Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wireguard + WStunnel - Same Network Reverse Proxy'd Websites Overridden SSL #398

Open
Maddox-Werts opened this issue Jan 21, 2025 · 0 comments
Open

Wireguard + WStunnel - Same Network Reverse Proxy'd Websites Overridden SSL #398

Maddox-Werts opened this issue Jan 21, 2025 · 0 comments
Labels
bug

Comments

@Maddox-Werts
Copy link

Describe the bug

Hey! I use WStunnel + Wireguard in order to access my services & other websites on a corporate owned network. Whenever I visit a site that I host via a reverse proxy when I am connected with WStunnel + Wireguard, it tends to not use a SSL cert, and instead gets overridden with a certification from my corporate network. This only effects websites that are hosted from the same network that I am accessing with a VPN, and it only effects websites that are hosted with a Reverse Proxy.

To Reproduce

Host a WStunnel + Wireguard server that restricts all connections to the Wireguard server. WStunnel is not hidden behind a Reverse Proxy.

Expected behavior

Connected to websites hosted via reverse proxy on the same network to connect normally with SSL Certs from Reverse Proxy (LetsEncrypt)

Your wstunnel setup

Client

Client server is run through a script provided at Wireguard over WSS

Server

2025-01-21T15:55:45.346621Z  INFO cnx{peer="[REDACTED]:29242"}:tunnel{id="REDACTED" remote="[REDACTED] (Wstunnel Server):51820"}: wstunnel::tunnel::server::server: Tunnel accepted due to matched restriction: Allow All
2025-01-21T15:55:45.346642Z  INFO cnx{peer="[REDACTED]:29242"}:tunnel{id="REDACTED" remote="[REDACTED] (Wstunnel Server):51820"}: wstunnel::protocols::udp::server: Opening UDP connection to [REDACTED] (Wstunnel Server):51820
2025-01-21T15:55:45.346717Z  INFO cnx{peer="[REDACTED]:29242"}:tunnel{id="REDACTED" remote="[REDACTED] (Wstunnel Server):51820"}: wstunnel::tunnel::server::server: connected to Udp { timeout: Some(30s) } [REDACTED] (Wstunnel Server):51820
2025-01-21T15:56:20.109700Z  INFO cnx{peer="[REDACTED]:20106"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T15:56:20.110006Z  INFO cnx{peer="[REDACTED]:20106"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T15:56:20.110187Z ERROR cnx{peer="[REDACTED]:20106"}: wstunnel::tunnel::server::server: error while accepting TLS connection received corrupt message of type InvalidContentType
2025-01-21T15:56:20.248623Z  INFO cnx{peer="[REDACTED]:49296"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T15:56:20.248862Z  INFO cnx{peer="[REDACTED]:49296"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T15:56:20.249049Z ERROR cnx{peer="[REDACTED]:49296"}: wstunnel::tunnel::server::server: error while accepting TLS connection received corrupt message of type InvalidContentType
2025-01-21T15:58:34.314013Z  INFO cnx{peer="[REDACTED]:4016"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T15:58:34.314085Z  INFO cnx{peer="[REDACTED]:4016"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T15:58:34.314196Z ERROR cnx{peer="[REDACTED]:4016"}: wstunnel::tunnel::server::server: error while accepting TLS connection received corrupt message of type InvalidContentType
2025-01-21T15:58:34.437837Z  INFO cnx{peer="[REDACTED]:34220"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T15:58:34.437883Z  INFO cnx{peer="[REDACTED]:34220"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T15:58:34.437960Z ERROR cnx{peer="[REDACTED]:34220"}: wstunnel::tunnel::server::server: error while accepting TLS connection received corrupt message of type InvalidContentType
2025-01-21T15:59:59.493463Z  INFO cnx{peer="[REDACTED:57612"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T15:59:59.493565Z  INFO cnx{peer="[REDACTED:57612"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:00:01.504712Z  WARN cnx{peer="[REDACTED:57612"}:tunnel: wstunnel::tunnel::server::handler_websocket: Rejecting connection with bad upgrade request: /
2025-01-21T16:00:02.213773Z  INFO cnx{peer="[REDACTED:57620"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T16:00:02.213871Z  INFO cnx{peer="[REDACTED:57620"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:00:04.246790Z ERROR cnx{peer="[REDACTED:57620"}: wstunnel::tunnel::server::server: Error while upgrading cnx to http: hyper::Error(Io, Kind(ConnectionReset))
2025-01-21T16:00:06.745536Z  INFO cnx{peer="[REDACTED:57642"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T16:00:06.745604Z  INFO cnx{peer="[REDACTED:57642"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:00:14.078842Z  INFO cnx{peer="[REDACTED:37990"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T16:00:14.078916Z  INFO cnx{peer="[REDACTED:37990"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:00:14.443957Z ERROR cnx{peer="[REDACTED:37990"}: wstunnel::tunnel::server::server: error while accepting TLS connection peer is incompatible: SignatureAlgorithmsExtensionRequired
2025-01-21T16:00:16.488331Z  INFO cnx{peer="[REDACTED:37996"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T16:00:16.488397Z  INFO cnx{peer="[REDACTED:37996"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:00:16.968615Z ERROR cnx{peer="[REDACTED:37996"}: wstunnel::tunnel::server::server: error while accepting TLS connection peer is incompatible: SignatureAlgorithmsExtensionRequired
2025-01-21T16:00:19.118305Z  INFO cnx{peer="[REDACTED:36226"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T16:00:19.118398Z  INFO cnx{peer="[REDACTED:36226"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:00:19.948921Z ERROR cnx{peer="[REDACTED:36226"}: wstunnel::tunnel::server::server: error while accepting TLS connection peer is incompatible: SignatureAlgorithmsExtensionRequired
2025-01-21T16:03:33.916283Z  INFO cnx{peer="[REDACTED]:33442"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T16:03:33.916396Z  INFO cnx{peer="[REDACTED]:33442"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:03:37.164833Z  WARN cnx{peer="[REDACTED]:33442"}:tunnel: wstunnel::tunnel::server::handler_websocket: Rejecting connection with bad upgrade request: /appGet.cgi?hook=get_cfg_clientlist()
2025-01-21T16:04:13.989530Z  INFO cnx{peer="[REDACTED]:54920"}: wstunnel::tunnel::server::server: Accepting connection
2025-01-21T16:04:13.989608Z  INFO cnx{peer="[REDACTED]:54920"}: wstunnel::tunnel::server::server: Doing TLS handshake
2025-01-21T16:04:14.198201Z  WARN cnx{peer="[REDACTED]:54920"}:tunnel: wstunnel::tunnel::server::handler_websocket: Rejecting connection with bad upgrade request: /SETTINGS.CFG

Desktop (please complete the following information):

  • OS: Arch Linux
  • Version: Latest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Maddox-Werts