Development discussion of WireGuard
 help / color / mirror / Atom feed
* Wireguard Win10 Client not work through an openVPN tunnel on the same machine
       [not found] <CAL5yamu4tnxCS58JbTqPtO4W51CdieZ_S0ntk7VNRV044mLmcQ@mail.gmail.com>
@ 2021-03-02  8:03 ` Peter Whisker
  0 siblings, 0 replies; only message in thread
From: Peter Whisker @ 2021-03-02  8:03 UTC (permalink / raw)
  To: wireguard@lists.zx2c4.com >> WireGuard mailing list

This may be because Wireguard binds to the default route interface which 
is not correct if you want to use another route such as your OpenVPN. It 
also fails with PulseSecure VPN.

As discussed here in the past month, removing the code which binds and 
recompiling Wireguard fixes the problem.

Peter

On Sun, 28 Feb 2021, 22:17 Heiko Kendziorra, <kendziorra@dresearch-fe.de 
<mailto:kendziorra@dresearch-fe.de>> wrote:

    Machine A in Intranet Windows 10 Prof Version : 20H2
    Address 172.1.2.3
    Firewall is open for  webserver und wireguard (8080 tcp, 44444 udp)
    is WireguardServer  Version 0.3.7

    wg.conf:
    PublicKey = A8C8+bRYaqu2MKs2SpwuRRgmwqItYwFFJjk77UtUUxU=
    [Interface]
    PrivateKey = ********************************
    ListenPort = 44444
    Address = 192.168.44.44/32 <http://192.168.44.44/32>
    [Peer]
    PublicKey = JkacJ6IYPUgCOv+OdHN6ZMJ+JRZr6V5/kDzthil/CUs=
    AllowedIPs = 192.168.44.4/32 <http://192.168.44.4/32>
    PersistentKeepalive = 25
    --------------------------------------------------------------------------------
    Machine B extern over openVPN connected with the Intranet Windows 10
    Prof Version : 20H2  (OpenVPN Client running on B)
    Address 172.11.12.13 could reach A over Routing  (Test: Webserver on
    A: 172.1.2.3:8080 <http://172.1.2.3:8080>)
    is WireguardClient Version 0.3.7

    wg.conf:
    PublicKey = JkacJ6IYPUgCOv+OdHN6ZMJ+JRZr6V5/kDzthil/CUs=
    [Interface]
    PrivateKey = **********************
    Address = 192.168.44.4/32 <http://192.168.44.4/32>

    [Peer]
    PublicKey = A8C8+bRYaqu2MKs2SpwuRRgmwqItYwFFJjk77UtUUxU=
    AllowedIPs = 192.168.44.44/32 <http://192.168.44.44/32>
    Endpoint = 172.16.41.20:44444 <http://172.16.41.20:44444>
    PersistentKeepalive = 25
    --------------------------------------------------------------------------------

    Result after Activation
    The Client B could not estable a working Wireguard-Connetion to A :

    Protokoll Server:
    2021-02-27 10:53:02.636: [TUN] [44444] Startup complete
    2021-02-27 10:53:03.615: [TUN] [44444] peer(Jkac…/CUs) - Received
    handshake initiation
    2021-02-27 10:53:03.615: [TUN] [44444] peer(Jkac…/CUs) - Sending
    handshake response
    2021-02-27 10:53:07.821: [TUN] [44444] peer(Jkac…/CUs) - Handshake did
    not complete after 5 seconds, retrying (try 2)
    2021-02-27 10:53:11.480: [MGR] [Wintun] IsPoolMember: Reading pool
    devpkey failed, falling back: Element nicht gefunden. (Code
    0x00000490)
    2021-02-27 10:53:28.626: [TUN] [44444] peer(Jkac…/CUs) - Sending
    handshake initiation
    2021-02-27 10:53:33.794: [TUN] [44444] peer(Jkac…/CUs) - Handshake did
    not complete after 5 seconds, retrying (try 2)
    2021-02-27 10:53:33.794: [TUN] [44444] peer(Jkac…/CUs) - Sending
    handshake initiation
    2021-02-27 10:53:39.094: [TUN] [44444] peer(Jkac…/CUs) - Handshake did
    not complete after 5 seconds, retrying (try 3)
    2021-02-27 10:53:39.094: [TUN] [44444] peer(Jkac…/CUs) - Sending
    handshake initiation
    2021-02-27 10:53:44.286: [TUN] [44444] peer(Jkac…/CUs) - Handshake did
    not complete after 5 seconds, retrying (try 4)
    2021-02-27 10:53:44.286: [TUN] [44444] peer(Jkac…/CUs) - Sending
    handshake initiation
    2021-02-27 10:53:49.549: [TUN] [44444] peer(Jkac…/CUs) - Handshake did
    not complete after 5 seconds, retrying (try 5)
    2021-02-27 10:53:49.549: [TUN] [44444] peer(Jkac…/CUs) - Sending
    handshake initiation

