Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v10.1.3 broke Wireguard over wstunnel with Nginx (error while reading from tunnel rx Unexpected EOF) #365

Closed
Mellowchan opened this issue Oct 8, 2024 · 3 comments
Closed

v10.1.3 broke Wireguard over wstunnel with Nginx (error while reading from tunnel rx Unexpected EOF) #365

Mellowchan opened this issue Oct 8, 2024 · 3 comments
Labels
bug

Comments

@Mellowchan
Copy link

Describe the bug

I have upgraded to the latest version (10.1.3) of wstunnel and my wireguard setup with wstunnel and nginx did break.

To Reproduce

Upgrade to 10.1.3
Downgrading to 10.1.1 fixes the issue. (I did not try 10.1.2)

Expected behavior

Wireguard connects over wstunnel and nginx as it does normally.

Your wstunnel setup

Paste your logs of wstunnel, started with --log-lvl=DEBUG, and with the command line used

  • client
    wireguard (keys are censored):
[Interface]
PrivateKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY=
Address = 192.168.5.2/24
DNS = 8.8.8.8
MTU = 1300

PreUp =  ip route add 8.8.8.8 via "$(ip route get 8.8.8.8 | cut -d" " -f3 | sed -n '1p')" && ip route add 46.39.188.4 via "$(ip route get 46.39.188.4 | cut -d" " -f3 | sed -n '1p')" 
PostDown = ip route delete 46.39.188.4 ; ip route delete 8.8.8.8

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 127.0.0.1:51820
PersistentKeepalive = 20

wstunnel (path prefix is censored):

wstunnel client --log-lvl=TRACE -L 'udp://0.0.0.0:51820:127.0.0.1:51820?timeout_sec=0' --http-upgrade-path-prefix 'ZZZZZZZZZZZZZZZ'' wss://malisek.org:443

log (the end of the log has the actual error message):

2024-10-08T14:51:55.712230Z TRACE hickory_resolver::async_resolver: handle passed back
2024-10-08T14:51:55.712262Z  INFO wstunnel: Starting wstunnel client v10.1.3
2024-10-08T14:51:55.712269Z  INFO wstunnel::protocols::udp::server: Starting UDP server listening cnx on 0.0.0.0:51820 with cnx timeout of 0s
2024-10-08T14:51:59.917660Z  INFO wstunnel::protocols::udp::server: New UDP connection from 127.0.0.1:58755
2024-10-08T14:51:59.917791Z  INFO cnx_server: wstunnel::protocols::tcp::server: Opening TCP connection to malisek.org:443
2024-10-08T14:51:59.917883Z DEBUG cnx_server: hickory_proto::xfer::dns_handle: querying: malisek.org A
2024-10-08T14:51:59.917925Z DEBUG cnx_server: hickory_resolver::name_server::name_server_pool: sending request: [Query { name: Name("malisek.org"), query_type: A, query_class: IN }]
2024-10-08T14:51:59.917968Z DEBUG cnx_server: hickory_resolver::name_server::name_server: reconnecting: NameServerConfig { socket_addr: 8.8.8.8:53, protocol: Udp, tls_dns_name: None, trust_negative_responses: false, tls_config: None, bind_addr: None }
2024-10-08T14:51:59.918001Z DEBUG cnx_server: hickory_proto::xfer: enqueueing message:QUERY:[Query { name: Name("malisek.org"), query_type: A, query_class: IN }]
2024-10-08T14:51:59.918027Z DEBUG cnx_server: hickory_proto::xfer::dns_handle: querying: malisek.org AAAA
2024-10-08T14:51:59.918045Z DEBUG cnx_server: hickory_resolver::name_server::name_server_pool: sending request: [Query { name: Name("malisek.org"), query_type: AAAA, query_class: IN }]
2024-10-08T14:51:59.918063Z DEBUG cnx_server: hickory_resolver::name_server::name_server: existing connection: NameServerConfig { socket_addr: 8.8.8.8:53, protocol: Udp, tls_dns_name: None, trust_negative_responses: false, tls_config: None, bind_addr: None }
2024-10-08T14:51:59.918116Z DEBUG cnx_server: hickory_proto::xfer: enqueueing message:QUERY:[Query { name: Name("malisek.org"), query_type: AAAA, query_class: IN }]
2024-10-08T14:51:59.918169Z DEBUG hickory_proto::udp::udp_client_stream: final message: ; header 19252:QUERY:RD:NoError:QUERY:0/0/0
; query
;; malisek.org. IN A

