Home › Forums › Discussions › Support › sudden wiresock problem – all times out
- This topic has 12 replies, 2 voices, and was last updated 7 months, 2 weeks ago by terijapl.
-
AuthorPosts
-
January 13, 2024 at 8:03 pm #13502
i had wiresock running as a service, with no modifications, for months. after one of the system reboots, it’s suddenly broken – all apps that are set via “AllowedApps” to connect through the vpn suddenly have no connectivity, only “connection timed out”. additionally, after starting up the service, internet access for apps outside of the “AllowedApps” becomes very slow for about a minute, then returns to normal.
going through the log, i see a lot of the following:
“2024-01-13 19:57:39 [TUN]: keep_alive_thread: Sending Handshake packet to WireGuard Server success”
as well as a few lines like these:
“2024-01-13 19:58:44 [TUN]: keep_alive_thread: Tunnel error detected. Force handshake. 2024-01-13 19:58:44 [TUN]: Sent handshake packet to the WireGuard server at <server_ip>:51820”
the same wireguard server is still working fine on my phone using the official wireguard app. what could this be?
January 13, 2024 at 8:05 pm #13503oh and forgot to add, i also tried to remove wiresock, reboot and install again, didn’t fix it sadly.
January 13, 2024 at 8:45 pm #13504i don’t know what and why, but after an hour the issue just solved itself. though i’d still be happy to find out what happened.
January 15, 2024 at 10:52 am #13505It seems there might be an issue with the Wireguard server or the network route. Gathering additional log entries would be beneficial, particularly to see if any handshakes received responses. Note that VPN restrictions can vary based on your location. For instance, in certain countries like Russia, Wireguard protocols might be blocked, but using a SOCKS5 option for the handshake can circumvent these restrictions. Also, have you attempted to use the same configuration on both your phone and PC at the same time? Employing the same key (configuration) across multiple devices can lead to erratic behavior.
January 15, 2024 at 7:14 pm #13506thanks for the response. i’m not living anywhere that would cause me extra difficulties in connecting to a VPN, like russia.
to clarify, the wireguard configurations on my pc and phone are identical except for the private and preshared key. both devices connect to the same vpn via same ip:port using the same internet connection – and using them concurrently never caused me issues in the past.
i’ll enable logging to have something to provide for later. by the way, is there a way to force wiresock to save the captured packets file somewhere else, like on another drive?
January 18, 2024 at 10:13 am #13508Regrettably, the locations for captured packets and log files in Wiresock are not configurable. This means that it’s not possible to direct Wiresock to save these files to a different drive or a specific location of your choosing.
February 22, 2024 at 4:56 pm #13561after almost a month of not having this issue, i just started having this issue again. so i looked deeper.
apparently, wiresock is blocking my DNS requests. my primary DNS on my PC is set to my router’s IP, the secondary is my pi-hole instance. when i relaunched wiresock with log-level all, i found the following lines in the log file (WG_DNS_IP is the DNS set in my wireguard conf file):
2024-02-22 16:43:28 [FILTER]: Skipping disallowed IP: PROTOCOL 6 : PC_IP -> ROUTER_IP 2024-02-22 16:43:34 [FILTER]: Skipping disallowed IP: PROTOCOL 17 : PC_IP -> PIHOLE_IP 2024-02-22 16:43:43 [FILTER]: Skipping disallowed IP: PROTOCOL 6 : PC_IP -> PIHOLE_IP 2024-02-22 16:43:43 [FILTER]: Dnscache : DNS : PC_IP:63211 -> WG_DNS_IP[ROUTER_IP]:53
like flicking a switch, shutting down wiresock unclogs DNS traffic and everything works fine.
if this is not enough information, i also have the pcap files. where can i send them to you directly?
February 23, 2024 at 5:25 pm #13563Are you running Wiresock in transparent mode or using a virtual adapter (-lac command line switch)?
DNS handling presents a challenge due to the nature of Windows, where all DNS queries originate from the DNSCACHE process, making it difficult to discern the requesting application. By default, if you have a DNS specified in your Wireguard configuration, all DNS queries will be intercepted and routed through the tunnel to the designated DNS server. However, you can modify this behavior by specifying DNSCACHE in DisallowedApps or adding the DNS server to DisallowedIPs.
If you’re experiencing issues with DNS resolution, it’s likely that DNS queries or responses are being routed incorrectly, or the DNS server they’re forwarded to is down. In such instances, it would be beneficial to examine packet captures to determine the flow of data and whether responses are being received.
- This reply was modified 7 months, 2 weeks ago by Vadim Smirnov.
February 23, 2024 at 9:06 pm #13564thank you for your response.
i’m not using the
-lac
parameter so i’m guess i’m running it in transparent mode.thank you for explaining the DNS situation, i never really thought about how it’s handled. i think neither sending all DNS queries to my pi-hole or to the DNS specified in my wireguard config is ideal. however, out of all my AllowedApps specified in the config, the only one that could potentially make DNS requests is firefox, and apparently firefox can be forced to use a different DNS by specifying a SOCKS5 proxy. so it seems like an optimal solution exists for my use-case, just have to figure out how to do it.
i’m pretty not good at this, but i’ve had a look at the pcap files with wireshark. seems like what you said about wiresock determining which DNS server to use checks out, my config does not have an MTU specified, thus i see a handful of DNS queries that were sent to my pi-hole and the seemingly correct responses to them. however, when i was having this issue, i was using the ping cmd command to ping a particular website i haven’t visited in a long while (the ping of course failed because it “couldn’t find the host”), and amongst these DNS queries i do not see that website. i don’t know what to make of this.
February 24, 2024 at 10:55 am #13565my config does not have an MTU specified
I assume you’re referring to DNS, correct? If your Wireguard configuration lacks a DNS server, then all DNS queries will default to your regular DNS settings. Consequently, if a website is restricted in your country, by your Internet Service Provider (ISP), or through parental controls, access to these sites may be blocked at DNS level.
February 24, 2024 at 11:13 am #13566that was in reference to your information from previous post that “By default, if you have an MTU specified in your Wireguard configuration, all DNS queries will be intercepted and routed through the tunnel to the designated DNS server”. i guess that was a typo?
i do have a DNS (ipv4 and ipv6, though i’m not sure what the ipv6 is for) specified in the config, in the [Interface] section. so in that case my DNS queries should be going to that specified server, but they’re not…?
February 24, 2024 at 11:35 am #13568i guess that was a typo?
Yes, my fault. I have fixed it.
i do have a DNS (ipv4 and ipv6, though i’m not sure what the ipv6 is for) specified in the config, in the [Interface] section. so in that case my DNS queries should be going to that specified server, but they’re not…?
Your queries may not be directed to the Wireguard DNS if the default DNS server is included in the DisallowedIps list, or if DNSCACHE is part of the DisallowedApps. For instance, if you add your LAN subnet to DisallowedIps and your DNS server resides within this subnet, then DNS queries will be routed to your LAN DNS server instead Wireguard one.
February 24, 2024 at 11:53 am #13569oh okay, makes sense then, i do have my local subnet in DisallowedIps
-
AuthorPosts
- You must be logged in to reply to this topic.