search

dndx / phantun

Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.
Apache License 2.0
1.71k stars 137 forks source link

Unable to establish Wireguard connection on OpenWRT running OpenClash(meta core) #135

Closed resticDOG closed 1 year ago

resticDOG commented 1 year ago

I have set up the server side and client side correctly according to the README. I have also created the corresponding firewall rules. tcpdump on the server side sees the correct SYN packets. However, on the client side, I'm unable to receive the packets from the server. 

17:20:06.962538 IP new-business-dev-001.63567 > {my_server}.25379: Flags [R], seq 0, win 65535, length 0
17:20:09.042307 IP new-business-dev-001.38772 > {my_server}.25379: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
17:20:10.043535 IP new-business-dev-001.38772 > {my_server}.25379: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
17:20:11.044720 IP new-business-dev-001.38772 > {my_server}.25379: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
17:20:12.045956 IP new-business-dev-001.38772 > {my_server}.25379: Flags [R], seq 0, win 65535, length 0
17:20:14.075082 IP new-business-dev-001.39705 > {my_server}.25379: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
17:20:15.076289 IP new-business-dev-001.39705 > {my_server}.25379: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
17:20:16.077491 IP new-business-dev-001.39705 > {my_server}.25379: Flags [S], seq 0, win 65535, options [nop,wscale 14], length 0
17:20:17.077767 IP new-business-dev-001.39705 > {my_server}.25379: Flags [R], seq 0, win 65535, length 0
tcpdump -i any port 25379

output

17:24:00.488981 IP {my_client}.3032 > 192.168.5.99.25379: Flags [S], seq 0, win 65535, options [mss 536,nop,wscale 14,eol], length 0
17:24:00.488981 IP {my_client}.3032 > 192.168.201.2.25379: Flags [S], seq 0, win 65535, options [mss 536,nop,wscale 14,eol], length 0
17:24:00.489211 IP {my_client}.3032 > 192.168.201.2.25379: Flags [S], seq 0, win 65535, options [mss 536,nop,wscale 14,eol], length 0
17:24:01.490609 IP {my_client}.3032 > 192.168.5.99.25379: Flags [R], seq 0, win 65535, length 0
17:24:01.490609 IP {my_client}.3032 > 192.168.201.2.25379: Flags [R], seq 0, win 65535, length 0
17:24:01.490839 IP {my_client}.3032 > 192.168.201.2.25379: Flags [R], seq 0, win 65535, length 0
17:24:01.490967 IP 192.168.201.2.25379 > {my_client}.3032: Flags [S.], seq 0, ack 1, win 65535, options [nop,wscale 14], length 0
17:24:01.491083 IP 192.168.5.99.25379 > {my_client}.3032: Flags [S.], seq 0, ack 1, win 65535, options [nop,wscale 14], length 0
17:24:01.491376 IP 192.168.201.2.25379 > {my_client}.3032: Flags [R], seq 0, win 65535, length 0
17:24:01.491514 IP 192.168.5.99.25379 > {my_client}.3032: Flags [R], seq 0, win 65535, length 0
resticDOG commented 1 year ago

Solved by setting the "Bypass core source ports" in OpenClash to be the listening port of phantun