Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Internet access does not work (abuse prevention) #158

Open
showstoppre opened this issue Mar 3, 2022 · 100 comments
Open

Internet access does not work (abuse prevention) #158

showstoppre opened this issue Mar 3, 2022 · 100 comments
Labels
bug Something isn't working

Comments

@showstoppre
Copy link

showstoppre commented Mar 3, 2022

0 B received. Handshake did not get completed.

I thought it could be account issue. Registered a new account from a VPN and tried connecting with the new config.

Still same.


Edit from maintainer:

Just to give some organization to all the "internet does not work" reports. There are two known cases when this may happen:

  1. If the WireGuard tunnel works on your other computer/phone, but not on this one, then it's likely an issue with your system configuration. It's generally not something I can help with, as wgcf is only responsible for providing you with a WireGuard profile, but leaving this issue open for people to share their experiences and solutions. This is tracked in Internet access does not work (system issue) #50.
  2. If the WireGuard tunnel does not work on any of your devices, but the official client does, then this is likely an issue with your region being restricted due to abuse prevention. There is no solution to this problem, maybe hope that people stop abusing the service so the regions are unlocked. Use the official client in this case. This is tracked in Internet access does not work (abuse prevention) #158.
@ViRb3
Copy link
Owner

ViRb3 commented Mar 3, 2022

See #50.

@ViRb3 ViRb3 closed this as completed Mar 3, 2022
@showstoppre
Copy link
Author

Thanks for the swift response. I checked there before posting this. I'm on windows. I don't think whatever I'm facing is related to that thread.

It was working fine until an hour back and never had an issue since I started using this for about 2 months.

@ViRb3
Copy link
Owner

ViRb3 commented Mar 3, 2022

My general response would be to test this on a fresh Ubuntu 21.10 installation and see if it works there. If not, it's definitely an issue with your Windows installation. Otherwise, could be a ton of different things that guessing would be impossible. FWIW, everything works fine here on macOS and Ubuntu.

@showstoppre
Copy link
Author

got ya. thanks. I'll check it out. But it is weird that it was working fine until an hour back.

So I don't think it is a windows issue.

@AdroitAdorKhan
Copy link

I am facing the same issue here. It suddenly stopped working an hour or two ago.

@Juancollado2003
Copy link

wgcf suddenly stopped working today all over, it's not windows fault, looks like cloudflare banned it

@showstoppre
Copy link
Author

@AdroitAdorKhan @Juancollado2003 are you guys on windows too?

@ViRb3 ViRb3 reopened this Mar 3, 2022
@ViRb3
Copy link
Owner

ViRb3 commented Mar 3, 2022

I can confirm the issue, just started happening to me on macOS too. Will try to investigate soon.

@ViRb3 ViRb3 added the bug Something isn't working label Mar 3, 2022
@AdroitAdorKhan
Copy link

AdroitAdorKhan commented Mar 3, 2022

@AdroitAdorKhan @Juancollado2003 are you guys on windows too?

Windows 10, Debian 11, Android 11 & RouterOS 7.x. Confirmed, not working anywhere since last 2 hours (maybe).

@AdroitAdorKhan
Copy link

I can confirm the issue, just started happening to me on macOS too. Will try to investigate soon.

Could be CF changed host address or port?

@showstoppre
Copy link
Author

showstoppre commented Mar 3, 2022

I'm not sure if this is anyway related.

Cloudwarp windows client works fine for me. So I tried capturing traffic using wireshark to see if there is any difference in packets.

What caught my eye was, there is a field called wg.reserved which has value b91981 in all "wireguard protocol" traffic via warp client.

For the traffic via wireguard client, this value is 000000

@showstoppre
Copy link
Author

I can confirm the issue, just started happening to me on macOS too. Will try to investigate soon.

Could be CF changed host address or port?

Port seems to be the same. Native warp client uses a different IP. I tried with that as well. But it didn't help

@ViRb3 ViRb3 pinned this issue Mar 3, 2022
@ViRb3 ViRb3 changed the title warp tunnel in wireguard suddenly stopped working. is it just me? warp tunnel in wireguard suddenly stopped working Mar 3, 2022
@beygolu
Copy link

beygolu commented Mar 3, 2022

Many people are having the same problem, I hope it gets resolved.

@PussAzuki
Copy link

I also encountered this problem, and I noticed that I could get a response from the end of the 6in4 tunnel, but warp showed that all the services that depended on it offline were down.

I thought the 6in4 tunnel of HE was broken. I tried to dial again many times and checked the server status page of HE. I noticed that I could get from the opposite end of the 6in4 tunnel. Everything was fine when I only used 6in4.

@icsterm
Copy link

icsterm commented Mar 3, 2022

This is weird, I'm using WARP on a Mikrotik router, stopped working 3-4 hours ago.
So this is not OS related, it must be server related.
Basically i get no RX packets and no handshakes.

