TunSafe Forum

Welcome to the TunSafe Community Forum. This is open for discussions related to TunSafe and the WireGuard protocol.

You are not logged in.

#1 2018-08-13 05:31:18

romeng
Member
Registered: 2018-08-13
Posts: 2

Problems encountered during use in the Chinese network environment

Thanks a lot of developers, let me access applications such as Google through this software. I have encountered some problems in using this software in the China network environment. Although I can connect to the VPN server and access the network, it usually does not exceed 2 minutes. When watching YouTube, the video will suddenly be interrupted, and other web pages will fail to open. Some websites in China are also failing to open, but it is able to open facebook, twitter.How can we solve it?

https://imgchr.com/i/PgFQMQ
https://imgchr.com/i/PgFlrj

Offline

#2 2018-08-14 01:42:27

wiggo
Administrator
Registered: 2018-03-09
Posts: 88

Re: Problems encountered during use in the Chinese network environment

The output in the TunSafe console in your second screenshot seems a bit wierd. Download the latest TunSafe 1.4-rc1. This allows you to see on the Advanced tab how often the handshake fails.

Have some console windows open with ping running and see how they behave when youtube stop working.
For example:
ping 10.0.0.1 -t
ping 8.8.8.8 -t
ping 172.217.17.110 -t
ping 31.13.64.35 -t

Also try another browser when it happens just to be sure.

It's quite easy for firewalls to block WireGuard traffic, but if that would be the case here all of your traffic should stop working, unless the firewall drop WireGuard packets randomly and not all of them.

Offline

#3 2018-08-14 06:03:28

romeng
Member
Registered: 2018-08-13
Posts: 2

Re: Problems encountered during use in the Chinese network environment

Hello administrator, I updated to 1.4RC and tried to use the nodes you provided again. I found that I can only browse some pages after connecting, no more than two minutes, two minutes later, Google's Gmail, Youtube, search, etc. All Google application services failed to connect, but I can access some other websites such as facebook, twitter and so on. Consistent with the situation described last time, I don't know what is going on in the middle. Of course, I pinged the above IPs on the PC, all ping Unicom , but YouTube's IP access connection failed, facebook's no problem.If you have free time, can you help me to look at it remotely?
https://imgchr.com/i/PgXXG9
https://imgchr.com/i/PgXOPJ
https://imgchr.com/i/PgXj2R
https://imgchr.com/i/PgXzKx
https://imgchr.com/i/PgXvx1

Offline

#4 2018-08-20 08:48:04

Siavash
Member
Registered: 2018-05-16
Posts: 8

Re: Problems encountered during use in the Chinese network environment

romeng wrote:

Hello administrator, I updated to 1.4RC and tried to use the nodes you provided again. I found that I can only browse some pages after connecting, no more than two minutes, two minutes later, Google's Gmail, Youtube, search, etc. All Google application services failed to connect, but I can access some other websites such as facebook, twitter and so on. Consistent with the situation described last time, I don't know what is going on in the middle. Of course, I pinged the above IPs on the PC, all ping Unicom , but YouTube's IP access connection failed, facebook's no problem.If you have free time, can you help me to look at it remotely?
https://imgchr.com/i/PgXXG9
https://imgchr.com/i/PgXOPJ
https://imgchr.com/i/PgXj2R
https://imgchr.com/i/PgXzKx
https://imgchr.com/i/PgXvx1

Since you're in china, I would suggest 2 things:

1. Tunesafe free VPN service is not good for you: the Internet filtering authorities already know the server and most likely drop your connections to it. you may wanna try having your own private server and wireguard service listening on a custom port, which address/port is not known to anyone other than you (you can rent VPS services for as low as 5$/month)
2. You may wanna check if you're leaking dns or not. I haven't visited china, but I guess your ISP may spoof dns responses for restricted domains. try this: dnsleaktest.com to see if you leak dns or not

Last edited by Siavash (2018-08-20 08:49:16)

Offline

#5 2018-09-17 08:19:35

francisuk1989
Member
From: West Europe
Registered: 2018-07-05
Posts: 8
Website

Re: Problems encountered during use in the Chinese network environment

Siavash wrote:

you may wanna try having your own private server and wireguard service listening on a custom port, which address/port is not known to anyone other than you (you can rent VPS services for as low as 5$/month)

Also on that note, Make sure is not based on OpenVZ VPS but on a KVM VPS.

Offline

#6 2018-09-17 11:55:36

wiggo
Administrator
Registered: 2018-03-09
Posts: 88

Re: Problems encountered during use in the Chinese network environment

Good point regarding KVM VPS as OpenVZ does not allow to load the WireGuard kernel module. TunSafe for linux can be used if the company has enabled the tun module but most of them keep it disabled.

We could setup a server on an IP that is not listed on the homepage that you could try against so that we can see if this is a "blacklisted ip" issue or a bug. But it just requires a few rules for a firewall to detect WireGuard traffic and blacklist the new IP.

I think scrambling the WG headers and some other changes to the protocol are neccesary for this usercase.

TunSafe has this feature and it can be enabled when compiling the source code. But it requires both peers enable the feature, otherwise they won't be able to establish a connection.

Offline

#7 2018-09-17 23:53:13

francisuk1989
Member
From: West Europe
Registered: 2018-07-05
Posts: 8
Website

Re: Problems encountered during use in the Chinese network environment

wiggo wrote:

Good point regarding KVM VPS as OpenVZ does not allow to load the WireGuard kernel module.

Also keep in mind that OpenVZ is based upon K2.6.32 the last time i looked, Asked jason but says is only designed for K 3.x what is fair play.

wiggo wrote:

TunSafe for linux can be used if the company has enabled the tun module but most of them keep it disabled.

Thats interesting as i thought WG dont need such tun module and based upon ip link commands, keys + iptables, Unless im thinking for KVMs that have Windows on them instead of an linux OS.

Last edited by francisuk1989 (2018-09-17 23:54:29)

Offline

Board footer

Powered by FluxBB