Wireguard and OpenVPN Nested Tunnel

Home Forums Discussions Support Portal Wireguard and OpenVPN Nested Tunnel

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #12056
    testuser
    Participant

    I need to tunnel Wireguard thru a OpenVPN tunnel on a Windows client. Is it possible to use Wiresock to create a nested Wireguard  —> OpenVPN tunnel? If possible, can you provide guidance on the configuration?

    I installed OpenVPN and Wirguard Windows clients on a Windows device.  I start the OpenVPN client to establish the OpenVPN tunnel. I then start the Wireguard client and want  to tunnel through the OpenVPN but cannot get it to work.  I removed 0.0.0.0/o and ::0 from the the Wireguard conf file.

    #12057
    Vadim Smirnov
    Keymaster

    I had not tested nested tunnels with Open VPN Client, but I have tested the official Wireguard VPN Client along with Wiresock VPN Client to organize nested VPN tunnels:

    WireSock VPN Client is compatible and can be used with official WireGuard for Windows to organize nested WireGuard tunnels completely on the client side. In such configuration, the official client organizes the external tunnel (to the first WireGuard Server instance) and WireSock VPN Client the internal one (to the second WireGuard Server instance). You only need to remember to adjust MTU parameter for the internal tunnel accordingly to avoid fragmentation and throughput degradation.

    However, I can’t see why it could not work a similar way with Open VPN Client… But please note to use the Wiresock VPN Client instead of the official Wireguard for Windows.

    #12058
    testuser
    Participant

    Thank you for the response.  Can you provide the config files you used to tunnel Wiresock through Wireguard?  I am new to this and trying to learn how to do this.

    #12059
    Vadim Smirnov
    Keymaster

    I’ve just set a nested WireGuard tunnels setup to test and provide you with some examples. Regretfully, there is one problem, the last version of WireGuard for Windows I have tested nested wireguard/wiresock tunnels was v0.5, and it looks one of the more recent updates has broken this setup (internal handshake packet sent by wiresock can’t reach the destination).

    However, recently, I have added a new feature to Wiresock which allows sending a handshake packet through the SOCKS5 server. Please see the related post on bypassing Egypt’s WireGuard ban here. And surprisingly, this allows to resolve the issue, handshake packet is not recognized by stock Wireguard and reaches its destination.

    The Wireguard for Windows configuration (external tunnel):

    [Interface]
    PrivateKey = PRIVATE_KEY_HERE
    Address = 10.10.11.3/24
    DNS = 8.8.8.8, 1.1.1.1
    MTU = 1412
    
    [Peer]
    PublicKey = PUBLIC_KEY_HERE
    AllowedIPs = 0.0.0.0/0
    Endpoint = WIREGUARD_EXTERNAL_SERVER_IP:50812
    PersistentKeepalive = 25

    Wiresock VPN Client configuration(internal tunnel for Chrome browser only):

    [Interface]
    PrivateKey = PRIVATE_KEY_HERE
    Address = 10.66.66.2/32, fd42:42:42::2/128
    DNS = 8.8.8.8, 1.1.1.1
    MTU = 1332
    
    [Peer]
    PublicKey = PUBLIC_KEY_HERE
    AllowedIPs = 0.0.0.0/0, ::/0
    Endpoint = WIREGUARD_INTERNAL_SERVER_IP:50812
    AllowedApps = chrome
    DisallowedIPs = 192.168.1.0/24
    Socks5Proxy = SOCKS5_PROXY_ADDRESS:1080
    Socks5ProxyUsername = SOCKS5_USERNAME
    Socks5ProxyPassword = SOCKS5_PASSWORD

    SOCKS5 handshake feature is not released yet, but if you’re interested in testing it, then you can download binaries here. Just copy these over the installed ones in C:\Program Files\WireSock VPN Client\bin.

    #12060
    testuser
    Participant

    Thank you for the response and taking the time to test and provide a solution.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.