trailofbits/algo

Connection overly slow, almost as if it doesn't exist.

pmnlla opened this issue · 2 comments

pmnlla commented

Describe the bug

Aside from Telegram, nothing on my phone is handled correctly by the VPN for some weird reason (and I don't know if that's even the issue).

Looking on tcpdump, there appear to be many ingress requests yet very little packets going out from the server. The phone is connected and should work fine but the app store, sites on safari, etc fail to load.

The server is hosted on OCI and I'm using a local algo install. There are no firewall limitations that I'm aware of.

To Reproduce

Steps to reproduce the behavior:

  1. Install algo with wireguard on any port aside from the default, with Quad9 and DNS adblocking.
  2. Connect with any device
  3. Enjoy a limited connection.

Expected behavior

Speeds close to those provided by my ISP alone.

Additional context

The server is running on a standard, "always free" AMD compute instance from OCI with Ubuntu 22.04 minimal. It is located outside of my province.

Full log

Unfortunately, I cannot post it publicly as it does include private names of people. but I have it dumped and can provide it upon request

pmnlla commented

Update: This issue is solved.

Add these lines to your wg0 config file /etc/wireguard/wg0.conf under [interface]:

PreUp = iptables -t nat -A POSTROUTING -j MASQUERADE -o <ethernet interface>
PreDown = iptables -t nat -D POSTROUTING -j MASQUERADE -o <ethernet interface>

Replace <ethernet interface> with your ethernet interface, typically eth0 or, as it was in my case, ens3.

pmnlla commented

Update: The code above will likely not solve your issue.

Use the code provided in Linode's guide instead: https://www.linode.com/docs/guides/set-up-wireguard-vpn-on-ubuntu/

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <ethernet interface> -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <ethernet interface> -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

where <ethernet interface> is your network interface, typically eth0 (or ens3 as it was in my case with OCI).