Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Connections over Wireguard being rejected by some firewalls
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Connections over Wireguard being rejected by some firewalls

YKMYKM Member

We use some wireguard VPN's to ensure we get the same IP, but we are seeing some firewalls blocking the connection, most are fine but some sites just won't allow traffic over a wireguard connection.

We think its down to firewalls that do packet inspection.

We could use socks5 and test this and its fine, but we don't want to configure the end client for a proxy, and I cant see that you can route all traffic out via a socks5 server?

Its not the end of the world, but its annoying for sure, any thoughts?

Comments

  • I run my wireguard on port 53, try that since firewall have to allow port 53 for DNS lookup.

  • Are you talking about firewalls preventing client from connecting to the server? Or simply when visiting some website, they detect you're on a VPN and don't allow access (e.g. Netflix region block)?

  • YKMYKM Member

    @TimboJones

    When the visit some website, connects to vpn fine but some sites don’t work

    @serveradministrator

    Nice idea, I’ll try moving to 53 and see what happens.

  • @YKM said:
    @TimboJones

    When the visit some website, connects to vpn fine but some sites don’t work

    All VPN's have overhead and cause the maximum size packet to be smaller than most everyone else. They detect this and it's intentional.

    But you're confusing, is your problem websites or all traffic? You're getting too sketchy.

    @serveradministrator

    Nice idea, I’ll try moving to 53 and see what happens.

    That won't make a difference, the person thought your Wireguard client was being blocked from connecting to the wireguard server.

  • YKMYKM Member

    @TimboJones

    You were right, 53 udp didn't work :)

    Ill try and be clearer:

    end user PC > WG VPN > http://website

    This generally works for most websites, some websites just don't work, its not DNS and I can't even telnet to port 80, so we think its packet inspection. If I turn off WG then it works fine.

    Hope thats clearer

  • sergsergiusergsergiu Member
    edited March 2021

    Check your MTU settings (client side), and try to lower it , .. i had same issue and i think was only issue of wireguard for me but is a little bit ugly.. was needed to change MTU to get fullspeed and some MTUs not working with specific https:// sites :) for best speed my correct MTU was 1360 on both sides.

  • YKMYKM Member

    @sergsergiu ahh ok I will try that thanks

  • @YKM said:
    @TimboJones

    You were right, 53 udp didn't work :)

    Ill try and be clearer:

    end user PC > WG VPN > http://website

    This generally works for most websites, some websites just don't work, its not DNS and I can't even telnet to port 80, so we think its packet inspection. If I turn off WG then it works fine.

    Hope thats clearer

    Also use same DNS server on the wireguard server as your client not connected to wireguard works with.

  • YKMYKM Member

    @TimboJones Thanks, going to be testing that too.

Sign In or Register to comment.