TunSafe Forum

Welcome to the TunSafe Community Forum. This is open for discussions related to TunSafe and the WireGuard protocol.

You are not logged in.

#1 2018-10-22 00:09:54

ludde
Administrator
Registered: 2018-03-09
Posts: 128

New Release Candidate available: TunSafe v1.5-rc1

2018-10-21 - TunSafe v1.5-rc1

Changes:
1.The kill switch is now remembered across computer restarts and
  is deactivated when disconnecting. Without this behavior, the
  kill switch is unusable when auto connecting on Windows startup.
2.The kill switch now turns off on disconnect, but can be configured
  to remain active. A turn off button is shown in that case.
3.The kill switch can be configured to not block local networks,
  this is used only for the firewall based kill switch.
4.Allow multiple DNS servers
5.Now the 'tunsafe' command line tool exists, which supports
  wg compatible configuration and statistics printing. The names
  of the adapters are the same as the adapters in the Control
  Panel network settings. It's used only when TunSafe runs
  in service mode.
6.The 'tunsafe' command line tool supports multiple wireguard
  sessions simultaneously using different tun interfaces.
7.Optimize IpToPeerMap for faster lookup using a trie.
8.Print a notice if a route we're trying to add already exists,
  perhaps will make it easier to debug issues.
9.Resolve DNS queries using a background thread, to make it
  possible to interrupt slow DNS queries.
10.IPv6 endpoint was printed incorrectly on the Advanced tab
11.Show an error message and drop packets if the TUN queue grows
   too large. This is a problem with the TAP NDIS6 driver on Win7.
12.Bundle the TunSafe-TAP installer instead of downloading it.
13.Don't show empty directories in the server list.

Offline

#2 2018-10-22 14:08:25

Rainmaker
Member
Registered: 2018-08-05
Posts: 24

Re: New Release Candidate available: TunSafe v1.5-rc1

Excellent work ludde. Nice to see the LAN being allowed through the kill switch. Thanks for listening to feedback and working so quickly! This app is excellent.

Offline

#3 2018-10-25 15:47:46

Vansinne
Member
Registered: 2018-05-01
Posts: 10

Re: New Release Candidate available: TunSafe v1.5-rc1

New RC working a-okay! Killswitch is much more convenient to use now.

Offline

#4 2018-10-28 22:04:05

forumuser
Member
Registered: 2018-06-14
Posts: 25

Re: New Release Candidate available: TunSafe v1.5-rc1

13.Don't show empty directories in the server list

Thanks! But can you extend it to NOT show a folder if it DOESN'T contain at least one .conf file?

Offline

#5 2018-10-28 22:32:29

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: New Release Candidate available: TunSafe v1.5-rc1

forumuser wrote:

13.Don't show empty directories in the server list

Thanks! But can you extend it to NOT show a folder if it DOESN'T contain at least one .conf file?

I thought that's what it's doing now? Explain...

Offline

#6 2018-10-28 22:36:35

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: New Release Candidate available: TunSafe v1.5-rc1

Ah you mean it's also showing things that are not named .conf ...

Offline

#7 2018-10-29 23:18:36

forumuser
Member
Registered: 2018-06-14
Posts: 25

Re: New Release Candidate available: TunSafe v1.5-rc1

For example I have a folder name "@Scripts" in my tunsafe config folder
This folder does not contain any .conf files at all (but some .bat files that are executed through TunSafe when a connection is established / dropped). This folder is shown while it shouldn't smile

Offline

#8 2018-12-15 20:45:04

laterdaze
Member
Registered: 2018-12-13
Posts: 6

Re: New Release Candidate available: TunSafe v1.5-rc1

I am testing v1.5-rc1 on the following windows configuration, a server and two peers.
#Server conf file

[Interface]
PrivateKey = SRVR_PRI_KEY
ListenPort = 51820
Address = 10.5.0.1/24

[Peer]
# Client 1
PublicKey = PEER_1_PUB_KEY
AllowedIPs = 10.5.0.2/32, 192.168.2.0/24

