Socket bind error, trying to use with wireguard

[o-alquimista]

Wireguard goes through udp port 55820. University wifi blocks wireguard traffic.
I opened up tcp port 4096 for udp2raw to use.

Server side (raspberry pi at home)

sudo udp2raw_arm -s -l 0.0.0.0:4096 -r 127.0.0.1:55820 -k "password" --raw-mode faketcp -a

Client side (laptop at the campus)

sudo udp2raw_amd64 -c -l 0.0.0.0:55820 -r IPV4_PUBLIC:4096 -k "password" --raw-mode faketcp -a

The server starts ok (wg-quick), but the client fails with:

[2023-10-19 22:35:01][FATAL]socket bind error

I'm pretty sure I'm doing something wrong. But note that sometimes both server and client start ok and reach the "ready" status, at which point you can see both ends exchanging "heartbeat" packets. Still, I couldn't get a handshake, but that's jumping ahead. The problem right now seems to be a port conflict.

I can get around the error by setting a different port on the client, like 55555. But wireguard is on 55820, so what's the point? It's not going to work, right? Anyway, I tried it, and udp2raw went "ready" on both server and client, but wireguard traffic was still not going through (ping test failed, no handshake).

sudo udp2raw_amd64 -c -l 0.0.0.0:55555 -r IPV4_PUBLIC:4096 -k "password" --raw-mode faketcp -a

Client wireguard config:

[Interface]
PrivateKey=PRIVATE_KEY
Address=192.168.2.2/32,fd9d:238c:b159:2::/64
ListenPort=55820
PreUp=udp2raw_amd64 -c -l 0.0.0.0:55820 -r IPV4_PUBLIC:4096 -k "password" --raw-mode faketcp -a &
PostDown=killall udp2raw_amd64

[Peer]
PublicKey=SERVER_PUBLICKEY
Endpoint=IPV4_PUBLIC:55820
AllowedIPs=192.168.2.0/24,fd9d:238c:b159::/48

Server wireguard config:

[Interface]
PrivateKey=SERVER_PRIVATEKEY
Address=192.168.2.1/32,fd9d:238c:b159:0::/64
ListenPort=55820
PreUp=udp2raw_arm -s -l 0.0.0.0:4096 -r 127.0.0.1:55820 -k "password" --raw-mode faketcp -a &
PostDown=killall udp2raw_arm

[Peer]
PublicKey=LAPTOP_PUBLICKEY
AllowedIPs=192.168.2.2/32,fd9d:238c:b159:2::/64

[o-alquimista]

I got it.

(hacker voice) I'm in.

In the client Wireguard configuration, Endpoint needs to point to localhost, which is where the udp2raw service is running.

[Interface]
PrivateKey=PRIVATE_KEY
Address=192.168.2.2/32,fd9d:238c:b159:2::/64
-ListenPort=55820
PreUp=udp2raw_amd64 -c -l 0.0.0.0:55820 -r IPV4_PUBLIC:4096 -k "password" --raw-mode faketcp -a &
PostDown=killall udp2raw_amd64

[Peer]
PublicKey=SERVER_PUBLICKEY
-Endpoint=IPV4_PUBLIC:55820
+Endpoint=127.0.0.1:55820
AllowedIPs=192.168.2.0/24,fd9d:238c:b159::/48

Now I understand how this works...

[o-alquimista]

I stopped using PreUp and PostDown to run udp2raw - because SELinux doesn't like it, and started using the init program (systemd) for that:

[Unit]
Description=Start udp2raw as a server
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/udp2raw -s -l [::]:4096 -r [::1]:51820 -k "my_password" --raw-mode faketcp -a

[Install]
WantedBy=multi-user.target

[Unit]
Description=Start udp2raw as a client
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/udp2raw -c -l [::]:51820 -r SERVER_INTERNET_ADDRESS:4096 -k "my_password" --raw-mode faketcp -a

[Install]
WantedBy=multi-user.target

Check out my snippet: https://gitlab.com/-/snippets/3618209

[wangyu-]

Thanks for sharing your configure, glad that you have made it work already.
By the way, Socket bind error itself simply means there is another program occupying the same port.