@ViRb3
Copy link
Owner

ViRb3 commented Mar 3, 2022

I have just received an unofficial response from Cloudflare. Indeed, unofficial clients like WireGuard are blocked server-side due to huge amount of abuse. Exactly what form of abuse I do not know. However, the block is expected to be lifted later today, and I am working with them on a long-term solution. For now though:

⚠️ Please do not use wgcf to abuse Cloudflare WARP. If wgcf allows you to do something different from using WARP on unsupported devices, please stop. Doing so will get all of us banned permanently.

@showstoppre
Copy link
Author

The block seems to have been lifted. It's working for me.

@ViRb3
Copy link
Owner

ViRb3 commented Mar 3, 2022

I can confirm it works here too. Leaving this issue for visibility, though.

@gvccvwangmingn2
Copy link

prepare for the worst, use the warp-cli for linux or official clients for windows/macos.

since the beginning cloudflare never supports unofficial clients or use own wg config for WARP, so don't cry if they block it again...

@ghost
Copy link

ghost commented Mar 4, 2022

First time trying out wgcf but I have no internet. No idea if it's my setup or it's being block again.

Get "https://api.cloudflareclient.com/v0a1922/reg/aa72d4c8-f9b6-41ba-849f-667451dfec47": dial tcp: lookup api.cloudflareclient.com on [::1]:53: read udp [::1]:35982->[::1]:53: read: connection refused

Using Fedora Silverblue with nmcli

@theSaSo
Copy link

theSaSo commented Mar 4, 2022

Mine on Windows doesn't work either. Perhaps the block was re-initiated.

@Fearyncess
Copy link

ipv6 endpoint seems be removed?

@Bleestones
Copy link

Now, it is working!
image

@lehoangnb
Copy link

Now, it is working! image

Hi, did you change anything?? still doesn't work for me

@zengxs
Copy link

zengxs commented Mar 5, 2022

Now, it is working! image

Hi, did you change anything?? still doesn't work for me

It seems to be region related, I tested Tokyo's network already works, but Hong Kong's still doesn't.

@bachvnnvn
Copy link

bachvnnvn commented Aug 12, 2022

2606:4700:d0::a29f:c102

Sorry, still doesn't work. Yes, let me try Android Studio.
Thank you!

here is the tutorial link https://parkercs.tech/cloudflare-for-teams-wireguard-config/

I got the file, but the private key seems to be encrypted. Could you please tell me how to decrypt it?

string name="warp_private_key">XXXXXXXXXXXXXXXXXXXXX ]+yGW5Y6BignXXR3uZDB2MaM/pzj0Y0YThYezBYqGY84CQC/TUKHJ4bXDF8m3wL4VkP6qkVG3W2b3 y/5n

@PeakGymnast
Copy link

PeakGymnast commented Aug 12, 2022

name="warp_private_key">XXXXXXXXXXXXXXXXXXXXX ]+yGW5Y6BignXXR3uZDB2MaM/pzj0Y0YThYezBYqGY84CQC/TUKHJ4bXDF8m3wL4VkP6qkVG3W2b3 y/5n

There is no way to decrypt private key unless using old android system version and specific device definition. That's the reason why I put the tutorial link

@bachvnnvn
Copy link

name="warp_private_key">XXXXXXXXXXXXXXXXXXXXX
]+yGW5Y6BignXXR3uZDB2MaM/pzj0Y0YThYezBYqGY84CQC/TUKHJ4bXDF8m3wL4VkP6qkVG3W2b3
y/5n

There is no way to decrypt private key unless using old android system version and specific device definition. That's the reason why I put the tutorial link

Yes, I could get the decrypted value with the old android version.
Thank you very much for that!

But I still cannot connect, it shows "Failed to send handshake initiation" (from Wireguard android).

I used the below endpoint:

endpoint":{"v4":"162.159.192.8**:0**","v6":"[2606:4700:d0::a29f:c008**]:0**"}}]

I can see the port there is :0 and the config file also has the below value:

&quot;services&quot;:{&quot;http_proxy&quot;:&quot;172.16.0.1:2480&quot;}}</string>

So looks like it doesn't use the port 2408 directly but forward to the proxy 172.16.0.1:2480

@PeakGymnast
Copy link

PeakGymnast commented Aug 12, 2022

But I still cannot connect, it shows "Failed to send handshake initiation" (from Wireguard android).

So you are running this config file on Android?
If you are running on Android,you need to change your AllowedIPs to 0.0.0.0/1, ::/1. Therefore, you said that your endpoint port was an invalid value of zero which means that you are wrong to get your config. you should let official warp app connet vpn successfully or using global proxy in order to connect cloudflare warp, then pull the config file

endpoint":{"v4":"162.159.192.8**:0**","v6":"[2606:4700:d0::a29f:c008**]:0**"}}]

I do not know exactly what to do and how to fix. As far as i conclude, your ISP may block UDP Protocol or connection redirects to re-routed server.