2024-10-08T14:51:59.918186Z DEBUG hickory_proto::udp::udp_client_stream: final message: ; header 2472:QUERY:RD:NoError:QUERY:0/0/0
; query
;; malisek.org. IN AAAA

2024-10-08T14:51:59.918275Z DEBUG cnx_server: hickory_proto::udp::udp_stream: created socket successfully
2024-10-08T14:51:59.918343Z TRACE cnx_server: hickory_proto::udp::udp_client_stream: creating UDP receive buffer with size 512
2024-10-08T14:51:59.918382Z DEBUG cnx_server: hickory_proto::udp::udp_stream: created socket successfully
2024-10-08T14:51:59.918412Z TRACE cnx_server: hickory_proto::udp::udp_client_stream: creating UDP receive buffer with size 512
2024-10-08T14:51:59.951033Z TRACE cnx_server: hickory_proto::rr::record_data: reading A
2024-10-08T14:51:59.951062Z DEBUG cnx_server: hickory_proto::udp::udp_client_stream: received message id: 19252
2024-10-08T14:51:59.951116Z DEBUG cnx_server: hickory_resolver::error: Response:; header 19252:RESPONSE:RD,RA:NoError:QUERY:1/0/0
; query
;; malisek.org. IN A
; answers 1
malisek.org. 157 IN A 46.39.188.4
; nameservers 0
; additionals 0

2024-10-08T14:51:59.951146Z DEBUG cnx_server: hickory_resolver::error: Response:; header 19252:RESPONSE:RD,RA:NoError:QUERY:1/0/0
; query
;; malisek.org. IN A
; answers 1
malisek.org. 157 IN A 46.39.188.4
; nameservers 0
; additionals 0

2024-10-08T14:51:59.951184Z TRACE cnx_server: hickory_proto::rr::record_data: reading SOA
2024-10-08T14:51:59.951195Z DEBUG cnx_server: hickory_proto::udp::udp_client_stream: received message id: 2472
2024-10-08T14:51:59.951219Z DEBUG cnx_server: hickory_resolver::error: Response:; header 2472:RESPONSE:RD,RA:NoError:QUERY:0/1/0
; query
;; malisek.org. IN AAAA
; answers 0
; nameservers 1
malisek.org. 334 IN SOA ns3.epik.com. support.epik.com. 2022061401 10800 3600 604800 3600
; additionals 0

