good evening, Dziadek!

    I think the problem is with Dante server:

    [SOCKS5]: associate_to_socks5_proxy: Failed to receive socks5_ident_resp:: 10054

    Error code 10054 (WSAECONNRESET) means that connection was reset by the remote peer (Dante). How have you configured the Dante server? According to the log, it does not use username/password authentication, right? How have you limited access to it? By an IP address?

    #12146
    DziadekMatt
    Participant

    Vadim, good evening,

    How have you configured the Dante server?

    Dante (SOCKS5 proxy) server, configured according instructions:

    logoutput: /var/log/socks.log
    internal: eth0 port = 1080
    external: eth0
    clientmethod: none
    socksmethod: none
    user.privileged: root
    user.notprivileged: nobody

    client pass {
    from: [CLIENT EXT IP]/32 to: 0.0.0.0/0
    log: error connect disconnect
    }
    client block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
    }
    socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    udp.portrange: 40000-45000
    #command: udpassociate
    log: error connect disconnect
    }
    socks block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
    }

    According to the log, it does not use username/password authentication, right? How have you limited access to it? By an IP address?

    Temporarily for testing Dante server does not use username/password authentication, I limited access by only an IP address.

    I checked the availability of the server by setting the browser socks5 proxy settings on the client machine, and browser traffic is redirected through the this socos5 server correctly.

    #12147
    Vadim Smirnov
    Keymaster

    Hmm, a little confusing. However, when you start the application specifying debug level “all” it also creates PCAP files with traffic captures. Could you please share the wiresock_ext.pcap? It should contain something like on the screenshot below:

    #12148
    DziadekMatt
    Participant

    Vadim, bellow link to pcap files:

    https://dropmefiles.net/en/vk3ma9

    #12149
    Vadim Smirnov
    Keymaster

    Well, Dante resets the connection immediately after processing the packet with authentication methods:

    This is confusing if your browser connects fine… Could you please double-check if [CLIENT EXT IP]/32 in Dante configuration file matches your external IP? It behaves like you have a wrong IP address there.

    You could try to change it to 0.0.0.0/0, restart Dante and check if it helps. For the security reasons, you could consider enabling username/password authentication.

    #12150
    DziadekMatt
    Participant

    Vadim, I turned off the Dante server filtering by IP, but still the error remained.
    Dante logs at the time of the error give the below entries:

    Feb 15 07:29:54 (1644892194.992458) danted[18143]: info: pass(1): tcp/accept [: [CLIENT EXT IP].46837 [SERVER EXT IP].1080
    Feb 15 07:29:55 (1644892195.080458) danted[18143]: info: block(1): tcp/accept ]: [CLIENT EXT IP].46837 [SERVER EXT IP].1080: error after reading 4 bytes in 0 seconds: Connection reset by peer
    Feb 15 07:33:52 (1644892432.568395) danted[18143]: info: pass(1): tcp/accept [: [CLIENT EXT IP].23938 [SERVER EXT IP].1080
    Feb 15 07:33:52 (1644892432.662061) danted[18143]: info: block(1): tcp/accept ]: [CLIENT EXT IP].23938 [SERVER EXT IP].1080: error after reading 4 bytes in 1 second: Connection reset by peer

    It looks like something is preventing UDP traffic from passing through Dante

    #12151
    Vadim Smirnov
    Keymaster

    It’s really weird. It looks like you have a firewall in between that is blocking SOCKS5. Web browsers use SOCKS4 by default, and maybe that matters. To clarify, could you please capture the Dante traffic on the server side? For example, for my test machine in Oracle cloud:

    ubuntu@instance-20211213-2206:~$ sudo tcpdump -D
    1.ens3 [Up, Running]
    2.lo [Up, Running, Loopback]
    3.any (Pseudo-device that captures on all interfaces) [Up, Running]
    4.bluetooth-monitor (Bluetooth Linux Monitor) [none]
    5.nflog (Linux netfilter log (NFLOG) interface) [none]
    6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
    ubuntu@instance-20211213-2206:~$ sudo tcpdump -vv -i ens3 -w file.pcap port 1080
    tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
    11 packets captured
    11 packets received by filter
    0 packets dropped by kernel

    The resulted capture in Wireshark:

    #12152
    Vadim Smirnov
    Keymaster

    It looks like you have a firewall in between that is blocking SOCKS5.

    If this is the case and if you are interested in further research, I think we could find & add another suitable method instead of SOCKS5.

    #12154
    DziadekMatt
    Participant

    Vadim, good evening,

    Sorry for the late reply, I haven’t had the time in recent days to reinstall and reconfigure my Dante server.

    After I set up user and password authentication on Dante, the handshake between WG server and WireSock was successful.

    But despite the fact that the handshake was successful, the program did not work correctly, redirecting traffic through the server, or access to the server over a private network failed. I also noticed that when I starting the service, the TUN network adapter does not appear, as it did normally when the wireguard client was started. Also, I did not understand the server redirection to strange addresses that can be seen in the logs:

    [SOCKS5]: S2C_AFTER: 2.0.0.0 : 14080 -> 192.168.1.105 : 64262

    [SOCKS5]: S2C_AFTER: 3.0.0.0 : 2560 -> 192.168.1.105 : 64262

    [SOCKS5]: S2C_AFTER: 4.0.0.0 : 2304 -> 192.168.1.105 : 64262 etc.

    the log file is bellow:

    https://dropmefiles.net/en/M6Ne

    #12155
    Vadim Smirnov
    Keymaster

    I also noticed that when I starting the service, the TUN network adapter does not appear, as it did normally when the wireguard client was started.

    WireSock does not add a virtual network adapter, NAT and encryption are applied to packets on the fly. This is very similar to how the Cloudflare WARP client works.

    [SOCKS5]: S2C_AFTER: 4.0.0.0 : 2304 -> 192.168.1.105 : 64262 etc.

    This is my fault, I didn’t test the configuration when both SOCKS5 and Wireguard are running on the same IP. Please download update v.1.1.5 and check how it works.

    #12157
    DziadekMatt
    Participant

    Vadim, great news, 1.1.5 passes the handshake and correctly redirects traffic through the WG server.

    I think, after purchased another equipment from China, the specialists didn’t completely configured it, and left the some default settings, with the blocked WG service, because Open VPN and other famous protocols works correctly.

    Thank you very much for taking the time to resolve this issue!

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.