unbit / vpn-ws Goto Github PK

Only server site can static lib , please let me know how to build with the static library with client side

hi.

yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://mydomain.com/vpn
Password:
[Wed Jul 13 11:36:02 2016] connecting to mydomain.com port 443 (transport: wss)
[Wed Jul 13 11:36:03 2016] vpn_ws_connect()/connect(): Connection refused
[Wed Jul 13 11:36:03 2016] disconnected

how to fix it?
thank u.

./vpn-ws-client vpn-ws0 wss://cctrs.net:943/vpn
[Sun Jul 19 18:51:25 2015] connecting to cctrs.net port 943 (transport: wss)
[Sun Jul 19 18:51:25 2015] vpn_ws_ssl_handshake(): error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 19 18:51:25 2015] disconnected
[Sun Jul 19 18:51:26 2015] connecting to cctrs.net port 943 (transport: wss)
[Sun Jul 19 18:51:26 2015] vpn_ws_ssl_handshake(): error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[Sun Jul 19 18:51:26 2015] disconnected

curl tested https://cctrs.net:943/vpn is OK

Any suggestion? Could vpn-ws-client use tls 1.2 with alpn/npn?

hi.

yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client --exec "ifconfig vpn-ws 192.168.10.2 netmask 255.255.255.0" vpn-ws wss://ws.smt.biz.st:449/ --no-verify
Password:
[Mon Sep 16 10:44:29 2019] vpn_ws_tuntap()/if_nametoindex(): Device not configured
yudeMacBook-Air:vpn-ws brite$

how to fix "Device not configured" issue?
tks

when building on macOS 12.4, got this error

src/ssl.c:83:22: error: 'SSLCreateContext' is deprecated: first deprecated in macOS 10.15 - No longer supported. Use Network.framework. [-Werror,-Wdeprecated-declarations]

kSSLClientSide
kSSLStreamType
SSLSetProtocolVersionMin
...
SSLClose

/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/Security.framework/Headers/SecureTransport.h:1689:1: note: 'SSLRead' has been explicitly marked deprecated here
SSLRead (SSLContextRef context,
^

src/ssl.c:188:2: error: 'SSLClose' is deprecated: first deprecated in macOS 10.15 - No longer supported. Use Network.framework. [-Werror,-Wdeprecated-declarations]

and so more

hi.
i ran ./vpn-ws --tuntap ws0 /run/vpn.sock > /dev/null & in ~/vpn-ws/,
[root@host vpn-ws]# ps aux|grep vpn-ws
root 7935 0.0 0.0 4384 1364 pts/0 S 15:10 0:00 ./vpn-ws --tuntap ws0 /run/vpn.sock
root 7945 0.0 0.1 112716 2380 pts/0 S+ 15:16 0:00 grep --color=auto vpn-ws
[root@host vpn-ws]#
but the interface ws0 isn't generated at all,as i ran ifconfig,i didn't see the interface ws0 shown:

[root@host vpn-ws]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet my-vps-ip netmask 255.255.240.0 broadcast 174.137.63.255
inet6 fe80::a8aa:ff:fe12:2e1c prefixlen 64 scopeid 0x20
ether aa:aa:00:12:2e:1c txqueuelen 1000 (Ethernet)
RX packets 815736 bytes 364317320 (347.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 720135 bytes 341692080 (325.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 19.0.0.1 netmask 255.255.255.0 destination 19.0.0.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 177173 bytes 33083912 (31.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 192633 bytes 158337140 (151.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@host vpn-ws]#

why the interface ws0 isn't generated at all?

Add --vlan switch, enforcing the server to expect vlan-tagged frames. Broadcast, multicast and direct frames must take in account the vlan tag before forwarding a packet.

Thanks to tagged frames, you can "partition" a virtual network.

Hi @unbit
I want to port your VPN to android devices but the android VPN service doesn't allow us to directly access the tuntap and instead of that the android gives us a file descriptor to write/read packets, I don't know c much, can you develop something like this, mean I can send the fd of the android tun to the vpn-ws-client instead tuntap

met this problem in a new machine (debian 11 + Intel Corporation Ethernet Controller I225-V (rev 03) , same configure and same binary have not any problem in all kind of old machine and os, such as debian 10, ubuntu, linuxmint......