This program has continued a period of time for me, i used to suffer the same issue when using ipv4 on pc and mobile phone. But when i intend to run ipv6 ,it works for me even cellular network in China where it widely known that censorship and firewall block

My config 👇👇👇👇

[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxx
Address = 172.16.0.2/32, fd01:5ca1:ab1e:8375:d934:d463:b549:855b/128
DNS = 1.1.1.1,2606:4700:4700::1111
MTU = 1280

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/1, ::/1
Endpoint = [2606:4700:100::a29f:c104]:2408
PersistentKeepalive = 25

@bachvnnvn
Copy link

::/1

Sorry, it still doesn't work for me.
I decided to give it up.

Anyway, thank you very much for your great help!

@n-buna404
Copy link

Without changing any configuration, it just suddenly works. Warp connected me AMS colo instead of HKG.
Hope that's the end of the issue

@dongle-the-gadget
Copy link

dongle-the-gadget commented Oct 11, 2022 via email

@ViRb3 ViRb3 changed the title warp tunnel in wireguard suddenly stopped working Internet access does not work (abuse prevention) Nov 9, 2022
@ViRb3
Copy link
Owner

ViRb3 commented Nov 9, 2022

Just to give some organization to all the "internet does not work" reports. There are two known cases when this may happen:

  1. If the WireGuard tunnel works on your other computer/phone, but not on this one, then it's likely an issue with your system configuration. It's generally not something I can help with, as wgcf is only responsible for providing you with a WireGuard profile, but leaving this issue open for people to share their experiences and solutions. This is tracked in Internet access does not work (system issue) #50.
  2. If the WireGuard tunnel does not work on any of your devices, but the official client does, then this is likely an issue with your region being restricted due to abuse prevention. There is no solution to this problem, maybe hope that people stop abusing the service so the regions are unlocked. Use the official client in this case. This is tracked in Internet access does not work (abuse prevention) #158.

@01101sam
Copy link

01101sam commented Nov 9, 2022

Update: There's a project that re-written the whole ptorocol in Go, but it's half-sourced (core part, most were open-sourced).
I've the source code and after audit it's safe to use.
Project link here

Edit: This is also an unofficial client, use at your risk.

@dongle-the-gadget
Copy link

Looks like the HKG server once again went dark.

@dongle-the-gadget
Copy link

dongle-the-gadget commented Nov 11, 2022 via email

@worstperson
Copy link

What’s the affected colocation, and how did they abuse it?

DFW reroute to LAX afaict, with absolutely insane ~2TB monthly usage mostly through legit video services. But he hasn't had to reconnect his tunnel yet and reports working service for now.

@ihipop
Copy link

ihipop commented Dec 2, 2022

I'm not using a HK server but I still have this issue
My server location is: United States California Los Angeles

@4oct
Copy link

4oct commented Dec 12, 2022

endpoint 162.159.193.5:2408 repair my WG connection

@onlyreportingissues
Copy link

onlyreportingissues commented Mar 18, 2023

endpoint 162.159.193.5:2408 repair my WG connection

Very nice, works fine with Fedora 37.
Only other setting I have changed is the MTU value from 1280 to 1420 (for PPPoE/DSL set it to 1412).

@bczhc
Copy link

bczhc commented Mar 16, 2024

I got lucky with endpoint [2606:4700:100::a29f:c102]:2408 (from comment1 and comment2).

curl https://cloudflare.com/cdn-cgi/trace                                         00:01:05
fl=465f131
h=cloudflare.com
ip=2a09:bac5:21b1:123c::1d1:83
ts=1710604866.304
visit_scheme=https
uag=curl/8.6.0
colo=SJC
sliver=010-tier1
http=http/2
loc=CN
tls=TLSv1.3
sni=plaintext
warp=on
gateway=off
rbi=off
kex=X25519
...

Also I tried 162.159.193.5:2408, wg will have handshakes and rx data, however there's no internet connection.

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.sudo wg
...
peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
  endpoint: 162.159.193.5:2408
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 1 second ago
  transfer: 552 B received, 97.27 KiB sent

@PeakGymnast
Copy link

PeakGymnast commented Mar 17, 2024

I got lucky with endpoint [2606:4700:100::a29f:c102]:2408 (from comment1 and comment2).

curl https://cloudflare.com/cdn-cgi/trace                                         00:01:05

fl=465f131

h=cloudflare.com

ip=2a09:bac5:21b1:123c::1d1:83

ts=1710604866.304

visit_scheme=https

uag=curl/8.6.0

colo=SJC

sliver=010-tier1

http=http/2

loc=CN

tls=TLSv1.3

sni=plaintext

warp=on

gateway=off

rbi=off

kex=X25519

...

Also I tried 162.159.193.5:2408, wg will have handshakes and rx data, however there's no internet connection.

ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.sudo wg

...

peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=

  endpoint: 162.159.193.5:2408

  allowed ips: 0.0.0.0/0, ::/0

  latest handshake: 1 second ago

  transfer: 552 B received, 97.27 KiB sent

For some reason, Cloudflare warp team has modified official wireguard protocol, which means you won't be able to connect wireguard to warp as usual. People found out a unique value unlike official wireguard protocol, you can see this link Xray-examples-reserved id

By this time, I'd like to suggest you using Sing-box(a powerful tool) to make connection because of its better performance than official wireguard client

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests