search

dsnet / udptunnel

Daemon for creating a simple VPN over UDP.
BSD 3-Clause "New" or "Revised" License
172 stars 31 forks source link

"AllowedPorts": [1:65535], #8

Open GANHONG1995 opened 5 years ago

GANHONG1995 commented 5 years ago

how can i Allowe Ports 1................65535? thanks

GANHONG1995 commented 5 years ago

and udp same?

Arnie97 commented 4 years ago 
From: Arnie97 <arnie97@gmail.com>
Date: Sat, 13 Jun 2020 15:51:28 +0800
Subject: [PATCH] allow all ports

---
 filter.go | 37 +------------------------------------
 1 file changed, 1 insertion(+), 36 deletions(-)

diff --git a/filter.go b/filter.go
index 6b54746..0cf4995 100644
--- a/filter.go
+++ b/filter.go
@@ -105,40 +105,5 @@ func (sf *portFilter) Filter(b []byte, d direction) (drop bool) {
    if ip.Version() != 4 {
        return true // No support for tunneling IPv6
    }
+   return false
-   if ip.Protocol() != tcp && ip.Protocol() != udp {
-       return ip.Protocol() != icmp // Always allow ping
-   }
-   src, dst := transportPacket(ip.Body()).Ports()
-   if sf.ports[src] && sf.ports[dst] {
-       return false
-   }
-   switch d {
-   case outbound:
-       if sf.ports[src] && dst > 0 {
-           // Check whether the destination port is somewhere we have received
-           // an inbound packet from.
-           ts := atomic.LoadUint64(&sf.inMap[dst])
-           return timeNow()-ts >= expireTimeout
-       }
-       if sf.ports[dst] && src > 0 {
-           // Allowed outbound packet, remember the source port so that inbound
-           // traffic is allowed to hit that destination port.
-           atomic.StoreUint64(&sf.outMap[src], timeNow())
-           return false
-       }
-   case inbound:
-       if sf.ports[src] && dst > 0 {
-           // Check whether the destination port is somewhere we have sent
-           // an outbound packet to.
-           ts := atomic.LoadUint64(&sf.outMap[dst])
-           return timeNow()-ts >= expireTimeout
-       }
-       if sf.ports[dst] && src > 0 {
-           // Allowed inbound packet, remember the source port so that outbound
-           // traffic is allowed to hit that destination port.
-           atomic.StoreUint64(&sf.inMap[src], timeNow())
-           return false
-       }
-   }
-   return true
 }
arinc9 commented 2 years ago

@Arnie97 this helped me out two years later. Thank you very much!

For anyone (or me) looking at this in the future: Compile the patched version on both sides. Keep the AllowedPorts string on the config, it doesn't matter what port to specify.

Why need this? We need access to all the ports if we're routing internet via the tunnel.

dsnet commented 2 years ago

I recommend checking out https://tailscale.com/. It's free for personal users and does what this project does, but much better and with far more features.

arinc9 commented 2 years ago

Does tailscale use wg(8) to configure the tunnel interfaces? I want to run it on a network where the UDP packets including the WireGuard header, which the header is constructed by wg(8), are blocked.

This is why I currently use your project here.

LindaFerum commented 11 months ago

heh this seems to break for me slightly - connections just drop every n minutes or so. Doesn't happen if I just specify a big array of ports allowed (but that's not practical and sometimes a "bad one" gets hit)

hmmmmm