wg-corplink握手失败: Handshake did not complete after 5 seconds, retrying (try 2)

[cheetahsec]

运行环境是docker镜像，开启debug_wg后观察到错误告警 Handshake did not complete after 5 seconds, retrying (try 2) 详细日志:

[root@bcb352f7efdb tmp]# corplink-rs /etc/corplink/config.json [2024-02-18T07:12:53Z INFO corplink_rs] running corplink-rs@0.4.1 [2024-02-18T07:12:53Z INFO corplink_rs] company name is xxxx(zh)/xxxx(en) server is https://fl.xxx.com:443 [2024-02-18T07:12:53Z INFO corplink_rs::client] cookie file is: /etc/corplink/corplink_cookies.json [2024-02-18T07:12:53Z INFO corplink_rs] not login yet, try to login [2024-02-18T07:12:54Z WARN corplink_rs::client] failed to login with method lark [2024-02-18T07:12:54Z INFO corplink_rs::client] try to login with platform ldap [2024-02-18T07:12:54Z INFO corplink_rs::client] found set-cookie in header, saving cookie [2024-02-18T07:12:54Z INFO corplink_rs::client] found set-cookie in header, saving cookie [2024-02-18T07:12:54Z INFO corplink_rs::client] got 2fa token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [2024-02-18T07:12:54Z INFO corplink_rs] login success [2024-02-18T07:12:54Z INFO corplink_rs] try to connect [2024-02-18T07:12:54Z INFO corplink_rs::client] found set-cookie in header, saving cookie [2024-02-18T07:12:54Z INFO corplink_rs::client] found 1 vpn(s), details: ["BeiJing"] [2024-02-18T07:12:54Z INFO corplink_rs::client] check if udp vpn 106.xx.xx.xx:28801 is available [2024-02-18T07:12:54Z INFO corplink_rs::client] available [2024-02-18T07:12:54Z INFO corplink_rs::client] try to get wg conf from remote [2024-02-18T07:12:54Z INFO corplink_rs::client] 2fa code generated: xxxxxxx, 6 seconds left [2024-02-18T07:12:54Z INFO corplink_rs] start wg-corplink for corplink [2024-02-18T07:12:54Z INFO corplink_rs::wg] start wg-corplink DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Starting wg-corplink version 0.0.20220316-45-g5aa61ff DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Routine: encryption worker 3 - started ... DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Device corplink started DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Routine: decryption worker 9 - started ... [2024-02-18T07:12:54Z INFO corplink_rs::wg] send config to uapi DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Routine: event worker - started DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Interface up requested DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 set uapi DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 UAPI: Updating private key DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Routine: handshake worker 10 - started ... DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 UAPI: Removing all peers ... DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 UDP bind has been updated DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Routine: TUN reader - started ... DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Created DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Removing all allowedips DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Updating endpoint DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Updating persistent keepalive interval DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Adding allowedip DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Adding allowedip DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Adding allowedip DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - UAPI: Adding allowedip DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - Starting DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - Sending keepalive packet DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - Sending handshake initiation DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - Routine: sequential sender - started DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 peer(lBV2…2TGA) - Routine: sequential receiver - started [2024-02-18T07:12:54Z INFO corplink_rs::client] keep alive DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Interface state was Down, requested Up, now Up DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 MTU updated: 1400 DEBUG: wg-corplink(corplink) 2024/02/18 07:12:54 Interface up requested DEBUG: wg-corplink(corplink) 2024/02/18 07:12:59 peer(lBV2…2TGA) - Handshake did not complete after 5 seconds, retrying (try 2) DEBUG: wg-corplink(corplink) 2024/02/18 07:12:59 peer(lBV2…2TGA) - Sending handshake initiation DEBUG: wg-corplink(corplink) 2024/02/18 07:13:04 peer(lBV2…2TGA) - Handshake did not complete after 5 seconds, retrying (try 2) DEBUG: wg-corplink(corplink) 2024/02/18 07:13:04 peer(lBV2…2TGA) - Sending handshake initiation ..... DEBUG: wg-corplink(corplink) 2024/02/18 07:15:24 peer(lBV2…2TGA) - Sending handshake initiation [2024-02-18T07:15:25Z WARN corplink_rs::client] keep alive error: error sending request for url (https://106.xx.xx.xxx:28800/vpn/report?os=Android&os_version=2): connection error: Connection reset by peer (os error 104) [2024-02-18T07:15:25Z INFO corplink_rs] disconnecting vpn...

[PinkD]

可以提供一下飞连的版本吗？最开始的飞连应该是用的默认的 wg-go ，中途某个版本开始就魔改了，不排除最新版再次进行了魔改的可能

[cheetahsec]

感谢回复，飞连的版本? corplink-rs用的是4.2，镜像网络是可以正常连接VPN服务器的，公司的VPN使用最新版官方客户端是可以正常连接的，windows下可以正常使用(FeiLian_Windows_x86_v2.1.30_r1004_4d0255.exe)，客户端主程序CorpLink.exe的文件版本是2.1.21.1415

[PinkD]

可以提供下载地址吗，或者查看 corplink-service.exe 文件中是否有该字符串。这个就是飞连魔改的部分

https://github.com/PinkD/wireguard-go/blob/5aa61ffe5398e555da119d3a1e127417446f4532/corplink/const.go#L3-L4

我这边是 2.2.12 版本，是有这个字符串的：

$ grep "feilian--" corplink-service.exe
Binary file corplink-service.exe matches

[cheetahsec]

有这个字符串，“CorpLink v1 vpn@feilian-----------”

[cheetahsec]

官网连接: https://cdn.isealsuite.com/windows/FeiLian_Windows_x86_v2.1.30_r1004_4d0255.exe

[PinkD]

我试了下，我这边没问题，也可以用这个版本连接。你们的 vpn 开的是 udp 还是 tcp ？目前只支持 udp 。如果 udp 还是有问题的话，我这边暂时也没有什么思路了

[fuergaosi233]

在手动更换了 vpn server name 以后， 问题解决了

[PinkD]

在手动更换了 vpn server name 以后， 问题解决了

@cheetahsec 你也试试？如果有多个可用的 vpn ，手动指定其中一个

[cheetahsec]

在手动更换了 vpn server name 以后， 问题解决了

@cheetahsec 你也试试？如果有多个可用的 vpn ，手动指定其中一个

多谢，我尝试下