2024-10-08T14:51:59.951251Z DEBUG cnx_server: hickory_resolver::lookup_ip: one of ipv4 or ipv6 lookup failed in ipv4_and_ipv6 strategy: no record found for Query { name: Name("malisek.org."), query_type: AAAA, query_class: IN }
2024-10-08T14:51:59.951314Z DEBUG wstunnel::protocols::tcp::server: Connecting to 46.39.188.4:443
2024-10-08T14:51:59.963488Z DEBUG cnx_server: wstunnel::protocols::tcp::server: Connected to tcp endpoint 46.39.188.4:443, aborted all other connection attempts
2024-10-08T14:51:59.963530Z  INFO cnx_server: wstunnel::protocols::tls::server: Doing TLS handshake using SNI DnsName("malisek.org") with the server malisek.org:443
2024-10-08T14:51:59.963573Z DEBUG cnx_server: rustls::client::hs: No cached session for DnsName("malisek.org")
2024-10-08T14:51:59.963707Z DEBUG cnx_server: rustls::client::hs: Not resuming any session
2024-10-08T14:51:59.963746Z TRACE cnx_server: rustls::client::hs: Sending ClientHello Message {
   version: TLSv1_0,
   payload: Handshake {
       parsed: HandshakeMessagePayload {
           typ: ClientHello,
           payload: ClientHello(
               ClientHelloPayload {
                   client_version: TLSv1_2,
                   random: 19fcae28a76c34f63c3a8a01be83614dd51f1fbdbe03c26492090a728b8ccc9a,
                   session_id: b4e96546bf3e34330b17a9911c1c5dd9eac6ad14466300d3d7c163c429afc720,
                   cipher_suites: [
                       TLS13_AES_256_GCM_SHA384,
                       TLS13_AES_128_GCM_SHA256,
                       TLS13_CHACHA20_POLY1305_SHA256,
                       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                       TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                       TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                   ],
                   compression_methods: [
                       Null,
                   ],
                   extensions: [
                       Protocols(
                           [
                               ProtocolName(
                                   687474702f312e31,
                               ),
                           ],
                       ),
                       SignatureAlgorithms(
                           [
                               RSA_PKCS1_SHA1,
                               ECDSA_SHA1_Legacy,
                               RSA_PKCS1_SHA256,
                               ECDSA_NISTP256_SHA256,
                               RSA_PKCS1_SHA384,
                               ECDSA_NISTP384_SHA384,
                               RSA_PKCS1_SHA512,
                               ECDSA_NISTP521_SHA512,
                               RSA_PSS_SHA256,
                               RSA_PSS_SHA384,
                               RSA_PSS_SHA512,
                               ED25519,
                               ED448,
                           ],
                       ),
                       PresharedKeyModes(
                           [
                               PSK_DHE_KE,
                           ],
                       ),
                       SessionTicket(
                           Request,
                       ),
                       EcPointFormats(
                           [
                               Uncompressed,
                           ],
                       ),
                       CertificateStatusRequest(
                           Ocsp(
                               OcspCertificateStatusRequest {
                                   responder_ids: [],
                                   extensions: ,
                               },
                           ),
                       ),
                       KeyShare(
                           [
                               KeyShareEntry {
                                   group: X25519,
                                   payload: 5f0ca203373cd564f430981a8b4d5aba9577ee0113f5473bd7cc0137d2937e77,
                               },
                           ],
                       ),
                       SupportedVersions(
                           [
                               TLSv1_3,
                               TLSv1_2,
                           ],
                       ),
                       NamedGroups(
                           [
                               X25519,
                               secp256r1,
                               secp384r1,
                           ],
