Forum Replies Created
-
Posts
-
There are two possible approaches to Ethernet bridge implementation:
- Turn on promiscuous mode on both bridged interfaces and relay packets between these.
- Do MAC address translation. This approach is similar to how IP address NAT implemented.
EBRIDGE sample implements the first, it is a bit slower (due to using promiscuous mode) but easier to understand. The only complex part is bridging Wi-Fi to wired LAN, where you still need the MAC address translation.
I would also recommend unchecking the IPv4/IPv6 protocols on the NIC’s you are bridging, especially if you are using MAC address translation because it tends to confuse some routers (two IPs on the same MAC).
Since both your network adapters are wired, the simple approach should work. Just forward packets received from one to another and vice versa without changing them.
You are right, only IP addresses are currently supported.
It is possible to monitor DNS queries and maintain a dynamic database of IP addresses translated to specified FQDNs. But this will only work for traditional DNS, if you are using DNS over HTTPS then these DNS requests cannot be intercepted and traffic routed correctly. I’m not sure if such a feature is in high demand, but I’ll consider adding it when I have some free time.
If this does not work only on a particular Wi-Fi, then the first thing I would do is check the MTU. Try to put 1380 or even 1280.
Thanks, I checked the log and it looks strange. The tunnel appears to be broken at the very beginning, immediately after receiving the response to the handshake. I also noticed that you are running a SOCKS proxy on the same host as the WireGuard Server. I’ve never tested this setup and can’t exclude some sort of network collision going on. Have you tried disabling the SOCKS5 proxy feature? Also could you update to the latest WireSock client 1.2.15? It will be easier if we use the same build.
Are you by any chance running two wireguard clients with the same configuration (keys, etc.)? In such a case, two (or even more) clients will compete for the same slot, causing tunnel errors from time to time.
If not then some logs could help to understand the problem.
В режиме прокси тоже не работает?
Можно запустить как приложение и посмотреть/записать логи. Должно стать понятнее.
Yes, you are right about ExitLag, it does indeed use WinpkFilter to intercept and process network traffic. However, I’m afraid the only way I can suggest for researching how it affects traffic flow is to create two winpkfilter-derived drivers and set one above and one below ExitLag in the stack. Thus, you can capture and record the traffic from these two drivers, save to a PCAP file, and analyze the difference in Wireshark.
Hmm, looks like the problem is in v2rayN. Perhaps his SOCKS5 implementation has issues with UDP support.
It would be helpful to look at the log/PCAP files, however, I would check to see if the handshake packet is being blocked by Windows Firewall on another machine.
Off topic:
Your website blocked in my country, so I need VPN to access it.
Your web server also disallows to accept a post or comment from any kind of non-personal IP address.
I had a really hard time to overcome this issue!SPAM is a real problem, but I’ve just adjusted the spam protection settings a little, I hope this improves your situation.
The problem is using a locally running SOCKS5 proxy (127.0.0.1:1080). WireSock does not currently support this option, it is assumed that the SOCKS5 proxy is running on another machine.
I wouldn’t say it’s anything complicated, just another filter similar to the existing DNS redirect implementation. But at the same time, it requires adding new configuration options and some tests. All in all, it will probably take me a day. So I guess if I won’t have anything urgent, I can dedicate a day to it next weekend.
I think the SMB redirector runs in the context of a system process, so adding something like this to AllowedApps will tunnel more than you really need. However, I think I can add a new setting called AllowedPorts to have AllowedPorts = tcp:139, tcp:445 force SMB traffic into the tunnel.
There is no such example, and although it is not difficult to create one, note that some information is required to build the TCP SYN packet, e.g. source and destination MAC, IP addresses and TCP ports. Requesting all of these options from the command line can be annoying. Any ideas what it might look like?
By the way, please clarify, is your question about constructing a TCP SYN packet or sending it to the network?
