wangyu-
udp2raw will fail when it is started for the first time with the alpine system, prompting "bind port fail".
The operating system Alpine 3.21 is installed in the CT container of pve 8. udp2raw and wireguard are installed in this alpine and used as clients. When the Alpine system starts, wireguard will start with it. udp2raw is set up through PreUp. Wireguard starts successfully, but udp2raw fails to start, and the log prompts "bind port fail". But when wireguard is restarted later, udp2raw will start successfully.
Two udp2raw versions were tested, one is the last amd64 release version, and the other is the latest compiled version. Both have this problem.
The information of these two versions is as follows:
udp2raw-tunnel
git version:e5ecd33ec4 build date:Feb 7 2023 08:24:31
udp2raw-tunnel
git version:4623f878e0 build date:Jan 16 2025 03:08:35
The wireguard configuration is as follows:
[Interface]
Address = 10.10.0.2
PrivateKey = <Private key>
ListenPort = 51820
MTU = 1200
PreUp = udp2raw --conf-file /etc/wireguard/udp2raw_client.conf >/var/log/udp2raw.log 2>&1 &
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = pkill -f "udp2raw.*--conf-file.*"
[Peer]
PublicKey = <Public key>
PresharedKey = <PresharedKey>
Endpoint = [::1]:3333
AllowedIPs = 10.10.0.1/32
The udp2raw configuration is as follows:
-c
-l [::1]:3333
-r [The server IPv6 address]:4096
-k passwd
--raw-mode faketcp
-a
--log-level 4
The udp2raw log is as follows:
[32m[2025-01-16 03:16:14][INFO]argc=13 [0m[32mudp2raw [0m[32m-c [0m[32m-l [0m[32m[::1]:3333 [0m[32m-r [0m[32m[The server IPv6 address]:4096 [0m[32m-k [0m[32mpasswd [0m[32m--raw-mode [0m[32mfaketcp [0m[32m-a [0m[32m--log-level [0m[32m4 [0m[32m
[0m[32m[2025-01-16 03:16:14][INFO]parsing address: [::1]:3333
[0m[32m[2025-01-16 03:16:14][INFO]its an ipv6 adress
[0m[32m[2025-01-16 03:16:14][INFO]ip_address is {::1}, port is {3333}
[0m[32m[2025-01-16 03:16:14][INFO]parsing address: [The server IPv6 address]:4096
[0m[32m[2025-01-16 03:16:14][INFO]its an ipv6 adress
[0m[32m[2025-01-16 03:16:14][INFO]ip_address is {The server IPv6 address}, port is {4096}
[0m[32m[2025-01-16 03:16:14][INFO]important variables: [0m[32mlog_level=4:INFO [0m[32mraw_mode=faketcp [0m[32mcipher_mode=aes128cbc [0m[32mauth_mode=md5 [0m[32mkey=passwd [0m[32mlocal_addr=[::1]:3333 [0m[32mremote_addr=[The server IPv6 address]:4096 [0m[32msocket_buf_size=1048576 [0m[32m
[0m[33m[2025-01-16 03:16:14][WARN]you can run udp2raw with non-root account for better security. check README.md in repo for more info.
[0m[32m[2025-01-16 03:16:14][INFO]remote_ip=[The server IPv6 address], make sure this is a vaild IP address
[0m[32m[2025-01-16 03:16:14][INFO]const_id:f58463af
[0m[32m[2025-01-16 03:16:14][INFO]run_command ip6tables -N udp2rawDwrW_f58463af_C0
[0m[32m[2025-01-16 03:16:14][INFO]run_command ip6tables -F udp2rawDwrW_f58463af_C0
[0m[32m[2025-01-16 03:16:14][INFO]run_command ip6tables -I udp2rawDwrW_f58463af_C0 -j DROP
[0m[32m[2025-01-16 03:16:14][INFO]run_command ip6tables -I INPUT -s The server IPv6 address -p tcp -m tcp --sport 4096 -j udp2rawDwrW_f58463af_C0
[0m[33m[2025-01-16 03:16:14][WARN]auto added iptables rules
[0m[32m[2025-01-16 03:16:14][INFO]source_addr is now fe80::1
[0m[31m[2025-01-16 03:16:14][FATAL]bind port fail
[0m[0m
[32m[2025-01-16 03:16:14][INFO]run_command ip6tables -D INPUT -s The server IPv6 address -p tcp -m tcp --sport 4096 -j udp2rawDwrW_f58463af_C0
[0m[32m[2025-01-16 03:16:14][INFO]run_command ip6tables -F udp2rawDwrW_f58463af_C0
[0m[32m[2025-01-16 03:16:14][INFO]run_command ip6tables -X udp2rawDwrW_f58463af_C0
[0m
I am not a professional, so I don't understand the reason for the above problem.
My current solution is to use a script to delay the start of wireguard by 10 seconds to ensure that udp2raw can start successfully. But I still hope that the problem can be solved fundamentally.
