Forum Replies Created
-
Posts
-
Good question,since both can be used for the similar purposes. Although, I would advise WireSock because if SSH tunneling is TCP only then wireguard tunnel also supports UDP and it worth to note that some online games (e.g. Fortnite) use UDP for the transport. And for example, WireSock is used in this GPN.
Socksify is just a sample code which I created to forward selected application through the SSH session disposing the dynamic port (-D 8888). So,
1. It can be any unused local TCP port. Local transparent proxy will use it to listen for incoming connections.
2. This is the local SOCKS5 proxy port (for example, 8888 forssh hostname -D 8888). Application always (hardcoded) assumes that you have SOCKS5 proxy running on 127.0.0.1.If you would like to use SOCKS5 proxy running on the different host then just change the 127.0.0.1 in socksify.cpp:143 to the IP address of your SOCKS proxy ( 198.xxx.xxx.xxx) or make it an input parameter.
Sorry, I’m afraid I have missed your post. But better late than never…
GRETUNNEL is very simple console application. Technically you could just create a new console application in VS2019, copy the gretunnel.cpp code into it and add linkage to ndisapi.dll.
By the way, you might be interested to look at WinpkFilter based WireGuard VPN client released recently.
P.P.S. I have performed some research and significantly improved packets re-injection performance in v3.2.31. Thanks for reporting this. By the way building driver with Jumbo frames support could improve the performance over 1 Gbps wire even further.
Yes, lambdas passed to to simple_packet_filter executed in the context of the single thread (created inside simple_packet_filter). However, please note that if your external code (in main application thread) can modify the IP table then synchronization is needed.
Yes, simple_packet_filter is single threaded. And yes, you can declare the table and mutex outside and pass a refences into simple_packet_filter inbound packets processing lambda function.
I’m afraid there is no ready-to-use sample like this… But it is quite easy to do. And sure, if your IP address table is accessed from two or more concurrent threads then some of synchronization is required. For example, you could use std::shared_mutex for this. Packet filtering routine could lock it in shared mode (read lock) and “update table” routine could lock it exclusively.
Well, you could create the filter table using your IP list and load it into the driver.
Alternatively you can implement any kind of filtering logic in user space using one of the packet filtering samples as a base.
Hi
If you are looking for a simple filter table then you could use built-in filters. Please check the filter sample.
Hi,
- There is a socksify sample on GitHub which demonstrates how to forward selected TCP sessions via SOCKS5 proxy.
- With Developer license:
- You will get the re-branded winpkfilter custom driver build from us. In two words custom build allows to avoid potential software conflicts. You can find more details here.
- You are allowed to distribute winpkfilter drivers as a part of your software.
- You get 1 year of free update and support which may include more advanced/extended sample code. For example, socksify sample mentioned above supports only TCP, but for your purposes you probably also need UDP (e.g., Fortnite uses UDP as a transport) and I could help you with it.
Hi and thank you for the feedback!
Currently released version of wg-quick-config can’t show the QR code for the specified configuration. However, it is very easy to fix. Here is an updated wg-quick-config binaries with an extra command line parameter qrcode.
Example:
wg-quick-config -qrcode 1should show QR code for the first existing configuration. Please note that this command line parameter is not compatible with other ones. I will add this option (maybe in a slightly different form) to the next Wiresock update.Configuration file is named config.json and it is stored in the folder from which you executed wg-quick-config for the first time as well as server and clients configurations. In you case if server and client configs are in the System32 folder then just find the config.json there and delete it.
There are actually two ways to filter with ProcessID or ProcessName:
- The easy one is IP Helper API. You can find the details in process_lookup.h
- More complicated one is creating WFP callout driver to track network connections (sockets) creation/termination
The LSP is deprecated and I’m not sure if it is supported on Windows 10.
As for the TCP MSS option you can check CsnatDlg::CheckMTUCorrelation in snatDlg.cpp
I don’t have an open source sample using ICMP fragmentation needed option, but if packet size exceeds MTU and DF flag is set then you can use the function below to convert it to ICMP type 3 code 4 (“fragmentation needed but don’t fragment set”) and forward back to the host.
void convert_to_icmp_unreachable(INTERMEDIATE_BUFFER& buffer) const { auto* eth_header = reinterpret_cast<ether_header_ptr>(buffer.m_IBuffer); auto* ip_header = reinterpret_cast<iphdr_ptr>(buffer.m_IBuffer + ETHER_HEADER_LENGTH); // 1. Copy IP header and 8 bytes of payload after icmp header auto* const next_header = reinterpret_cast<PCHAR>(ip_header) + sizeof(DWORD) * ip_header->ip_hl; const auto payload_length = static_cast<unsigned short>(next_header - reinterpret_cast<char*>(ip_header) + 8); memmove( reinterpret_cast<char*>(eth_header) + ETHER_HEADER_LENGTH + sizeof(iphdr) + sizeof(icmphdr), ip_header, payload_length ); // 2. Swap MAC addresses std::swap(eth_header->h_dest, eth_header->h_source); // 3. Swap IP addresses std::swap(ip_header->ip_dst, ip_header->ip_src); // 4. Initialize IP header ip_header->ip_hl = 5; ip_header->ip_v = 4; ip_header->ip_tos = 0; ip_header->ip_len = htons(sizeof(iphdr) + sizeof(icmphdr) + payload_length); ip_header->ip_off = htons(IP_DF); ip_header->ip_ttl = 30; ip_header->ip_p = IPPROTO_ICMP; // 5. Initialize ICMP header auto* const icmp_header = reinterpret_cast<icmphdr_ptr>(ip_header + 1); icmp_header->type = 3; icmp_header->code = 4; icmp_header->seq = htons(config_.default_adapter->get_mtu()); // Recalculate checksum RecalculateICMPChecksum(&buffer); RecalculateIPChecksum(&buffer); buffer.m_Length = ETHER_HEADER_LENGTH + sizeof(iphdr) + sizeof(icmphdr) + payload_length; }
