sudden wiresock problem – all times out

Home Forums Discussions Support sudden wiresock problem – all times out

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #13502
    terijapl
    Participant

      i had wiresock running as a service, with no modifications, for months. after one of the system reboots, it’s suddenly broken – all apps that are set via “AllowedApps” to connect through the vpn suddenly have no connectivity, only “connection timed out”. additionally, after starting up the service, internet access for apps outside of the “AllowedApps” becomes very slow for about a minute, then returns to normal.

      going through the log, i see a lot of the following:

      “2024-01-13 19:57:39 [TUN]: keep_alive_thread: Sending Handshake packet to WireGuard Server success”

      as well as a few lines like these:

      “2024-01-13 19:58:44 [TUN]: keep_alive_thread: Tunnel error detected. Force handshake.  2024-01-13 19:58:44 [TUN]: Sent handshake packet to the WireGuard server at <server_ip>:51820”

      the same wireguard server is still working fine on my phone using the official wireguard app. what could this be?

      #13503
      terijapl
      Participant

        oh and forgot to add, i also tried to remove wiresock, reboot and install again, didn’t fix it sadly.

        #13504
        terijapl
        Participant

          i don’t know what and why, but after an hour the issue just solved itself. though i’d still be happy to find out what happened.

          #13505
          Vadim Smirnov
          Keymaster

            It seems there might be an issue with the Wireguard server or the network route. Gathering additional log entries would be beneficial, particularly to see if any handshakes received responses. Note that VPN restrictions can vary based on your location. For instance, in certain countries like Russia, Wireguard protocols might be blocked, but using a SOCKS5 option for the handshake can circumvent these restrictions. Also, have you attempted to use the same configuration on both your phone and PC at the same time? Employing the same key (configuration) across multiple devices can lead to erratic behavior.

            #13506
            terijapl
            Participant

              thanks for the response. i’m not living anywhere that would cause me extra difficulties in connecting to a VPN, like russia.

              to clarify, the wireguard configurations on my pc and phone are identical except for the private and preshared key. both devices connect to the same vpn via same ip:port using the same internet connection – and using them concurrently never caused me issues in the past.

              i’ll enable logging to have something to provide for later. by the way, is there a way to force wiresock to save the captured packets file somewhere else, like on another drive?

              #13508
              Vadim Smirnov
              Keymaster

                Regrettably, the locations for captured packets and log files in Wiresock are not configurable. This means that it’s not possible to direct Wiresock to save these files to a different drive or a specific location of your choosing.

                #13561
                terijapl
                Participant

                  after almost a month of not having this issue, i just started having this issue again. so i looked deeper.

                  apparently, wiresock is blocking my DNS requests. my primary DNS on my PC is set to my router’s IP, the secondary is my pi-hole instance. when i relaunched wiresock with log-level all, i found the following lines in the log file (WG_DNS_IP is the DNS set in my wireguard conf file):

                  2024-02-22 16:43:28 [FILTER]: Skipping disallowed IP: PROTOCOL 6 : PC_IP -> ROUTER_IP
                  2024-02-22 16:43:34 [FILTER]: Skipping disallowed IP: PROTOCOL 17 : PC_IP -> PIHOLE_IP
                  2024-02-22 16:43:43 [FILTER]: Skipping disallowed IP: PROTOCOL 6 : PC_IP -> PIHOLE_IP
                  2024-02-22 16:43:43 [FILTER]: Dnscache : DNS : PC_IP:63211 -> WG_DNS_IP[ROUTER_IP]:53

                  like flicking a switch, shutting down wiresock unclogs DNS traffic and everything works fine.

                  if this is not enough information, i also have the pcap files. where can i send them to you directly?

                  #13563
                  Vadim Smirnov
                  Keymaster

                    Are you running Wiresock in transparent mode or using a virtual adapter (-lac command line switch)?

                    DNS handling presents a challenge due to the nature of Windows, where all DNS queries originate from the DNSCACHE process, making it difficult to discern the requesting application. By default, if you have a DNS specified in your Wireguard configuration, all DNS queries will be intercepted and routed through the tunnel to the designated DNS server. However, you can modify this behavior by specifying DNSCACHE in DisallowedApps or adding the DNS server to DisallowedIPs.

                    If you’re experiencing issues with DNS resolution, it’s likely that DNS queries or responses are being routed incorrectly, or the DNS server they’re forwarded to is down. In such instances, it would be beneficial to examine packet captures to determine the flow of data and whether responses are being received.

                    • This reply was modified 7 months, 2 weeks ago by Vadim Smirnov.
                    #13564
                    terijapl
                    Participant

                      thank you for your response.

                      i’m not using the -lac parameter so i’m guess i’m running it in transparent mode.

                      thank you for explaining the DNS situation, i never really thought about how it’s handled. i think neither sending all DNS queries to my pi-hole or to the DNS specified in my wireguard config is ideal. however, out of all my AllowedApps specified in the config, the only one that could potentially make DNS requests is firefox, and apparently firefox can be forced to use a different DNS by specifying a SOCKS5 proxy. so it seems like an optimal solution exists for my use-case, just have to figure out how to do it.

                      i’m pretty not good at this, but i’ve had a look at the pcap files with wireshark. seems like what you said about wiresock determining which DNS server to use checks out, my config does not have an MTU specified, thus i see a handful of DNS queries that were sent to my pi-hole and the seemingly correct responses to them. however, when i was having this issue, i was using the ping cmd command to ping a particular website i haven’t visited in a long while (the ping of course failed because it “couldn’t find the host”), and amongst these DNS queries i do not see that website. i don’t know what to make of this.

                      #13565
                      Vadim Smirnov
                      Keymaster

                        my config does not have an MTU specified

                        I assume you’re referring to DNS, correct? If your Wireguard configuration lacks a DNS server, then all DNS queries will default to your regular DNS settings. Consequently, if a website is restricted in your country, by your Internet Service Provider (ISP), or through parental controls, access to these sites may be blocked at DNS level.

                        #13566
                        terijapl
                        Participant

                          that was in reference to your information from previous post that “By default, if you have an MTU specified in your Wireguard configuration, all DNS queries will be intercepted and routed through the tunnel to the designated DNS server”. i guess that was a typo?

                          i do have a DNS (ipv4 and ipv6, though i’m not sure what the ipv6 is for) specified in the config, in the [Interface] section. so in that case my DNS queries should be going to that specified server, but they’re not…?

                          #13568
                          Vadim Smirnov
                          Keymaster

                            i guess that was a typo?

                            Yes, my fault. I have fixed it.

                            i do have a DNS (ipv4 and ipv6, though i’m not sure what the ipv6 is for) specified in the config, in the [Interface] section. so in that case my DNS queries should be going to that specified server, but they’re not…?

                            Your queries may not be directed to the Wireguard DNS if the default DNS server is included in the DisallowedIps list, or if DNSCACHE is part of the DisallowedApps. For instance, if you add your LAN subnet to DisallowedIps and your DNS server resides within this subnet, then DNS queries will be routed to your LAN DNS server instead Wireguard one.

                            #13569
                            terijapl
                            Participant

                              oh okay, makes sense then, i do have my local subnet in DisallowedIps

                            Viewing 13 posts - 1 through 13 (of 13 total)
                            • You must be logged in to reply to this topic.