0

I'm using a socket program (in C) to send a UDP packet from a wireguard client to the server. I use the socket sendto() method to send the packet. At the server end I capture the packet using another server program (in C & pcap).    As I need to send the packet through the wireguard VPN tunnel,  In my client socket program, I have used the wireguard VPN tunnel IP address and ports as the ip address and port for the socket program as follows.

Server IP - 10. 6. 0. 1
Server port - 51820 

My server and the client configuration details are as follows:

Client end wg0.conf file

[Interface]
PrivateKey = <client’s private key>
Address = 10.6.0.2/24

PostUp = ip rule add table 200 from 192.168.30.211
PostUp = ip route add table 200 default via 192.168.30.1
PreDown = ip rule delete table 200 from 192.168.30.211
PreDown = ip route delete table 200 default via 192.168.30.1

[Peer]
PublicKey =  servers’s public key
AllowedIPs = 10.6.0.1/24
Endpoint = 192.168.30.209:51820

Server wg0.conf

[Interface]
PrivateKey = <server’s private key>
Address = 10.6.0.1/24
ListenPort = 51820
SaveConfig = true
PostUp = ufw route allow in on wg0 out on ens192
PostUp = iptables -t nat -I POSTROUTING -o ens192 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on ens192
PreDown = iptables -t nat -D POSTROUTING -o ens192 -j MASQUERADE

[Peer]
PublicKey = clients’s private key
AllowedIPs = 10.6.0.2/24

When I’m sending the packets from the client, by using wireshark I listen to the wireguard wg0 interface. I can see the packets are  moving through the wg0 tunnel on the client side and on the server, I receive the packets. However, the main problem is, I think these packets are not encrypted (raw data is displayed). In both client and server captured packets in wireshark, I can read the data portion of the packet.  Also the protocol is displayed as UDP (not wireguard).

Even though my packets are sent through the tunnel, they are not encrypted. What is the reason for this? 

Is there any fireguard library that can be used to send packets? I tried to use this single file C library https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library , but the wireguard.h is not providing any methods to send packets. Any possible solutions?

Sanka Don
  • 11
  • 1
  • Off-topic here since not about programming but instead about networking. Anyway, the wg0 is the tunnel device - everything you put in gets encrypted and everything which comes out got decrypted. So of course you see the unencrypted data when watching this device. To see the encrypted traffic you need to watch the device which gets actually used to transmit the (encrypted) data, i.e. something like eth0, wlan0 etc – Steffen Ullrich Jul 31 '23 at 17:29
  • Thank you very much for your answer. Now I listned to the traffic from "any" in wireshark. But still have the same problem. Data in not encrypted and protocol shows as UDP. – Sanka Don Jul 31 '23 at 18:23
  • `any` means exactly this. It includes all interfaces, including wg0. Therefore you will still see the unencrypted packets. – Steffen Ullrich Jul 31 '23 at 18:39
  • Now I listened with ens192 and now i can see the encrypted packets. Thanks. – Sanka Don Aug 01 '23 at 13:20
  • @SteffenUllrich when im listening in ens192, i see each time the same packet transferred twice from the client to server (at the same time). Any reason? – Sanka Don Aug 04 '23 at 04:43
  • This is a) a different question b) missing details and and c) still not on-topic here. I recommend that you ask such question with enough details on superuser.com, instead in a comment to an off-topic question at SO. – Steffen Ullrich Aug 04 '23 at 04:46

0 Answers0