Tunsafe connects over one network interface but not over another

silvertriclops · 2018-09-14 06:38:54

I have a SIM card to a cellular network that is extremely cheap but extremely restrictive, as in only 1 port allows traffic through it so a VPN is necessary. A few days ago, I had that SIM card in my laptop (has built in cellular connectivity) and a task scheduler script to start tunsafe (azire through that port) when I turned on cellular and disconnect when I switched back to wifi, and it was working fine.

Now, it gets stuck on sending handshake when I try to connect through cellular, and never actually connects to the VPN, forcing me to use inferior OpenVPN-based services. However, if I take that SIM out of my laptop and put it in a portable hotspot, then connect my laptop to that hotspot, tunsafe connects fine. Or if I put that SIM in an android phone, the official wireguard client connects and works great. Or if I connect to a non-restrictive wifi network, it connects.

I also remember that on my old laptop, which also had a cellular chip, the same thing happened, and I gave up trying to fix it because I got a new laptop, but now the new one is doing it too. I've already tried multiple combinations of rebooting, uninstalling tunsafe, the tap drivers and my other VPN clients and nothing is working.

Is there any way I can figure out what's going on and how I can fix it?

Update: I just put another sim into my laptop that allows all traffic over its network. Tunsafe still doesn't work, while web browsers and other vpn clients connect fine.

Update 2: Connects over cellular when I disable the wifi network interface itself (not just disconnect), but I really don't want to have to do that every time I want to use cell data.

C:\Users\Jacob>route print
===========================================================================
Interface List
 25...5e f7 b8 60 45 9c ......VPN Client Adapter - VPN
  9...00 ff 49 58 ea 4b ......TAP-Windows Adapter V9
  6...f8 63 3f 4f b7 3b ......Microsoft Wi-Fi Direct Virtual Adapter
 22...fa 63 3f 4f b7 3a ......Microsoft Wi-Fi Direct Virtual Adapter #2
 18...f8 63 3f 4f b7 3a ......Intel(R) Dual Band Wireless-AC 8265
 64...b4 83 bd 51 43 57 ......Generic Mobile Broadband Adapter
 27...f8 63 3f 4f b7 3e ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   100.80.168.149   100.80.168.148    311
          0.0.0.0        128.0.0.0        10.40.0.1      10.40.10.69    102
        10.40.0.0    255.255.224.0         On-link       10.40.10.69    258
      10.40.10.69  255.255.255.255         On-link       10.40.10.69    258
     10.40.31.255  255.255.255.255         On-link       10.40.10.69    258
   100.80.168.148  255.255.255.252         On-link    100.80.168.148    311
   100.80.168.148  255.255.255.255         On-link    100.80.168.148    311
   100.80.168.151  255.255.255.255         On-link    100.80.168.148    311
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0        10.40.0.1      10.40.10.69    102
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    100.80.168.148    311
        224.0.0.0        240.0.0.0         On-link       10.40.10.69    258
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    100.80.168.148    311
  255.255.255.255  255.255.255.255         On-link       10.40.10.69    258
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 64    311 ::/0                     2600:100e:b104:2ef5:f0a1:a7d0:e44b:6775
 64    311 ::/0                     fe80::f0a1:a7d0:e44b:6775
  1    331 ::1/128                  On-link
 64    311 2600:100e:b104:2ef5::/64 On-link
 64    311 2600:100e:b104:2ef5:6875:3e04:e281:79ad/128
                                    On-link
 64    311 2600:100e:b104:2ef5:acb0:8930:49b0:1213/128
                                    On-link
 64    311 2600:100e:b104:2ef5:d9d3:8321:ef62:e9fd/128
                                    On-link
 64    311 fe80::/64                On-link
  9    291 fe80::/64                On-link
 64    311 fe80::acb0:8930:49b0:1213/128
                                    On-link
  9    291 fe80::bd42:33a2:9bcf:a250/128
                                    On-link
  1    331 ff00::/8                 On-link
 64    311 ff00::/8                 On-link
  9    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\Users\Jacob>ipconfig

Windows IP Configuration


Unknown adapter VPN Softether 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter VPN TAP:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::bd42:33a2:9bcf:a250%9
   IPv4 Address. . . . . . . . . . . : 10.40.10.69
   Subnet Mask . . . . . . . . . . . : 255.255.224.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Local Area Connection* 10:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi Direct:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Mobile Broadband adapter Cellular:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2600:100e:b104:2ef5:6875:3e04:e281:79ad
   IPv6 Address. . . . . . . . . . . : 2600:100e:b104:2ef5:acb0:8930:49b0:1213
   Temporary IPv6 Address. . . . . . : 2600:100e:b104:2ef5:d9d3:8321:ef62:e9fd
   Link-local IPv6 Address . . . . . : fe80::acb0:8930:49b0:1213%64
   IPv4 Address. . . . . . . . . . . : 100.80.168.148
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . : 2600:100e:b104:2ef5:f0a1:a7d0:e44b:6775
                                       fe80::f0a1:a7d0:e44b:6775%64
                                       100.80.168.149

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunsafe Log (1.3-rc3 but same result on 1.4, same thing happens whether ipv6 is enabled or not)

[23:32:58] Loading file: C:\Program Files\TunSafe\Config\az-us-53-2-nov6.conf
[23:32:58] TAP Driver Version 9.21 
[23:32:58] Blocking standard DNS on all adapters
[23:32:58] Added Route 107.178.59.60/32  =>  192.168.1.1
[23:32:58] Added Route 0.0.0.0/1  =>  10.40.0.1
[23:32:58] Added Route 128.0.0.0/1  =>  10.40.0.1
[23:32:58] Sending handshake...
[23:32:58] UdpSocketWin32::Write error 0xC000023D    # Sometimes outputs this, sometimes doesn't
[23:33:03] Retrying handshake, attempt 2...
[23:33:34] Retrying handshake, attempt 2...
[23:33:45] Retrying handshake, attempt 2...

