Having issues with WireGuard over udp2raw

My config is computer to VPS, connection WiFi over WLAN (192.168.1.x)

WireGuard config on server :

[Interface]
Address = 10.0.0.1/24
PrivateKey = key=+
ListenPort = 51120
#just iptables open ports..
PostUp = /etc/wireguard/up.sh
PostDown = /etc/wireguard/down.sh
[Peer]
PublicKey = key=+
AllowedIPs = 10.0.0.2/24

On the client:

[Interface]
Address = 10.0.0.2/24
PrivateKey = key=+
[Peer]
PublicKey = key=+
AllowedIPs = 0.0.0.0/0
Endpoint = 127.0.0.1:5666
PersistentKeepalive = 25

Case 1: just between Wireguard - work :

(Endpoint = vps-ip:51120 <--> Wireguard work great without udp2raw)

Case 2: just between udp2raw - connected:

On server

udp2raw -s -0.0.0.0:5111 -r 127.0.0.1:51120 -k "passpass" --raw-mode faketcp -a

On client:

udp2raw -c -l127.0.0.1:5666 -r vps-ip:5111 -k "passpass" --raw-mode faketcp -a

Case 3: all together with Endpoint = 127.0.0.1:5666 I lose connection

Endpoint = 127.0.0.1:5666 <--> wont work

WireGuard over udp2raw won’t work, There is no handshake. Why does this happen and why doesn’t it work?

last test : After tested Udp2raw, Udptunnel, Shadowsocks remains the same problem. And after change kernel to 5 , my conclusion problem between (WireGuard- tunnel ) in client-side.

1 Answer

1. `AllowedIPs = 0.0.0.0/0` means everything goes through WireGuard

Except for local connections or anything else with explicit routes in your main routing table. So you need to add an explicit route on your client telling it how to get to the server.

Run ip route on the client to list its main routing table:

$ ip route
default via 192.168.1.1 dev eth0 proto dhcp metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11 metric 100

Find the default route, and note its gateway and interface (in the above example they're 192.168.1.1 and eth0). Then add a new route to your server's IP address (for example, say its 203.0.113.2) using that same gateway and interface:

$ sudo ip route add 203.0.113.2 via 192.168.1.1 dev eth0

2. MTU defaults are too high for udp2raw

So you need to lower the MTU on your WireGuard interface; 1342 is the biggest MTU that might work. Add the following line to the [Interface] section of your WireGuard config (on both server and client):

MTU = 1342

1 Answer

1. `AllowedIPs = 0.0.0.0/0` means everything goes through WireGuard

2. MTU defaults are too high for udp2raw

Your Answer

Sign up or log in

Post as a guest

Related Journals

How can I reduce congestion on the highway coming into the city?

How to determine correct engine to steal on Big Oil: Day 2

I don't want NPCs to get killed by Vampire Attacks. How do I do this?

Can you disassemble items?

1 Answer

1. AllowedIPs = 0.0.0.0/0 means everything goes through WireGuard

2. MTU defaults are too high for udp2raw

Your Answer

Sign up or log in

Post as a guest

Related Journals

How can I reduce congestion on the highway coming into the city?

How to determine correct engine to steal on Big Oil: Day 2

I don't want NPCs to get killed by Vampire Attacks. How do I do this?

Can you disassemble items?

1. `AllowedIPs = 0.0.0.0/0` means everything goes through WireGuard