    Protokoll Client:
    2021-02-27 10:53:02.793: [TUN] [test-44444] Startup complete
    2021-02-27 10:53:02.836: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake response
    2021-02-27 10:53:23.530: [TUN] [test-44444] peer(A8C8…UUxU) - Retrying
    handshake because we stopped hearing back after 15 seconds
    2021-02-27 10:53:23.530: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake initiation
    2021-02-27 10:53:27.815: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:53:27.815: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:53:28.815: [TUN] [test-44444] peer(A8C8…UUxU) -
    Handshake did not complete after 5 seconds, retrying (try 2)
    2021-02-27 10:53:32.982: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:53:32.982: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:53:38.283: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:53:38.283: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:53:43.475: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:53:43.475: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:53:48.738: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:53:48.738: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:53:54.066: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:53:54.066: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:53:59.148: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:53:59.148: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:54:04.459: [TUN] [test-44444] peer(A8C8…UUxU) - Received
    handshake initiation
    2021-02-27 10:54:04.459: [TUN] [test-44444] peer(A8C8…UUxU) - Sending
    handshake response
    2021-02-27 10:54:09.601: [TUN] [test-44444] Device closing

    Apparently, the only message that the server has received from the
    client is the one that was sent to the public address on port 44444.
    After that, the client can no longer send a message - but the other
    way round it can.

    Modifikation

    start a Win10 Sandbox on B.
    install the Wireguard Client  there with the same configuration like
    on B
    deactivate  WG-Client on  B
    the Sandbox could reach A over routing through the running Open-VPN of B
    under these conditions, the wiregiard connection can also be
    established!!

    Protokoll Server:
    2021-02-27 11:46:04.958: [TUN] [44444] Startup complete
    2021-02-27 11:46:05.762: [TUN] [44444] peer(Jkac…/CUs) - Received
    handshake initiation
    2021-02-27 11:46:05.762: [TUN] [44444] peer(Jkac…/CUs) - Sending
    handshake response
    2021-02-27 11:46:05.786: [TUN] [44444] peer(Jkac…/CUs) - Receiving
    keepalive packet
    2021-02-27 11:46:13.757: [MGR] [Wintun] IsPoolMember: Reading pool
    devpkey failed, falling back: Element nicht gefunden. (Code
    0x00000490)
    2021-02-27 11:46:30.795: [TUN] [44444] peer(Jkac…/CUs) - Sending
    keepalive packet
    2021-02-27 11:46:30.812: [TUN] [44444] peer(Jkac…/CUs) - Receiving
    keepalive packet

    Protokoll Client:
    2021-02-27 11:46:05.050: [TUN] [wg-test-sandbox] Startup complete
    2021-02-27 11:46:05.065: [TUN] [wg-test-sandbox] peer(A8C8…UUxU) -
    Received handshake response
    2021-02-27 11:46:05.088: [TUN] [wg-test-sandbox] peer(A8C8…UUxU) -
    Receiving keepalive packet
    2021-02-27 11:46:30.093: [TUN] [wg-test-sandbox] peer(A8C8…UUxU) -
    Sending keepalive packet
    2021-02-27 11:46:30.097: [TUN] [wg-test-sandbox] peer(A8C8…UUxU) -
    Receiving keepalive packet

    Heiko Kendziorra


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-03-02  8:03 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CAL5yamu4tnxCS58JbTqPtO4W51CdieZ_S0ntk7VNRV044mLmcQ@mail.gmail.com>
2021-03-02  8:03 ` Wireguard Win10 Client not work through an openVPN tunnel on the same machine Peter Whisker

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git