[Peer]
# Client 2
PublicKey = PEER_2_PUB_KEY
AllowedIPs = 10.5.0.3/32, 192.168.1.0/24

#Peer 1 conf file

[Interface]
PrivateKey = PEER_1_PRI_KEY
Address = 10.5.0.2/24

[Peer]
PublicKey = SRVR_PUB_KEY
AllowedIPs = 10.5.0.1/32,192.168.1.0/24
Endpoint = x.x.x.x:51820
PersistentKeepalive = 15

#Peer 2 conf file

[Interface]
PrivateKey = PEER_2_PRI_KEY
Address = 10.5.0.3/24

[Peer]
PublicKey = SRVR_PUB_KEY
AllowedIPs = 10.5.0.1/32, 192.168.2.1/24
Endpoint = x.x.x.x:51820
PersistentKeepalive = 15

Both peers have their respective LAN subnets as AllowedIP's.

With the peers connected both can ping the server.
From the server I can ping peer 1 but not peer 2.

Tunsafe server has added the routes below. Seems like the gateway for 192.168.2.0/24 should be routed to 10.5.0.3, or am I missing something? The Windows routing table shows the same routes.

[11:22:10] Loading file: C:\Program Files\TunSafe\Config\wrh-ryzen-server.conf
[11:22:10] TAP Driver Version 9.21
[11:22:10] Added Route 192.168.1.0/24  =>  10.5.0.2
[11:22:10] Added Route 192.168.2.0/24  =>  10.5.0.2
[11:22:16] Connection established. IP 10.5.0.1

Last edited by laterdaze (2018-12-15 20:45:40)

Offline

#9 2018-12-15 20:59:23

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: New Release Candidate available: TunSafe v1.5-rc1

The stuff to the right of the => doesn't really matter. TunSafe just pick an IP inside of the "10.5.0.1/24" range, so that the routes will be routed to the virtual TAP network adapter.

What happens if you change the IP of Peer 1 to 10.5.0.4 ? Can you then ping peer1 or peer2 or both?

Offline

#10 2018-12-15 22:06:41

laterdaze
Member
Registered: 2018-12-13
Posts: 6

Re: New Release Candidate available: TunSafe v1.5-rc1

Behavior is the same.  I have wireshark on the server and can see both pings being sent by 10.5.0.1 and one peer does not respond. I will put wireshark on the unresponsive peer and report the results.  May take a few minutes...

Offline

#11 2018-12-15 22:34:49

laterdaze
Member
Registered: 2018-12-13
Posts: 6

Re: New Release Candidate available: TunSafe v1.5-rc1

I changed the peers Addresses.
Working peer:
1    0.000000    10.5.0.1    10.5.0.20    ICMP    74    Echo (ping) request  id=0x0001, seq=12272/61487, ttl=128 (reply in 2)
2    0.000144    10.5.0.20    10.5.0.1    ICMP    74    Echo (ping) reply    id=0x0001, seq=12272/61487, ttl=128 (request in 1)
Unresponsive peer:
1    0.000000    10.5.0.1    10.5.0.30    ICMP    74    Echo (ping) request  id=0x0001, seq=12012/60462, ttl=128 (no response found!)
2    4.992334    10.5.0.1    10.5.0.30    ICMP    74    Echo (ping) request  id=0x0001, seq=12018/61998, ttl=128 (no response found!)

Must be a setting in Windows not allowing pings?

Offline

#12 2018-12-15 23:04:28

laterdaze
Member
Registered: 2018-12-13
Posts: 6

Re: New Release Candidate available: TunSafe v1.5-rc1

In Windows Firewall had to enable "File and Printer Sharing(Echo Request - ICMPV4-in) on Local subnet. Thanks! I did not have to do that on the working peer so there must be some other windows setting that turns it on without saying anything.

My next step is to allow access from the peers to LAN IP's on the server.  If someone reading knows a method to make that work please enlighten me.

Last edited by laterdaze (2018-12-15 23:05:16)

Offline

Board footer

Powered by FluxBB