[OpenWrt-Devel] TCP can be established but not transfer any data with OFFLOAD ipset wireguard
zhngq2312
zhngq2312 at gmail.com
Sun Apr 28 05:41:49 EDT 2019
If wireguard replaced with other type vpn, this issue still same.
The wireguard iface wg0 added to lan zone by openwrt configuration
/etc/config/firewall.
Then I can access my home network by wireguard, even access the
internet through my home network, so far so good.
But many sites are blocked in this country by GFW. So I add these
sites's domain name to dnsmasq's ipset list,
Add redirect these ipaddress in ipset to a linux PC which run openvpn
to get throuth GFW.
Now every devices in my home network can access the sites blocked by GFW.
But when I use wireguard or other vpn connect to my home network, I
can't visite the blocked sites.
The [syn syn+ack ack] packets get through well, but not the first data packets.
If I use netcat to connect to one blocked site, it can established,
then WAIT A SECOND and type some ramdom data, I can got "HTTP/1.0 400
Bad Request" as expected.
If send data IMMEDIATELY after it established, I can not get any response.
If I connect to a blocked smtp like "nc -vv smtp.gmail.com 25", it
works well, maybe because the server send data first?
If I turn off OFFLOAD, everythings works well.
I setup ipset by these commands
ip route add default via <IP of PC run openvpn> table 100
ip rule add fwmark 1 lookup 100
iptables -t mangle -D OUTPUT -j fwmark
iptables -t mangle -A PREROUTING -j fwmark
iptables -t mangle -A fwmark -m set --match-set <ipset name set by
dnsmasq> dst -j MARK --set-mark 1
Thanks.
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list