                       ),
                       ServerName(
                           [
                               ServerName {
                                   typ: HostName,
                                   payload: HostName(
                                       DnsName(
                                           "malisek.org",
                                       ),
                                   ),
                               },
                           ],
                       ),
                       ExtendedMasterSecretRequest,
                   ],
               },
           ),
       },
       encoded: 010000fc030319fcae28a76c34f63c3a8a01be83614dd51f1fbdbe03c26492090a728b8ccc9a20b4e96546bf3e34330b17a9911c1c5dd9eac6ad14466300d3d7c163c429afc7200014130213011303c02cc02bcca9c030c02fcca800ff0100009f0010000b000908687474702f312e31000d001c001a0201020304010403050105030601060308040805080608070808002d0002010100230000000b00020100000500050100000000003300260024001d00205f0ca203373cd564f430981a8b4d5aba9577ee0113f5473bd7cc0137d2937e77002b00050403040303000a00080006001d0017001800000010000e00000b6d616c6973656b2e6f726700170000,
   },
}
2024-10-08T14:51:59.989040Z TRACE cnx_server: rustls::client::hs: We got ServerHello ServerHelloPayload {
   legacy_version: TLSv1_2,
   random: 6b64c1d5314e659da0496aa8b581655fa0dd3cb3ec1db8f96d2cb7adf928e3b6,
   session_id: b4e96546bf3e34330b17a9911c1c5dd9eac6ad14466300d3d7c163c429afc720,
   cipher_suite: TLS13_AES_256_GCM_SHA384,
   compression_method: Null,
   extensions: [
       SupportedVersions(
           TLSv1_3,
       ),
       KeyShare(
           KeyShareEntry {
               group: X25519,
               payload: 4e5b914ecd79ff9d3592ffad96643aaf6e904f81f8ed08b86b740f9bf64ddc49,
           },
       ),
   ],
}
2024-10-08T14:51:59.989139Z DEBUG cnx_server: rustls::client::hs: Using ciphersuite TLS13_AES_256_GCM_SHA384
2024-10-08T14:51:59.989161Z DEBUG cnx_server: rustls::client::tls13: Not resuming
2024-10-08T14:51:59.989172Z TRACE cnx_server: rustls::client::client_conn: EarlyData rejected
2024-10-08T14:51:59.989327Z TRACE cnx_server: rustls::conn: Dropping CCS
2024-10-08T14:51:59.989343Z DEBUG cnx_server: rustls::client::tls13: TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(687474702f312e31)])]
2024-10-08T14:51:59.989358Z DEBUG cnx_server: rustls::client::hs: ALPN protocol is Some(b"http/1.1")
2024-10-08T14:51:59.989399Z TRACE cnx_server: rustls::client::tls13: Server cert is CertificateChain([CertificateDer(0x30820657308205dea00302010202120444d195fc43ceacfbd92cb757e1df623ab4300a06082a8648ce3d0403033032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b3009060355040313024535301e170d3234313030313030343135375a170d3234313233303030343135365a3019311730150603550403130e6d656c6c6f776368616e2e78797a3059301306072a8648ce3d020106082a8648ce3d03010703420004716706c8e991eed9dd8a7867e83254573831aaffdea8700c8b1fe11e9ab2edde410f23f7a5871840d6bd93b8bc1633f5b07284a547de3344a0afecb5223c5899a38204eb308204e7300e0603551d0f0101ff040403020780301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff04023000301d0603551d0e04160414291ccdd27331903ed6bce57c368cfcef162e3302301f0603551d230418301680149f2b5fcf3c214f9d04b7ed2b2cc4c6708bd2d70d305506082b0601050507010104493047302106082b060105050730018615687474703a2f2f65352e6f2e6c656e63722e6f7267302206082b060105050730028616687474703a2f2f65352e692e6c656e63722e6f72672f308202f30603551d11048202ea308202e682156170702e617564696f61636164656d7965752e65758216617070622e617564696f61636164656d7965752e6575821163792e6d656c6c6f776368616e2e78797a820f6465762e6d616c6973656b2e6f726782126465762e6d656c6c6f776368616e2e78797a820d662e6d616c6973656b2e6f72678210662e6d656c6c6f776368616e2e78797a821066696c652e6d616c6973656b2e6f7267821366696c652e6d656c6c6f776368616e2e78797a820f6769742e6d616c6973656b2e6f726782126769742e6d656c6c6f776368616e2e78797a8210696d61702e6d616c6973656b2e6f72678213696d61702e6d656c6c6f776368616e2e78797a82126972632e6d656c6c6f776368616e2e78797a820e69762e6d616c6973656b2e6f7267821169762e6d656c6c6f776368616e2e78797a82106d61696c2e6d616c6973656b2e6f726782136d61696c2e6d656c6c6f776368616e2e78797a820b6d616c6973656b2e6f7267820e6d656c6c6f776368616e2e78797a820f6d75632e6d616c6973656b2e6f726782126d75632e6d656c6c6f776368616e2e78797a820e6e632e6d616c6973656b2e6f726782116e632e6d656c6c6f776368616e2e78797a821170726f78792e6d616c6973656b2e6f7267821470726f78792e6d656c6c6f776368616e2e78797a8210736d74702e6d616c6973656b2e6f72678213736d74702e6d656c6c6f776368616e2e78797a820e73702e6d616c6973656b2e6f7267821173702e6d656c6c6f776368616e2e78797a820f7372782e6d616c6973656b2e6f726782127372782e6d656c6c6f776368616e2e78797a821273747265616d2e6d616c6973656b2e6f7267821573747265616d2e6d656c6c6f776368616e2e78797a821375706c6f6164732e6d616c6973656b2e6f7267821675706c6f6164732e6d656c6c6f776368616e2e78797a820f7777772e6d616c6973656b2e6f72678210786d70702e6d616c6973656b2e6f72678213786d70702e6d656c6c6f776368616e2e78797a30130603551d20040c300a3008060667810c01020130820103060a2b06010401d6790204020481f40481f100ef0075001998107109f0d6522e3080d29e3f64bb836e28ccf90f528eeedfce4a3f16b4ca0000019245bc6511000004030046304402205086c8d291e0829de52f2e03e2546dbe18469a2e84b84f61f81d142667a47b0302204775c8bdcd6c992cca8b52c33e85a4a097ef612f41e063e58b7b06080b156428007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000019245bc652a000004030047304502206e3f86107a2333aa4155a7e711559e198ec37fd5ddcd14554cf3141c4e131ec10221008ad9582de20dc35119fe661fbcc0db88d858ceea3e7d4a20a6cdceec94f1fc90300a06082a8648ce3d0403030367003064023013a16c0c19886ecaa05bec0a22122385a57068556a595a9117bb544ba8b639ca34df9ab586758e80f06b08177caa537202307729b90e8013bd9fe418cc1dc5584304ca501921cc471eb2882f3c69eb4ade472ee7a52a3adc42797fbfb616aae12fdf), CertificateDer(0x308204573082023fa003020102021100838f6c63ceb1398c6206628315c9fdde300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3032310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310b30090603550403130245353076301006072a8648ce3d020106052b81040022036200040d0b3a8a6b618eb6efdc5f58e7c6424554ab63f66661480a2e5975b481023750b73f1679dc98eca1289772201c2ccfd57c52204e54785b84146bc090ae85ecc051413c5a877f064dd4fe60d1fa6c2de17d951088a208540f991a4ce6ea0aacd8a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e041604149f2b5fcf3c214f9d04b7ed2b2cc4c6708bd2d70d301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201001f729d34454241daa4d0b2b2b8d2264ca751258d42daec364896a3ba1aa4c863d8f02fb3cecb9f67e9a09e19ead40d8a550392ca43849d46f1d5ccbadfbac1022871f7bafe6dcc1b64ceac4c321a12b891fcf2e4e8b2acf417b4ba857180e2837291bdb2f0f7dc9f86f4b71fbf52bd96e0e6493806e9734520de6f7c8e60b3f94c3f2a2310c748ccaf5b95c976ff5bcac4ef16182723bec4359c9fcfc2df0b41905f385c955cff2e6c0a7f6aeddd73810a586f4c3b9cdcc75a93f7e3574467555b11af98115101a8dc88c7d7304d59b869a4dff18e92800ced992366695eca890fd4b1b399f25c51df6cede7aed7ff7f7a0e5795777fe791ad62300cf82e031b98bb79a36a726d85fb2c5820fb7a71b6ed6153490867c75aa1c44381584ad532167bfcb23caa53cca981968d27d69571648808b388135fd0bffee82ac9d909627ddbac14e91a86d4e60f18e8b5cee00184bc3ad5cb8f5434f6f27412fdeeb3f797095ead1e2b505c689e9f259b266e34600f9a779af11fe6f75033b30212f534b476ecc762399871c9a000476fc2950605a9fe571719689669e3b207b44ff8e7c3b6f8b63ac6a9c57895eef355b3b7cc96b4636358e829aaa69b272706f02ad780046edc8bb157ce4bae81f1aa647855f6358e173c4615e194827bc5473eb76b111936c082c6dd3fc41a648890261550c4a78e625d5500fd17a35affece65c27)])
2024-10-08T14:51:59.989767Z DEBUG tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::tunnel::transport::websocket: with HTTP upgrade request Request { method: GET, uri: /ZZZZZZZZZZZZZZZ/events, version: HTTP/1.1, headers: {"host": "malisek.org", "upgrade": "websocket", "connection": "upgrade", "sec-websocket-key": "gnFlmHSoP/ZO2gnrNHxwyQ==", "sec-websocket-version": "13", "sec-websocket-protocol": "v1, authorization.bearer.eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjAxOTI2YzlkLTk2MmQtNzUwMi1iNmNhLTJlN2MyMjhlNGFkYSIsInAiOnsiVWRwIjp7InRpbWVvdXQiOm51bGx9fSwiciI6IjEyNy4wLjAuMSIsInJwIjo1MTgyMH0.TTHP3dEiwipeYkR6a2b9uwfTRURtroAbM0ri4wUume0"}, body: Empty }
2024-10-08T14:52:00.003690Z DEBUG tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::tunnel::client::client: Server response: Parts { status: 101, version: HTTP/1.1, headers: {"server": "nginx", "date": "Tue, 08 Oct 2024 14:52:00 GMT", "connection": "upgrade", "upgrade": "websocket", "sec-websocket-accept": "/IIo7EwH9REAfegmrszzFI3/DyU=", "sec-websocket-protocol": "v1"} }
2024-10-08T14:52:00.004792Z ERROR tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::tunnel::transport::io: error while reading from tunnel rx Unexpected EOF
2024-10-08T14:52:00.004819Z  INFO tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::tunnel::transport::io: Closing local <= remote tunnel
2024-10-08T14:52:00.004881Z  INFO tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::tunnel::transport::io: Closing local => remote tunnel
  • server
    wstunnel:
wstunnel server --restrict-to 127.0.0.1:51820 ws://0.0.0.0:33344