Last edited by silvertriclops (2018-09-15 06:37:48)

francisuk1989 · 2018-09-16 22:19:23

Edit:
Have you tried the new NL 10Gbit/s server with port 443? Could be possible that they are blocking ports via the carrier grade NAT to stop other traffic other then port's 80/443

Since IPv6 is an issue for tunsafe for windows (at the moment) i would disable IPv6 into control panel > network and internet > network connections (on all adaptors not bluetooth) and see if this is the issue your facing, Also 100.80.168.xxx looks like a carrier grade nat local address and separated however make sure no other interfaces are conflicting the 10.0.0.0/8 subnet with any other interfaces other then TAP-Windows Adapter V9) adaptor.
[img=FluxBB bbcode test]http://www.davidhouston.info/blog/wp-content/uploads/2016/11/IPv6.jpg[/img]

Last edited by francisuk1989 (2018-09-16 22:53:16)

silvertriclops · 2018-09-17 19:56:54

I know the port isn't the problem because I have other vpns (albeit not nearly as reliable as wireguard) that I run through the same port and they work fine. Also, I tried other ports including 443 and 3128 and they didn't work either. I also disabled ipv6 and that didn't change a thing.

The weird thing is, this morning it started working just fine again. In fact, I'm connected through it on that network right now. It's nice to have it working but I still have no idea what broke it in the first place and what I can do to stop it from happening again.

silvertriclops · 2018-09-24 18:40:49

It stopped working again this morning. As in, I was using it, put my laptop to sleep for a few minutes, came back and it wouldn't connect. I still have no idea why.

wiggo · 2018-09-24 21:40:57

I'll try to replicate the problem on a laptop. What version of Windows do you use in the above situation?

Iron_Overheat · 2018-11-25 19:36:53

I had the same issue as yours. It seems that when TunSafe connects to its first network adapter it will keep trying the same one. At least that's why I concluded, because only when I disabled all network adapters except TAP and the one I wanted to use, it stopped giving me error messages (either hanging on handshake or udp write error, just like you) and finally connected. The same happened when I created a secondary TAP, when I disabled TAP #1 it auto-connected to #2, and would never connect to #2 otherwise. I'm on a laptop as well, Realtek Ethernet and (Qualcomm) Atheros Wi-Fi. Using W10 1809 and TunSafe 1.5-rc1 btw. Best of luck, hope your problem gets fixed too.

Hitchhiker · 2018-12-15 13:11:57

silvertriclops wrote:

I have a SIM card to a cellular network that is extremely cheap but extremely restrictive, as in only 1 port allows traffic through it so a VPN is necessary. A few days ago, I had that SIM card in my laptop (has built in cellular connectivity) and a task scheduler script to start tunsafe (azire through that port) when I turned on cellular and disconnect when I switched back to wifi, and it was working fine.
Now, it gets stuck on sending handshake when I try to connect through cellular, and never actually connects to the VPN, forcing me to use inferior OpenVPN-based services.
Tunsafe Log (1.3-rc3 but same result on 1.4, same thing happens whether ipv6 is enabled or not)
[23:32:58] Loading file: C:\Program Files\TunSafe\Config\az-us-53-2-nov6.conf
[23:32:58] TAP Driver Version 9.21 
[23:32:58] Blocking standard DNS on all adapters
[23:32:58] Added Route 107.178.59.60/32  =>  192.168.1.1
[23:32:58] Added Route 0.0.0.0/1  =>  10.40.0.1
[23:32:58] Added Route 128.0.0.0/1  =>  10.40.0.1
[23:32:58] Sending handshake...
[23:32:58] UdpSocketWin32::Write error 0xC000023D    # Sometimes outputs this, sometimes doesn't
[23:33:03] Retrying handshake, attempt 2...
[23:33:34] Retrying handshake, attempt 2...
[23:33:45] Retrying handshake, attempt 2...

I'm just guessing here, but I think your problem lies with the US host you're trying to connect to i.e. az-us-53-2-nov6. That would seem to be confirmed by the write error you're seeing. As can be seen on the following site error 0xC000023D means the host isn't reachable: http://errorco.de/win32/ntstatus-h/stat … xc000023d/

On the Azire server location site listing the US host in Miami isn't the one in your log, but rather us1-wg1.azirevpn.net See: https://www.azirevpn.com/docs/servers

So drag & drop that one into the Tunsafe UI and hopefully it'll fix the problem.

TimothyJam · 2019-01-29 19:02:02

could you copy and paste them all in to one folder and then import that single folder into SA?

TimothyJam · 2019-01-31 17:38:52

That works fine with pics, but this is a folder full of TL videos that I would like to play as one long video.

TunSafe Forum

#1 2018-09-14 06:38:54

Tunsafe connects over one network interface but not over another

#2 2018-09-16 22:19:23

Re: Tunsafe connects over one network interface but not over another

#3 2018-09-17 19:56:54

Re: Tunsafe connects over one network interface but not over another

#4 2018-09-24 18:40:49

Re: Tunsafe connects over one network interface but not over another

#5 2018-09-24 21:40:57

Re: Tunsafe connects over one network interface but not over another

#6 2018-11-25 19:36:53

Re: Tunsafe connects over one network interface but not over another

#7 2018-12-15 13:11:57

Re: Tunsafe connects over one network interface but not over another

#8 2019-01-29 19:02:02

Re: Tunsafe connects over one network interface but not over another

#9 2019-01-31 17:38:52

Re: Tunsafe connects over one network interface but not over another

Board footer