Can't build with:

cc   -Wall -Werror -g -o vpn-ws src/main.o src/error.o src/tuntap.o src/memory.o src/bits.o src/base64.o src/exec.o src/websocket.o src/utils.o src/socket.o src/event.o src/io.o src/uwsgi.o src/sha1.o src/macmap.o 
src/ssl.c: In function '_vpn_ws_ssl_wait_read':
src/ssl.c:4:12: error: type of 'fd' defaults to 'int' [-Werror=implicit-int]
 static int _vpn_ws_ssl_wait_read(fd) {
            ^
src/ssl.c: In function '_vpn_ws_ssl_wait_write':
src/ssl.c:15:12: error: type of 'fd' defaults to 'int' [-Werror=implicit-int]
 static int _vpn_ws_ssl_wait_write(fd) {
            ^
cc1: all warnings being treated as errors
make: *** [src/ssl.o] Error 1

Can be fixed by adding types - http://git.altlinux.org/people/enp/packages/?p=vpn-ws.git;a=blobdiff;f=src/ssl.c;h=4f0405cec2c210bd6d4253a66e6ffc3a209d205b;hp=751d101a7daa76943708bebd87f8be12b0ac642c;hb=44bf8b772379f35a1bed4a150081557e3ef5359c;hpb=3d15958bfeb668ae860376f650083ca37146e807

Hello,
I ran this VPN-WS and test it with ping, it was ok. until any large transfer data and ping stop immediately without any error, i should to disconnect and connect to solve the ping, i couldn't find any log to find the issue! may you please help me

Client doesn't support IPv6

    [Wed Apr  1 21:57:45 2015] connecting to <ipv6 address> port 8080 (transport: ws)
    [Wed Apr  1 21:57:46 2015] vpn_ws_connect()/gethostbyname(): unable to resolve name
    [Wed Apr  1 21:57:46 2015] disconnected

It doesn't look like the client supports connecting to the WS server from behind a proxy. Any chance this can be added to the roadmap?

VPN to local proxy? is ok? please

I followed the documentation and created a simple server without auth.
Then, I compiled a client and connected to the server, as the server printed

[Sat Jul  4 21:13:14 2015] registered new peer 5 MAC=1E:8A:66:ED:70:82 REMOTE_ADDR=XXX.XXX.XXX.XXX REMOTE_USER= DN=

and the client printed

[Sun Jul  5 09:13:14 2015] connecting to XXX.XXX.XXX.XXX port 80 (transport: ws)
[Sun Jul  5 09:13:15 2015] connected to XXX.XXX.XXX.XXX port 80 (transport: ws)

Now, I simply visited a web page to show my client IP, but it still displayed my real client IP. I realized that I have not done this step specified in the documentation:

Once your client is connected you can assign it an ip address (or make a dhcp request if one of the connected nodes has a running dhcp server)

I Googled around, and found a simple step on my Ubuntu 14.10:

/sbin/ip link # To show my current network interfaces, and I see vpn-ws0
sudo /sbin/ip addr add 192.168.0.10/24 dev vpn-ws0

No error returned. Then, I re-checked my ip address on a website, it still showed the real client IP.

So, I am wondering what I did wrong.

Hello,

I try to install vpn-ws server using Apache2 (on Debian Jessie) but it's does not work. But with the same client and the same server using Nginx it's work like a charm. On Apache, I'm using mod_uswgi with a simple configuration :

<Location /vpn>
    SetHandler uwsgi-handler
    uWSGISocket 127.0.0.1:5235
</Location>

With this configuration, my client can connect to the server :

brenard@aconit:~/dev/vpn-ws$ ((detached from v0.2)) sudo ./vpn-ws-client --exec "ifconfig vpn0 172.16.0.2 netmask 255.255.255.0; ip link set mtu 1490 dev vpn0; ifconfig vpn0 up" vpn0 ws://vpn-ws.zionetrix.net:80/vpn --no-verify
[Fri Nov 27 20:24:53 2015] connecting to vpn-ws.zionetrix.net port 80 (transport: ws)
[Fri Nov 27 20:24:53 2015] connected to vpn-ws.zionetrix.net port 80 (transport: ws)

And my server see this new client :

root@gaston:~$ ./vpn-ws --tuntap vpn0 127.0.0.1:5235 --exec 'ifconfig vpn0 172.16.0.1 netmask 255.255.255.0; ip link set mtu 1490 dev vpn0; ifconfig vpn0 up'
[Fri Nov 27 20:24:53 2015] registered new peer 8 MAC=02:76:4A:0B:B4:D3 REMOTE_ADDR=109.190.110.196 REMOTE_USER= DN=

But a ping between to host does work. A tcpdump on vpn0 show that ARP request does not get reply.

Do you have an idea what could be the problem ? Do you have an example of functional configuration with apache ? I also try with mod_proxy_uwsgi but I have the same issue..

Thank you