Is there any other way to use a VPN even if my ISP is blocked Wireguard?
I have tried to change port 443, 8295 for wireguard but it’s not connecting
WireGuard is not connecting
found this error in logs:
wireguard1: [test] KQf3CazJ+nfylMl+Nnajsfnjsd TUT6yoyX/xbxPNzEE=: Handshake for peer did not complete after 5 seconds, retrying (try 2).
It may look like:WG peer Client Listen port 51820 is blocked by ISP
If the ISP is blocking wireguard, the fact that you have tried numerous ports tells me that they are checking DPI, into the weeds to see the type of traffic.
Therefore suggesting BTH is fruitless.
However, if the lack of connection is either
a. operator config error
b. no access to public IP
Then BTH may help alleviate both. :-0
So question to OP, is your config correct and do you have a public IP.
I have a public IP on my Router.
Wireguard was working fine before ISP changed its policies.
but now the Wireguaurd is not connecting. Sometimes it connected but suddenly disconnected.
I also tried “bth” but it is also blocked.
Please help me if there is any other way
Thanks
ikev2 (ipsec) is well supported, and there are fairly good examples around.
This is more industrial, so perhaps less likely to be dropped.
But if your ISP doesn’t want you running VPN’s. You will struggle.
Or change ISP ?
A party blocking VPN is not worth to receive your money.
actually all ISPs and organizations blocking vpn
Yup, it’s not a matter of switching the ISP, it’s a matter of switching the country. AmneziaWG seems to be successful in addressing this type of issue, but you need a Mikrotik that supports containers or a completely different hardware. Depending on the country, it may or may not be enough.
any advice on what I need to do how I can use a VPN or which port I can use?
I think they are not blocking ports they are blocking the VPN protocol.
SSTP looks almost like a normal HTTPS connection but it is relatively slow. The initial packets of all other VPN protocols are quite distinctive so easy to spot using DPI and therefore easy to block. AmneziaWG targets exactly this.
Scenario is that
I have Mikrotik CHR on Digital Ocean. We are using CHR as a WireGuard Server.
We have installed the WG application on Android and iPhone, ISP blocks this and we can’t establish a connection with CHR-WireGuard Server.
In this case How I can deploy AmneziaWG?
or
I need to deploy any other machine for AmneziaWG on Cloud?
I do know people who run containers on CHRs running in the cloud, because it is simpler than to set up a separate virtual machine there. But keeping a CHR only as a host for a single container would make little sense so maybe spawning a dedicated Debian machine may be a better choice for you - I don’t have enough information to recommend you any of these variants.
Use strongSwan smartPhone app , import file xxx.sswan which will be generated as a result of #2.
I have couple of cases with pretty same problems, both #1 and #2 work fine.
hello,
I have test AmneziaWG on my android it is working but Instagram isn’t working I can’t able to test all the apps.
AmneziaWG is slower then Wireguard.
but some time Wireguard is working. and working perfectly fine.
one moe thing Wireguard is much faster then AmneziaWG.
What speeds do you achieve? Are you sure, you have full tunnel and not maybe some split tunnelig? Because AmneziaWG isn’t realy much different then ordinary WG, so anything, that worked there, should also work with AmneziaWG.¸
It could also be MTU issue. Many times, when some sites don’t load it’s a MTU issue.
There is a bit of difference between when scrolling up on YouTube, Insta etc also on speed test a bit difference
on ROS I have default MTU.
Well, i was asking for something like speedtest.net results.
Try with this in firewall mangle rule. See if it fixes anything.
add action=change-mss chain=forward comment="Clamp MTU to PMTU" disabled=yes new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
…without the disabled=yes of course.
MISSING!! Besides the disabled=yes error, where is the interface? designated on that rule.
Try
/ip firewall mangle
add action=change-mss chain=forward comment=“Clamp MSS to PMTU for Outgoing packets” new-mss=clamp-to-pmtu out-interface=wireguard1 passthrough=yes protocol=tcp tcp-flags=syn
If you dont see any difference with that mangle rule you an also try this mangle rule.
/ip firewall mangle
add action=change-mss chain=forward new-mss=1380 out-interface=wireguard1 protocol=tcp tcp-flags=syn tcp-mss=1381-65535
I only copied it from my 5009. I’m not using that rule right now and that is why it’s disabled. I found it in such form (without interface) somewhere on the internet or even maybe on this forum.
Thanks for fixing it.