log:

Oct 08 16:50:39 base1 wstunnel[1780]: 2024-10-08T14:50:39.541135Z  INFO cnx{peer="127.0.0.1:43410"}:tunnel{id="01926c9c-5c08-7680-9c6a-41802644f781" remote="127.0.0.1:51820"}: wstunnel::protocols::udp::server: Opening UDP connection to 127.0.0.1:51820
Oct 08 16:50:39 base1 wstunnel[1780]: 2024-10-08T14:50:39.541242Z  INFO cnx{peer="127.0.0.1:43410"}:tunnel{id="01926c9c-5c08-7680-9c6a-41802644f781" remote="127.0.0.1:51820"}: wstunnel::tunnel::server::server: connected to Udp { timeout: None } 127.0.0.1:51820
Oct 08 16:50:44 base1 wstunnel[1780]: 2024-10-08T14:50:44.708367Z  INFO cnx{peer="127.0.0.1:57510"}: wstunnel::tunnel::server::server: Accepting connection
Oct 08 16:50:44 base1 wstunnel[1780]: 2024-10-08T14:50:44.708657Z  INFO cnx{peer="127.0.0.1:57510"}:tunnel{id="01926c9c-702d-70a3-b557-5c301176592d" remote="127.0.0.1:51820"}: wstunnel::tunnel::server::server: Tunnel accepted due to matched restriction: Allow All
Oct 08 16:50:44 base1 wstunnel[1780]: 2024-10-08T14:50:44.708697Z  INFO cnx{peer="127.0.0.1:57510"}:tunnel{id="01926c9c-702d-70a3-b557-5c301176592d" remote="127.0.0.1:51820"}: wstunnel::protocols::udp::server: Opening UDP connection to 127.0.0.1:51820
Oct 08 16:50:44 base1 wstunnel[1780]: 2024-10-08T14:50:44.708808Z  INFO cnx{peer="127.0.0.1:57510"}:tunnel{id="01926c9c-702d-70a3-b557-5c301176592d" remote="127.0.0.1:51820"}: wstunnel::tunnel::server::server: connected to Udp { timeout: None } 127.0.0.1:51820
Oct 08 16:51:59 base1 wstunnel[1780]: 2024-10-08T14:51:59.999724Z  INFO cnx{peer="127.0.0.1:55284"}: wstunnel::tunnel::server::server: Accepting connection
Oct 08 16:52:00 base1 wstunnel[1780]: 2024-10-08T14:51:59.999981Z  INFO cnx{peer="127.0.0.1:55284"}:tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::tunnel::server::server: Tunnel accepted due to matched restriction: Allow All
Oct 08 16:52:00 base1 wstunnel[1780]: 2024-10-08T14:52:00.000021Z  INFO cnx{peer="127.0.0.1:55284"}:tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::protocols::udp::server: Opening UDP connection to 127.0.0.1:51820
Oct 08 16:52:00 base1 wstunnel[1780]: 2024-10-08T14:52:00.000134Z  INFO cnx{peer="127.0.0.1:55284"}:tunnel{id="01926c9d-962d-7502-b6ca-2e7c228e4ada" remote="127.0.0.1:51820"}: wstunnel::tunnel::server::server: connected to Udp { timeout: None } 127.0.0.1:51820

