-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no route to host #36
Comments
Oh, now I see. It won't work like that. You're trying to use both dtlspipe client and server on the same machine, which makes no sense. dtlspipe wraps traffic into UDP and sends it over the network in encapsulated form of DTLS. Even if you'll run both dtlspipe client and server on the same computer properly, it will send UDP in the same form as it was before encapsulation, because client encapsulates traffic and server decapsulates it to make it usable with original application (wireguard in your case). Normally wireguard client should point to dtlspipe client port, dtlspipe client listens port and points to remote dtlspipe server, dtlspipe server listens port and points to wireguard server. In your case you're trying to point dtlspipe client straight to Cloudflare 1.1.1.1 server. You need to host dtlspipe server somewhere else (e.g. on VPS) and only then dtlspipe server should point to WG endpoint. |
你理解错了,这里的1.1.1.1不是Cloudflare,而是我的服务器ip,只是我在issus中用1.1.1.1来代替。而且dtlspipe客户端和服务器并不是同一台主机上运行。 |
Oh, okay. Can you please try to remove |
I removed |
I'm looking at logs and I see this:
First line is printed when we receive first packet of the connection, it's fine. Second line reports the error. Now take a look at the timing: it happened in less than millisecond. I'm pretty sure something is not letting traffic through on the local machine, otherwise error delay would be much bigger. Now why I'm thinking it has something to do with firewall. Wireguard itself typically installs some firewall rules to not allow any traffic outside of tunnel. Normally modified AllowedIPs fix that, but I feel like it's not the case. Do you use Wireguard from AppStore or you use some custom version of Wireguard? Does it have any additional leak protection options? Can you please try to change them? |
我使用的是AppStore的Wireguard。我本机wg客户端允许0.0.0.0/0,并且我本机没有其他的防火墙开着 |
I'm out of ideas for now. Probably I'll need to test it on Mac myself, but I don't have one at my disposal at this moment. |
我发现了一个问题,在客户端中,也就是我本机,我需要再开启一台虚拟机,确保wg-client和dtlspipe client在不同的主机上,然后在wg-client的conf文件中指向虚拟机的地址就可以正常使用了。 虽然目前解决了问题,但是很奇怪,这应该不是你们设计的方式,或许还是某些地方配置不对,我只是误打误撞成功了 |
Yeah, somehow wg activates and breaks dtlspipe connectivity even though dtlspipe server IP is excluded. |
server
The IP address of this host is 1.1.1.1, and it is running the servers wg and dtlspipe
wg0.conf:
client
This is my local computer, running the
wg
client anddtlspipe
clientwg.conf:
error msg
client msg:
Note: Neither server 1.1.1.1 nor my local computer has firewall enabled
The text was updated successfully, but these errors were encountered: