udptunnel icon indicating copy to clipboard operation
udptunnel copied to clipboard

Published 20 hours ago verified publisher icon dsnet

"AllowedPorts": [1:65535],

Open GANHONG1995 opened this issue 5 years ago • 6 comments

how can i Allowe Ports 1................65535? thanks

GANHONG1995 avatar Feb 19 '19 20:02 GANHONG1995

and udp same?

GANHONG1995 avatar Feb 19 '19 20:02 GANHONG1995 

From: Arnie97 <[email protected]>
Date: Sat, 13 Jun 2020 15:51:28 +0800
Subject: [PATCH] allow all ports

---
 filter.go | 37 +------------------------------------
 1 file changed, 1 insertion(+), 36 deletions(-)

diff --git a/filter.go b/filter.go
index 6b54746..0cf4995 100644
--- a/filter.go
+++ b/filter.go
@@ -105,40 +105,5 @@ func (sf *portFilter) Filter(b []byte, d direction) (drop bool) {
 	if ip.Version() != 4 {
 		return true // No support for tunneling IPv6
 	}
+	return false
-	if ip.Protocol() != tcp && ip.Protocol() != udp {
-		return ip.Protocol() != icmp // Always allow ping
-	}
-	src, dst := transportPacket(ip.Body()).Ports()
-	if sf.ports[src] && sf.ports[dst] {
-		return false
-	}
-	switch d {
-	case outbound:
-		if sf.ports[src] && dst > 0 {
-			// Check whether the destination port is somewhere we have received
-			// an inbound packet from.
-			ts := atomic.LoadUint64(&sf.inMap[dst])
-			return timeNow()-ts >= expireTimeout
-		}
-		if sf.ports[dst] && src > 0 {
-			// Allowed outbound packet, remember the source port so that inbound
-			// traffic is allowed to hit that destination port.
-			atomic.StoreUint64(&sf.outMap[src], timeNow())
-			return false
-		}
-	case inbound:
-		if sf.ports[src] && dst > 0 {
-			// Check whether the destination port is somewhere we have sent
-			// an outbound packet to.
-			ts := atomic.LoadUint64(&sf.outMap[dst])
-			return timeNow()-ts >= expireTimeout
-		}
-		if sf.ports[dst] && src > 0 {
-			// Allowed inbound packet, remember the source port so that outbound
-			// traffic is allowed to hit that destination port.
-			atomic.StoreUint64(&sf.inMap[src], timeNow())
-			return false
-		}
-	}
-	return true
 }

Arnie97 avatar Jun 13 '20 07:06 Arnie97

@Arnie97 this helped me out two years later. Thank you very much!

For anyone (or me) looking at this in the future: Compile the patched version on both sides. Keep the AllowedPorts string on the config, it doesn't matter what port to specify.

Why need this? We need access to all the ports if we're routing internet via the tunnel.

arinc9 avatar Apr 18 '22 08:04 arinc9

I recommend checking out https://tailscale.com/. It's free for personal users and does what this project does, but much better and with far more features.

dsnet avatar Apr 19 '22 04:04 dsnet

Does tailscale use wg(8) to configure the tunnel interfaces? I want to run it on a network where the UDP packets including the WireGuard header, which the header is constructed by wg(8), are blocked.

This is why I currently use your project here.

arinc9 avatar Apr 19 '22 09:04 arinc9

heh this seems to break for me slightly - connections just drop every n minutes or so. Doesn't happen if I just specify a big array of ports allowed (but that's not practical and sometimes a "bad one" gets hit)

hmmmmm

LindaFerum avatar Aug 01 '23 13:08 LindaFerum