nginx.conf (relevant part) (version 1.26.2)

              # wstunnel path
              location /ZZZZZZZZZZZZZZZ/ {
                      proxy_pass http://127.0.0.1:33344;
                      proxy_http_version  1.1;
                      proxy_set_header    Upgrade $http_upgrade;
                      proxy_set_header    Connection "upgrade";
                      proxy_set_header    Host $host;
                      proxy_set_header    X-Real-IP $remote_addr;

                      proxy_connect_timeout       10m;
                      proxy_send_timeout          10m;
                      proxy_read_timeout          90m;
                      send_timeout                10m;
              }

Desktop (please complete the following information):

  • OS: NixOS
  • Version: 24.11.20241006.c31898a (Vicuna) x86_64

Additional context
Server and Client have exactly same versions.
@Mellowchan Mellowchan added the bug label Oct 8, 2024
@erebe
Copy link
Owner

erebe commented Oct 8, 2024

Hello,

Do you have updated also the wstunnel server ?
I don't see any issues with my wireguard, everything is running fine.

If you can provide also :

  • nginx logs during the tunnel
  • a network capture with wstunnel client started with
export SSLKEYLOGFILE=/tmp/wstunnel.keyfile
export TOKIO_WORKERS=1
wstunnel client xxxx

and in other terminal

tcpdump -w capture.pcap -i your_interface dst 192.168.6.1 #replace by your server ip

and your can post the capture.pcap and also the wstunnel.keyfile files

erebe added a commit that referenced this issue Oct 8, 2024
@erebe
fix(#365): correctly downcast websocket cnx when not using tls
c39d84f
@erebe
Copy link
Owner

erebe commented Oct 8, 2024

Hi back,

I managed to reproduce the issue and it should be fixed in latest release https://github.com/erebe/wstunnel/releases/tag/v10.1.4

Let me know if it is ok

@qluo1 qluo1 mentioned this issue Oct 9, 2024
Closed
@Mellowchan
Copy link
Author

Hi back,

I managed to reproduce the issue and it should be fixed in latest release https://github.com/erebe/wstunnel/releases/tag/v10.1.4

Let me know if it is ok

Thank you, I've tested v10.1.4 (both on client and server) and the problem is resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erebe @Mellowchan