I want to set up Wireguard obfuscation through Shadowsocks because WG stopped working due to ISPs in my country starting to block Wireguard and OpenVPN connections to foreign servers.
I've tried to set it up following this guide, but it doesn't work for me probably because the author uses unmaintained -libev version and I'm using -rust version, so maybe there are mistakes in my adaptation of it's configs.
Here are my configs
VPS
Wireguard
[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 60207
PrivateKey = <key>
PostUp = iptables -I INPUT -p udp --dport 60207 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp --dport 60207 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <key>
PresharedKey = <key>
AllowedIPs = 10.66.66.66/32,fd42:42:42::66/128
Shadowsocks
{
"servers": [
{
"server":"0.0.0.0",
"server_port":8388,
"password":<password>,
"timeout":300,
"method":"chacha20-ietf-poly1305",
"mode": "tcp_and_udp"
}
]
}
Logs
When I enable Wireguard on my local machine I can see traffic logs on the local side (see below), but nothing on the server side.
INFO [82651:139628357638784] [shadowsocks_service::server::tcprelay] shadowsocks tcp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
INFO [82651:139628357638784] [shadowsocks_service::server::udprelay] shadowsocks udp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
TRACE [82651:139628357638784] [shadowsocks_service::server::udprelay] udp server starting extra 1 recv workers
Local
Wireguard
[Interface]
PrivateKey = <key>
Address = 10.66.66.66/32,fd42:42:42::66/128
DNS = 10.66.66.10,1.1.1.1,1.0.0.1
[Peer]
PublicKey = <key>
PresharedKey = <key>
Endpoint = 127.0.0.1:1081
AllowedIPs = 0.0.0.0/0,::/0
Shadowsocks
{
"servers": [
{
"server":<VPS IP>,
"server_port":8388,
"method":"chacha20-ietf-poly1305",
"password":<password>,
"timeout":300
}
],
"locals": [
{
"protocol": "tunnel",
"local_address": "127.0.0.1",
"local_port":1081,
"mode":"udp_only",
"forward_address":<VPS IP>,
"forward_port":60207
},
{
"local_address": "127.0.0.1",
"local_port":1080
}
]
}
(Default proxy connection by 1080 port without Wireguard works fine)
Logs
When I enable Wireguard on my local machine, there is some traffic going on, but I can't reach any external website or addresses inside the Wireguard network.
TRACE [43072:131681119897280] [shadowsocks_service::local::net::udp::association] udp relay 127.0.0.1:25098 -> <VPS IP>:60207 (proxied) with 148 bytes
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::aead] UDP packet generated aead salt b"\x82\xa4\xc0\x8b\xc6\xb1|}^\x1ds\xb0\xd5K\x17C\x17\xa2\xcdoz^\xd9\xc0g\xb0\xe7\x9a\x07\x9abB"
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::proxy_socket] UDP server client send to <VPS IP>:60207, control: UdpSocketControlData { client_session_id: 14887344535427807600, server_session_id: 0, packet_id: 2, user: None }, payload length 148 bytes, packet length 203 bytes
TRACE [43072:131681119897280] [shadowsocks_service::local::net::udp::association] udp relay 127.0.0.1:25098 -> <VPS IP>:60207 (proxied) with 148 bytes
TRACE [43072:131681119897280] [shadowsocks::relay::udprelay::aead] UDP packet generated aead salt b"\xd3\xdd\xfa\xff\xcc\xee$\x0c\x17v=\xfc\x15 \xf9\xf7\xa2\xa6\xaa\xab\xc7p\xf3\x7f4B!\xaa&vJ\x87"
Did I make a mistake in the configs or what could be the problem?
