You are not logged in.

#1 2022-11-05 21:31:12

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

I am on a network that seems to be blocking wireguard connections.  Verified with both a commerical VPN service provider as well as my own home server.  I am looking for suggestions for udp ports to try switching the WG over to that might not be blocked assuming they are not using some technique that blocks any wireguard traffic.  So far I tried and failed to connect to a wireguard peer running on ports, 500, 1194, 1500, 4500, 51820, and 51888.

Last edited by graysky (2023-12-17 14:58:30)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2022-11-05 22:18:43

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

Hotel WiFis most likely allow only https and mail protocols. You can try UDP port 443 - but chances are slim for this simple trick to work.

Some public WiFis allow UDP port 53.

Offline

#3 2022-11-05 22:45:04

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

Try 53 as that's usually used for DNS?


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#4 2022-11-05 22:51:38

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,963
Website

Re: Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

Have you already tried loading a page via HTTP without the VPN? Some hotels will intercept all traffic to redirect you to a local server's webpage where you have to accept their TOS before other traffic is allowed through.


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#5 2022-11-06 08:52:15

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

Thanks for the replies, all.  I will try 443/udp and 53/udp.  I did try loading a page/there was no redirect.  Web browsing works as expected when the VPN is not connected.  Browsers hang when it is connected.  When I look at the output of wg on the home server, there no evidence that it connected.  That is consistent with the logs on the wireguard app itself.

