Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

i can not connect to wireguard with wstunnel in windows #252

Closed
evangelme opened this issue Mar 31, 2024 · 8 comments
Closed

i can not connect to wireguard with wstunnel in windows #252

evangelme opened this issue Mar 31, 2024 · 8 comments

Comments

@evangelme
Copy link

evangelme commented Mar 31, 2024
edited
Loading

my wireguard conf client is:
[Interface]
PrivateKey ="-------"
Address = 172.16.0.2/32
DNS = 8.8.8.8
MTU = 1300

[Peer]
PublicKey = "----------"
AllowedIPs = 0.0.0.0/0
Endpoint = 127.0.0.1:51820

and my command for ws tunnel is
start wstunnel.exe client --http-upgrade-path-prefix wstunnel -L "udp://127.0.0.1:51820:127.0.0.1:51820" "wss://85.239.61.247:443"
when i first start wstunnel

Opening TCP connection to 85.239.61.247:443
Doing TLS handshake using SNI IpAddress(85.239.61.247) with the server 85.239.61.247:443

so wstunnel run but when i connect to wireguard it block the wstunnel and i have no connection what should i do?
@AlexTransit
Copy link

Endpoint = 127.0.0.1:51820
localhost may be resolve ipv6

worked on linux
wstunnel client -L 'udp://51820:127.0.0.1:51820?timeout_sec=0' wss://85.239.61.247:443 --http-upgrade-path-prefix=blabla

@evangelme
Copy link
Author

no it did not fix the problem but tnx for reply man
when i connect to wireguard wstunnel dose not work

@erebe
Copy link
Owner

erebe commented Mar 31, 2024

Be sure to disable the kill switch like in #247 (comment)

and don't forget to add a static route to your server.

@evangelme
Copy link
Author

i try this as well but it dose not work but tnx for reply

@erebe
Copy link
Owner

erebe commented Apr 1, 2024

Are you sure you have set a static route to your server ?
If you have done it, and it still does not works, it mean your wireguard is not correctly setup. Try using a specific range of Allowed IPs instead of 0.0.0.0/0 at first

@evangelme
Copy link
Author

evangelme commented Apr 1, 2024
edited
Loading

i find out the problem when you connect the wireguard it block the server wstunnel ip you should use
https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/

for allowed ip for example if your server's ip is: 8.8.8.8 you should block wireguard 8.8.8.8 ip for example in this situation your AllowedIPs should be
AllowedIPs = 0.0.0.0/5, 8.0.0.0/13, 8.8.0.0/21, 8.8.8.0/29, 8.8.8.9/32, 8.8.8.10/31, 8.8.8.12/30, 8.8.8.16/28, 8.8.8.32/27, 8.8.8.64/26, 8.8.8.128/25, 8.8.9.0/24, 8.8.10.0/23, 8.8.12.0/22, 8.8.16.0/20, 8.8.32.0/19, 8.8.64.0/18, 8.8.128.0/17, 8.9.0.0/16, 8.10.0.0/15, 8.12.0.0/14, 8.16.0.0/12, 8.32.0.0/11, 8.64.0.0/10, 8.128.0.0/9, 9.0.0.0/8, 10.0.0.0/7, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/1
to let the client side connect to server.
you can do ip route for windows as well but it is harder.

@erebe thankyou for your great job realllly tnx. do you have plan to do it for andorid and ios?

@erebe erebe closed this as completed Apr 19, 2024
@erebe erebe mentioned this issue May 1, 2024
Closed
@tsurrdurr
Copy link

Hey there. I've encountered the same issue and tried the suggested solutions, namely adding a static route to the system, and allowing this bunch of IPs above.

Can you please verify that I do it correctly?

