WireSock SOCKS5 Issues

Home Forums Discussions Support Portal WireSock SOCKS5 Issues

Tagged: 

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #12231
    WireNoob
    Participant

      Hi

      I can’t get WireSock to work with my SOCKS5 proxy.  The proxy itself is fine since I can use it for firefox without using a VPN. WireSock also works perfectly when removing the proxy setting in the config.

      [Interface]
      PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      Address = 192.168.1.3/24
      DNS = 1.1.1.1

      [Peer]
      PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
      AllowedIPs = 0.0.0.0/0, ::/0
      Endpoint = 94.xxxxxxxxxxxxxxxx:443
      Socks5Proxy = 127.0.0.1:7654
      DisallowedIPs = 192.168.11.111/24

      Terminal output: https://pastebin.com/iPJBJYLT

       

      Please let me know if you need more information.

       

       

      #12232
      WireNoob
      Participant

        I start the proxy with this command: ssh -D 127.0.0.1:7654 xxxx@94.xxxxxxxxx -p80

        #12233
        Vadim Smirnov
        Keymaster

          Unfortunately, the SOCKS5 proxy provided by the SSH client does not support UDP and you cannot use it to forward the handshake. You need to set up a SOCKS5 UDP-enabled proxy (Dante) on the remote machine to use this option.

          #12234
          WireNoob
          Participant

            I’ve never heard of a Dante proxy before. Maybe it’s obvious that WireGuard would need a UDP-enabled proxy, but for me this is all pretty new. I don’t think it is mentioned anywhere in the installation guide so I suggest adding the requirement to help noobs like me in the future.

            I’ll get starting on setting up Dante then.

            Thanks for the help!

            #12235
            WireNoob
            Participant

              I have now set up a Dante server. Sadly, my WireSock still doesn’t work.

              https://pastebin.com/3ZUAyT0P

              It seems like the dante server is working correctly since it says “authentication SUCCESS”, but I’m not sure how I can verify the correct installation on my windows client.

               

              #12236
              Vadim Smirnov
              Keymaster

                According to the wiresock log, the authentication and UDP ASSOCIATE commands succeeded, but the handshake packet did not reach its destination. Most likely, it was blocked by the firewall (iptables or VPS provider). Please check this post for configuration details. They are specific to the Oracle cloud, but should be close to any other VPS.

                #12237
                WireNoob
                Participant

                  My Dante server is running at home. I doubt they will block that IP address and not one from Oracle. Also, I tested WireSock on my 4g hotspot, which hasn’t blocked anything up until now.

                  #12238
                  Vadim Smirnov
                  Keymaster

                    Check if you allowed configured UDP port range on Dante server machine, e.g. for 40000-45000 range it can be done by the command below:

                    iptables -I INPUT -p udp --dport 40000:45000 -j ACCEPT

                    #12239
                    WireNoob
                    Participant

                      No, I did not know this was necessary. I used your command and restarted the server, but nothing changed sadly.

                      #12240
                      Vadim Smirnov
                      Keymaster

                        I’m afraid something is wrong with your Dante server configuration. Unfortunately, it is difficult to guess and advise.

                        #12242
                        WireNoob
                        Participant

                          I followed your guide to make a Dante server in Oracle Cloud. Good news! I managed to make WireSock work with the proxy. The bad news is that it only works on my 4G and not on the network on which I’m trying to get a VPN working. The output of my terminal stays similar to before on that network. I guess the firewall is too smart for this method to work.
                          I think OpenVPN supports full packet encapsulation through a proxy so I might try that.

                          Thanks for the help!

                        Viewing 11 posts - 1 through 11 (of 11 total)
                        • You must be logged in to reply to this topic.