2022-11-05 15:22:59.205912: [NET] App version: 1.0.15 (26)
2022-11-05 15:22:59.206042: [NET] Starting tunnel from the OS directly, rather than the app
2022-11-05 15:22:59.434059: [NET] DNS64: mapped xxx.xxx.xxx.xxx to itself.
2022-11-05 15:22:59.435425: [NET] Attaching to interface
2022-11-05 15:22:59.436179: [NET] UAPI: Updating private key
2022-11-05 15:22:59.436173: [NET] Routine: handshake worker 3 - started
2022-11-05 15:22:59.436234: [NET] Routine: decryption worker 2 - started
2022-11-05 15:22:59.436244: [NET] Routine: encryption worker 2 - started
2022-11-05 15:22:59.436489: [NET] Routine: decryption worker 3 - started
2022-11-05 15:22:59.436532: [NET] Routine: encryption worker 3 - started
2022-11-05 15:22:59.436605: [NET] Routine: handshake worker 2 - started
2022-11-05 15:22:59.436659: [NET] Routine: decryption worker 5 - started
2022-11-05 15:22:59.436793: [NET] Routine: encryption worker 1 - started
2022-11-05 15:22:59.436856: [NET] Routine: encryption worker 4 - started
2022-11-05 15:22:59.436864: [NET] UAPI: Removing all peers
2022-11-05 15:22:59.436903: [NET] Routine: decryption worker 1 - started
2022-11-05 15:22:59.436924: [NET] Routine: decryption worker 6 - started
2022-11-05 15:22:59.436940: [NET] Routine: handshake worker 6 - started
2022-11-05 15:22:59.436969: [NET] Routine: TUN reader - started
2022-11-05 15:22:59.437424: [NET] Routine: handshake worker 1 - started
2022-11-05 15:22:59.437493: [NET] Routine: decryption worker 4 - started
2022-11-05 15:22:59.437554: [NET] Routine: encryption worker 5 - started
2022-11-05 15:22:59.437553: [NET] peer(fTiT…qSc) - UAPI: Created
2022-11-05 15:22:59.437572: [NET] Routine: handshake worker 4 - started
2022-11-05 15:22:59.437610: [NET] Routine: handshake worker 5 - started
2022-11-05 15:22:59.437654: [NET] Routine: encryption worker 6 - started
2022-11-05 15:22:59.437674: [NET] peer(fTiT…qSc) - UAPI: Updating preshared key
2022-11-05 15:22:59.437755: [NET] Routine: event worker - started
2022-11-05 15:22:59.437901: [NET] peer(fTiT…qSc) - UAPI: Updating endpoint
2022-11-05 15:22:59.438089: [NET] peer(fTiT…qSc) - UAPI: Updating persistent keepalive interval
2022-11-05 15:22:59.438175: [NET] peer(fTiT…qSc) - UAPI: Removing all allowedips
2022-11-05 15:22:59.438303: [NET] peer(fTiT…qSc) - UAPI: Adding allowedip
2022-11-05 15:22:59.438818: [NET] UDP bind has been updated
2022-11-05 15:22:59.438848: [NET] Routine: receive incoming v4 - started
2022-11-05 15:22:59.438881: [NET] Routine: receive incoming v6 - started
2022-11-05 15:22:59.438909: [NET] peer(fTiT…qSc) - Starting
2022-11-05 15:22:59.439099: [NET] Interface state was Down, requested Up, now Up
2022-11-05 15:22:59.439187: [NET] Device started
2022-11-05 15:22:59.439263: [NET] peer(fTiT…qSc) - Routine: sequential receiver - started
2022-11-05 15:22:59.439307: [NET] peer(fTiT…qSc) - Routine: sequential sender - started
2022-11-05 15:22:59.439450: [NET] Tunnel interface is utun3
2022-11-05 15:22:59.440162: [NET] Network change detected with satisfied route and interface order [en0, pdp_ip0]
2022-11-05 15:22:59.440584: [NET] DNS64: mapped xxx.xxx.xxx.xxx to itself.
2022-11-05 15:22:59.440704: [NET] peer(fTiT…qSc) - UAPI: Updating endpoint
2022-11-05 15:22:59.440914: [NET] Routine: receive incoming v4 - stopped
2022-11-05 15:22:59.440962: [NET] Routine: receive incoming v6 - stopped
2022-11-05 15:22:59.441407: [NET] UDP bind has been updated
2022-11-05 15:22:59.441437: [NET] Routine: receive incoming v4 - started
2022-11-05 15:22:59.441469: [NET] Routine: receive incoming v6 - started
2022-11-05 15:22:59.949393: [NET] Network change detected with satisfied route and interface order [en0, utun3, pdp_ip0]
2022-11-05 15:22:59.950074: [NET] DNS64: mapped xxx.xxx.xxx.xxx to itself.
2022-11-05 15:22:59.950390: [NET] peer(fTiT…qSc) - UAPI: Updating endpoint
2022-11-05 15:22:59.950768: [NET] Routine: receive incoming v4 - stopped
2022-11-05 15:22:59.950954: [NET] Routine: receive incoming v6 - stopped
2022-11-05 15:22:59.951485: [NET] UDP bind has been updated
2022-11-05 15:22:59.951505: [NET] Routine: receive incoming v4 - started
2022-11-05 15:22:59.951581: [NET] Routine: receive incoming v6 - started
2022-11-05 15:22:59.969322: [NET] peer(fTiT…qSc) - Sending handshake initiation
2022-11-05 15:23:00.063463: [NET] peer(fTiT…qSc) - Received handshake response
2022-11-05 15:23:15.226385: [NET] peer(fTiT…qSc) - Retrying handshake because we stopped hearing back after 15 seconds
2022-11-05 15:23:15.226767: [NET] peer(fTiT…qSc) - Sending handshake initiation
2022-11-05 15:23:19.863684: [NET] Stopping tunnel
2022-11-05 15:23:19.864322: [NET] Device closing
2022-11-05 15:23:19.864617: [NET] Routine: TUN reader - stopped
2022-11-05 15:23:19.864730: [NET] Routine: event worker - stopped
2022-11-05 15:23:19.864842: [NET] Routine: receive incoming v4 - stopped
2022-11-05 15:23:19.864939: [NET] Routine: receive incoming v6 - stopped
2022-11-05 15:23:19.865193: [NET] peer(fTiT…qSc) - Stopping
2022-11-05 15:23:19.865364: [NET] peer(fTiT…qSc) - Routine: sequential sender - stopped
2022-11-05 15:23:19.865368: [NET] peer(fTiT…qSc) - Routine: sequential receiver - stopped
2022-11-05 15:23:19.865511: [NET] Device closed
2022-11-05 15:23:19.865507: [NET] Routine: decryption worker 2 - stopped
2022-11-05 15:23:19.865557: [NET] Routine: handshake worker 2 - stopped
2022-11-05 15:23:19.865603: [NET] Routine: decryption worker 1 - stopped
2022-11-05 15:23:19.865622: [NET] Routine: handshake worker 4 - stopped
2022-11-05 15:23:19.865627: [NET] Routine: decryption worker 5 - stopped
2022-11-05 15:23:19.865678: [NET] Routine: handshake worker 3 - stopped
2022-11-05 15:23:19.865686: [NET] Routine: decryption worker 3 - stopped
2022-11-05 15:23:19.865748: [NET] Routine: handshake worker 5 - stopped
2022-11-05 15:23:19.865807: [NET] Routine: handshake worker 1 - stopped
2022-11-05 15:23:19.865803: [NET] Routine: decryption worker 4 - stopped
2022-11-05 15:23:19.865814: [NET] Routine: decryption worker 6 - stopped
2022-11-05 15:23:19.865826: [NET] Routine: handshake worker 6 - stopped
2022-11-05 15:23:19.866057: [NET] Routine: encryption worker 5 - stopped
2022-11-05 15:23:19.866072: [NET] Routine: encryption worker 4 - stopped
2022-11-05 15:23:19.866079: [NET] Routine: encryption worker 2 - stopped
2022-11-05 15:23:19.866107: [NET] Routine: encryption worker 3 - stopped
2022-11-05 15:23:19.866135: [NET] Routine: encryption worker 6 - stopped
2022-11-05 15:23:19.866141: [NET] Routine: encryption worker 1 - stopped

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#6 2022-11-06 10:52:17

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

Other ports to try might be 21, 22, 143
If it doesn't work, you might be able to use pseudo-tcp with e.g. phantun
Otherwise you might need a real tunnel like udptunnel
In that case it might be better to just replace wireguard with openvpn over tcp or maybe some of the available tls/websocket tunnels like wstunnel or wsvpn could be used.

Last edited by progandy (2022-11-06 11:16:44)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#7 2022-11-06 12:33:09

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

So on the list to try:
21, 22, 53, 143, 443

Wondering about potential risks of opening up these ports on the router.  WireGuard is silently runs on whatever port, so a hacking risk should be minimized.  Would running and opening 53 or 443 offer any breakage/risk?


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#8 2022-11-07 19:53:56

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: Hotel WiFi blocking WG connections, suggestions for ports? [SOLVED]

An update - turns out that the network wasn't blocking connections, but was blocking the initial handshake.  This strategy works to prevent new connections but it does nothing to stop an existing connection.  Therefore, connect to the WG peer before joining such a network to enjoy the encrypted tunnel.  I updated the wiki with this helpful tip.

Last edited by graysky (2023-12-17 14:58:06)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

Board footer

Powered by FluxBB