Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 46 through 60 (of 1,421 total)
  • Author
    Posts
  • in reply to: New WiresockUI install, socks5 issue #13579
    Vadim Smirnov
    Keymaster

      Have you clicked “Save” after modifying the settings? Alternatively, you can start the WireSock client from the command line; it will print the log directly to the console.

      in reply to: New WiresockUI install, socks5 issue #13577
      Vadim Smirnov
      Keymaster

        Could you please try running WireSock with logging enabled and share the log? It may provide insights into what went wrong.

        in reply to: Performance degradation in different setups whit PerfTest #13574
        Vadim Smirnov
        Keymaster

          What method do you employ to measure throughput? Although it’s commonly acceptable to gauge bandwidth using Speedtest.net or Fast.com, relying solely on internet-based services for throughput testing may lack precision. For more accurate results, I suggest setting up another device within your network, ideally connected directly to your wireless router via cable. Configure this device to run iperf3 in server mode. Then, on your laptop, utilize iperf3 in client mode, conducting tests in both direct and reverse orders with a minimum of 8 simultaneous TCP sessions. This approach will yield more reliable and trustworthy results.

          in reply to: sudden wiresock problem – all times out #13568
          Vadim Smirnov
          Keymaster

            i guess that was a typo?

            Yes, my fault. I have fixed it.

            i do have a DNS (ipv4 and ipv6, though i’m not sure what the ipv6 is for) specified in the config, in the [Interface] section. so in that case my DNS queries should be going to that specified server, but they’re not…?

            Your queries may not be directed to the Wireguard DNS if the default DNS server is included in the DisallowedIps list, or if DNSCACHE is part of the DisallowedApps. For instance, if you add your LAN subnet to DisallowedIps and your DNS server resides within this subnet, then DNS queries will be routed to your LAN DNS server instead Wireguard one.

            in reply to: sudden wiresock problem – all times out #13565
            Vadim Smirnov
            Keymaster

              my config does not have an MTU specified

              I assume you’re referring to DNS, correct? If your Wireguard configuration lacks a DNS server, then all DNS queries will default to your regular DNS settings. Consequently, if a website is restricted in your country, by your Internet Service Provider (ISP), or through parental controls, access to these sites may be blocked at DNS level.

              in reply to: sudden wiresock problem – all times out #13563
              Vadim Smirnov
              Keymaster

                Are you running Wiresock in transparent mode or using a virtual adapter (-lac command line switch)?

                DNS handling presents a challenge due to the nature of Windows, where all DNS queries originate from the DNSCACHE process, making it difficult to discern the requesting application. By default, if you have a DNS specified in your Wireguard configuration, all DNS queries will be intercepted and routed through the tunnel to the designated DNS server. However, you can modify this behavior by specifying DNSCACHE in DisallowedApps or adding the DNS server to DisallowedIPs.

                If you’re experiencing issues with DNS resolution, it’s likely that DNS queries or responses are being routed incorrectly, or the DNS server they’re forwarded to is down. In such instances, it would be beneficial to examine packet captures to determine the flow of data and whether responses are being received.

                • This reply was modified 4 months, 3 weeks ago by Vadim Smirnov.
                in reply to: Performance degradation in different setups whit PerfTest #13562
                Vadim Smirnov
                Keymaster

                  I lack sufficient information about your setup and the tools you use for measurements. The issue could stem from various sources, such as incorrect measuring software or conflicts with low-level software installations. To troubleshoot effectively, I recommend conducting tests on a fresh system. Alternatively, consider disabling any virtual bridges or software switches from virtualization software like Hyper-V, VirtualBox, or VMWare.

                  Out of curiosity, I conducted a similar test on my LG Gram Windows 11 laptop equipped with an Intel(R) Wi-Fi 6E AX211 adapter, using the Speedtest website. Here are the results: https://www.speedtest.net/result/15925878463 without dnstrace active and https://www.speedtest.net/result/15925874186 with it enabled.

                  in reply to: Performance degradation in different setups whit PerfTest #13559
                  Vadim Smirnov
                  Keymaster

                    Is the outdated PerfTest responsible alone for the reduced download speed ( 12 Mbit/sec —> 0.1 Mbit/sec ) on Wi-Fi adapter?

