I have an outbound Wireguard peer connection to REMOTE:41010. Whenever v2raya (and xray) is down, Wireguard works perfectly fine.
However, once I start v2raya, Wireguard stops receiving handshakes, and refuses to operate. tcpdump, however, sees packets returning back:
root@router:~# tcpdump -i any host REMOTE
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
15:49:46.952438 lo In IP LOCAL.42977 > REMOTE.41010: UDP, length 148
15:49:49.077655 pppoe-wan In IP REMOTE.41010 > LOCAL.56808: UDP, length 148
15:49:51.637605 pppoe-wan In IP REMOTE.41010 > LOCAL.56440: UDP, length 148
15:49:51.992452 lo In IP LOCAL.42977 > REMOTE.41010: UDP, length 148
15:49:54.197374 pppoe-wan In IP REMOTE.41010 > LOCAL.56808: UDP, length 148
15:49:56.757495 pppoe-wan In IP REMOTE.41010 > LOCAL.56440: UDP, length 148
...
When I look via netstat -tulpn | grep -E '56808|56440', I can hardly figure out which process receives traffic, however I suspect it's xray-core.
I have v2raya set up to ignore the REMOTE destination address, but to no avail. There are log entries indicating that all traffic passes through the nft ruleset (including outbound Wireguard), and I suspect the return ports end up borked.
How would I impose my own whitelist rules without exploding my configuration to include workarounds?
Hello!
I have an outbound Wireguard peer connection to REMOTE:41010. Whenever v2raya (and xray) is down, Wireguard works perfectly fine.
However, once I start v2raya, Wireguard stops receiving handshakes, and refuses to operate.
tcpdump
, however, sees packets returning back:When I look via
netstat -tulpn | grep -E '56808|56440'
, I can hardly figure out which process receives traffic, however I suspect it'sxray-core
.I have v2raya set up to ignore the REMOTE destination address, but to no avail. There are log entries indicating that all traffic passes through the nft ruleset (including outbound Wireguard), and I suspect the return ports end up borked.
How would I impose my own whitelist rules without exploding my configuration to include workarounds?