Executed in CMD:
route ADD 147.45.187.144 MASK 255.255.255.255 192.168.1.1 where 192.168.1.1 is my router. The site is available form the browser OK.
Executed in new CMD:
wstunnel client --http-upgrade-path-prefix "wstunnel" -L udp://127.0.0.1:51820:127.0.0.1:51820 wss://147.45.187.144:443
Wireguard config:

[Peer]
AllowedIPs = 0.0.0.0/5, 8.0.0.0/13, 8.8.0.0/21, ..., 64.0.0.0/2, 128.0.0.0/1

Console client output:

C:\Windows\system32>wstunnel client --http-upgrade-path-prefix "wstunnel" -L udp://127.0.0.1:51820:127.0.0.1:51820 wss://147.45.187.144:443
←[2m2024-05-11T19:20:03.441834Z←[0m ←[32m INFO←[0m ←[2mwstunnel::udp←[0m←[2m:←[0m Starting UDP server listening cnx on 127.0.0.1:51820 with cnx timeout of 30s
←[2m2024-05-11T19:20:08.322355Z←[0m ←[32m INFO←[0m ←[2mwstunnel::udp←[0m←[2m:←[0m New UDP connection from 127.0.0.1:52584
←[2m2024-05-11T19:20:08.322698Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tcp←[0m←[2m:←[0m Opening TCP connection to 147.45.187.144:443
←[2m2024-05-11T19:20:08.390923Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tls←[0m←[2m:←[0m Doing TLS handshake using SNI IpAddress(147.45.187.144) with the server 147.45.187.144:443
←[2m2024-05-11T19:20:08.858382Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tcp←[0m←[2m:←[0m Opening TCP connection to 147.45.187.144:443
←[2m2024-05-11T19:20:08.930946Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tls←[0m←[2m:←[0m Doing TLS handshake using SNI IpAddress(147.45.187.144) with the server 147.45.187.144:443
←[2m2024-05-11T19:20:09.803710Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tcp←[0m←[2m:←[0m Opening TCP connection to 147.45.187.144:443
←[2m2024-05-11T19:20:09.868624Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tls←[0m←[2m:←[0m Doing TLS handshake using SNI IpAddress(147.45.187.144) with the server 147.45.187.144:443
←[2m2024-05-11T19:20:11.536315Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tcp←[0m←[2m:←[0m Opening TCP connection to 147.45.187.144:443
←[2m2024-05-11T19:20:11.602571Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tls←[0m←[2m:←[0m Doing TLS handshake using SNI IpAddress(147.45.187.144) with the server 147.45.187.144:443
←[2m2024-05-11T19:20:14.872682Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tcp←[0m←[2m:←[0m Opening TCP connection to 147.45.187.144:443
←[2m2024-05-11T19:20:14.939026Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tls←[0m←[2m:←[0m Doing TLS handshake using SNI IpAddress(147.45.187.144) with the server 147.45.187.144:443
←[2m2024-05-11T19:20:21.407804Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tcp←[0m←[2m:←[0m Opening TCP connection to 147.45.187.144:443
←[2m2024-05-11T19:20:21.479816Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tls←[0m←[2m:←[0m Doing TLS handshake using SNI IpAddress(147.45.187.144) with the server 147.45.187.144:443
←[2m2024-05-11T19:20:34.353582Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tcp←[0m←[2m:←[0m Opening TCP connection to 147.45.187.144:443
←[2m2024-05-11T19:20:34.422334Z←[0m ←[32m INFO←[0m ←[2mwstunnel::tls←[0m←[2m:←[0m Doing TLS handshake using SNI IpAddress(147.45.187.144) with the server 147.45.187.144:443
←[2m2024-05-11T19:20:38.324841Z←[0m ←[31mERROR←[0m ←[1mtunnel←[0m←[1m{←[0m←[3mid←[0m←[2m=←[0m"018f6919-2b82-7026-99fb-0b7bf26e4921" ←[3mremote←[0m←[2m=←[0m"127.0.0.1:51820"←[1m}←[0m←[2m:←[0m ←[2mwstunnel::tunnel::client←[0m←[2m:←[0m failed to get a connection to the server from the pool: TimedOut

@mamirov
Copy link

mamirov commented Jun 6, 2024

I fixed it on Windows 11 by this steps:
Run the server and the client like as it described in the main wiki page

On the Windows client side:

  1. Add route route ADD <your server ip> <your gateway>
    If you don't know a gateway, you can check it by command route print
    For example: route ADD 132.69.69.69 192.168.1.1 it will pick automatically an interface for the given gateway

  2. Uncheck flag on Wireguard client "Block untunneled traffic"

No need to do the step with AllowedIPs as described above.

@erebe erebe mentioned this issue Aug 9, 2024
Closed
@erebe erebe mentioned this issue Aug 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@erebe @mamirov @AlexTransit @tsurrdurr @evangelme