                    Could you conduct the test again, this time utilizing more modern example like dnstrace? It provides a limited console output, exclusively parsing DNS packets, and is unlikely to adversely affect network performance.

                    in reply to: Performance degradation in different setups whit PerfTest #13557
                    Vadim Smirnov
                    Keymaster

                      PerfTest, being an outdated example, is not recommended for current use. The post you’re referring to briefly explains how using multiple threads in its architecture might lead to reduced throughput. In essence, improper use of multiple threads can cause TCP packet reordering, which in turn can degrade bandwidth.

                      To see a modern multi-threaded approach in action, take a look at the queued_packet_filter C++ class in ProxiFyre project source code. This model uses one thread for packet reading, another for processing, and additional threads to inject the processed packets throughout the network stack, both upstream and downstream. Such a framework is conducive to developing robust filtering solutions, even for high-capacity 10 Gigabit networks. Worth noting that I’ve also used this C++ class in the WireSock VPN Client.

                      in reply to: Connected to tunnel, but no traffic works #13555
                      Vadim Smirnov
                      Keymaster

                        The official Wireguard client employs a UDP socket and relies on the TCP/IP stack for packet reassembly. In contrast, WireSock, prioritizing performance, directly retrieves packets from the NDIS layer, bypassing the TCP/IP stack. The current version of WireSock does not reassemble fragmented Wireguard packets, operating under the assumption that the MTU is appropriately chosen to prevent fragmentation. While this approach is optimal for performance, it can be confusing for users. Recognizing this, I plan to address and rectify this issue in WireSock when time allows.

                        in reply to: Connected to tunnel, but no traffic works #13551
                        Vadim Smirnov
                        Keymaster

                          Typically, these errors occur in the case of packet fragmentation. Could you please try reducing the MTU and also check if using virtual adapter mode (-lac) makes a difference?

                          in reply to: Getting slower speeds and unstable connection without -lac #13550
                          Vadim Smirnov
                          Keymaster

                            I don’t think it’d be because the virtual adapter setting also uses the same MTU I’m assuming.

                            Yes, you are correct, but the MTU is enforced using different techniques in adapter and adapterless modes.

                            in reply to: Getting slower speeds and unstable connection without -lac #13544
                            Vadim Smirnov
                            Keymaster

                              It’s generally advisable to adjust the MTU on both the client and the server. Remember, changing MTU settings is often a process of trial and error, and what’s optimal can vary depending on your specific network conditions.

                              in reply to: Getting slower speeds and unstable connection without -lac #13538
                              Vadim Smirnov
                              Keymaster

                                Hello,
                                The most notable distinction between WireSock’s virtual adapter mode and its default mode is that the former requires Administrator privileges to configure the virtual network adapter, while the latter does not. Regarding the throughput differences you’ve observed, this is intriguing. In my tests using WireSock in default mode on a 10 Gbps network and iperf3, the speeds reached 5.34 Gbit/sec, compared to 3.66 Gbit/sec for downloads when using the official WireGuard client. Could the MTU settings in your configuration be influencing this? What is the MTU value you are using? Additionally, have you tried reducing the MTU to 1380 to see if it impacts performance?

                                in reply to: Connecting to a domain #13533
                                Vadim Smirnov
                                Keymaster

                                  The precise cause of the issue is unclear, but by using the -log-level all command line option, Wiresock can capture and log all traffic (including both unencrypted and encrypted data) traversing the tunnel into PCAP files. Examining these PCAP files could provide valuable insights into what might have gone wrong in this particular situation. It is recommended to analyze these files for a more detailed understanding of the issue.

                                Viewing 15 posts - 46 through 60 (of 1,421 total)