Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 451 through 465 (of 1,496 total)
  • Author
    Posts
  • Vadim Smirnov
    Keymaster

      It is possible to bind to a specific network adapter, but in this case it will not be enough, because wiresock depends on handshake and response intercepted at the NDIS layer, and this will not happen if they are sent over a different network interface. I will think if I can change the design to avoid this dependency.

      If I understand correctly, you have no server side control as it is a Warp server and therefore cannot use traffic obfuscation like https://github.com/dndx/phantun?

      P.S. Just an idea and I’m not sure if it will work out of the box. But what if we configure another server/service to forward obfuscated handshake/response packets between wiresock and Warp+? This is what your secondary VPN service does…

      Vadim Smirnov
      Keymaster

        Since Wiresock client is implemented very similar to Windows version of Warp then I think it should be feasible. But I need a better understanding on what is going on. Could you post a link to the wstunnel you have used? There are at least two different wstunnel projects on github…

        Vadim Smirnov
        Keymaster

          Hmm, sounds interesting, however, could you provide some more details about your configuration? I’m not sure I understand how it works… For example, if first handshake packet is discarded by DPI then why the subsequent handshakes (sent every two minutes) are not? Or all outgoing handshakes are dropped, but once tunnel is established the subsequent handshakes sent by the remote peer while DPI does not expect this behavior?

          Although, if it works, I think it is a matter of time before the DPI starts dropping handshakes in both directions. And maybe we could come up with a better way to avoid blocking…

          in reply to: Blocking all network traffic works for a few minutes only #11874
          Vadim Smirnov
          Keymaster

            Another possibility is that Windows tries to repair WiFi connection by disabling and re-enabling it. This operations effectively switch off filtering, so you have to monitor the network adapters changes by setting an adapter list change event and reconfiguring filtering.

            I think it will be easier to discuss if you post your code here, may be you are doing something wrong.

            in reply to: Blocking all network traffic works for a few minutes only #11872
            Vadim Smirnov
            Keymaster

              Neither ndisapi nor the NDIS driver have no time limit.

              Of course, I cannot guess what exactly happens on your PC, however, for example, it can happen if you have LAN and WiFi (or LTE, or etc..) network interfaces on your computer and both are connected to your router. My laptop is configured this way. Now lets assume that your application is filtering (and blocking packets) on wired network adapter only. By default, Windows uses a wired network adapter, so once you start blocking packets, it looses connectivity as expected. However, Windows detects that the Internet is not available through the default adapter, and after a while it switches to Wi-Fi Connection and you are able to browse Internet again.

              in reply to: Socksify or Wiresock #11870
              Vadim Smirnov
              Keymaster

                Good question,since both can be used for the similar purposes. Although, I would advise WireSock because if SSH tunneling is TCP only then wireguard tunnel also supports UDP and it worth to note that some online games (e.g. Fortnite) use UDP for the transport. And for example, WireSock is used in this GPN.

                in reply to: command socksify #11868
                Vadim Smirnov
                Keymaster

                  Socksify is just a sample code which I created to forward selected application through the SSH session disposing the dynamic port (-D 8888). So,

                  1. It can be any unused local TCP port. Local transparent proxy will use it to listen for incoming connections.
                  2. This is the local SOCKS5 proxy port (for example, 8888 for ssh hostname -D 8888). Application always (hardcoded) assumes that you have SOCKS5 proxy running on 127.0.0.1.

                  If you would like to use SOCKS5 proxy running on the different host then just change the 127.0.0.1 in socksify.cpp:143 to the IP address of your SOCKS proxy ( 198.xxx.xxx.xxx) or make it an input parameter.

                  in reply to: VPN Demo #11836
                  Vadim Smirnov
                  Keymaster

                    Sorry, I’m afraid I have missed your post. But better late than never…

                    GRETUNNEL is very simple console application. Technically you could just create a new console application in VS2019, copy the gretunnel.cpp code into it and add linkage to ndisapi.dll.

                    By the way, you might be interested to look at WinpkFilter based WireGuard VPN client released recently.

                    Vadim Smirnov
                    Keymaster

                      P.P.S. I have performed some research and significantly improved packets re-injection performance in v3.2.31. Thanks for reporting this. By the way building driver with Jumbo frames support could improve the performance over 1 Gbps wire even further.

                      in reply to: State table in memory? #11817
                      Vadim Smirnov
                      Keymaster

                        Yes, lambdas passed to to simple_packet_filter executed in the context of the single thread (created inside simple_packet_filter). However, please note that if your external code (in main application thread) can modify the IP table then synchronization is needed.

                        in reply to: State table in memory? #11815
                        Vadim Smirnov
                        Keymaster

                          Yes, simple_packet_filter is single threaded. And yes, you can declare the table and mutex outside and pass a refences into simple_packet_filter inbound packets processing lambda function.

                          in reply to: State table in memory? #11813
                          Vadim Smirnov
                          Keymaster

                            I’m afraid there is no ready-to-use sample like this… But it is quite easy to do. And sure, if your IP address table is accessed from two or more concurrent threads then some of synchronization is required. For example, you could use std::shared_mutex for this. Packet filtering routine could lock it in shared mode (read lock) and “update table” routine could lock it exclusively.

                            in reply to: State table in memory? #11811
                            Vadim Smirnov
                            Keymaster

                              Well, you could create the filter table using your IP list and load it into the driver.

                              Alternatively you can implement any kind of filtering logic in user space using one of the packet filtering samples as a base.

                              in reply to: State table in memory? #11805
                              Vadim Smirnov
                              Keymaster

                                Hi

                                If you are looking for a simple filter table then you could use built-in filters. Please check the filter sample.

                                in reply to: how to filter package #11803
                                Vadim Smirnov
                                Keymaster

                                  Hi,

                                  • There is a socksify sample on GitHub which demonstrates how to forward selected TCP sessions via SOCKS5 proxy.
                                  • With Developer license:
                                    • You will get the re-branded winpkfilter custom driver build from us. In two words custom build allows to avoid potential software conflicts. You can find more details here.
                                    • You are allowed to distribute winpkfilter drivers as a part of your software.
                                    • You get 1 year of free update and support which may include more advanced/extended sample code. For example, socksify sample mentioned above supports only TCP, but for your purposes you probably also need UDP (e.g., Fortnite uses UDP as a transport) and I could help you with it.
                                Viewing 15 posts - 451 through 465 (of 1,496 total)