Forum / Wayk Now - Support

Wayk Now : problem with lan proxy

  • Create an Issue
  • Cancel

We have a proxy inside our Lan to get access to internet (a classic http://ip:8080 proxy server) and we're not able to run Wayk Now, the program starts but it seems not able to connect to your server to get a valid ID, on the bottom of its window we read :

- Connecting to Wayk Den

- Disconnected from Wayk Den

and Source ID was always empty.....

We tried on another pc with direct internet access and voila' ! program starts and immediately works with a valid ID.

We think the problem is our lan proxy, but we're not able to find any settings to force that in your program, please could you add this feature (some other program like Wayk Now are able to use proxy).

Thanks in advance and compliment for your work !

Regards

Clock6 mths

Hi Mario,

Can you activate the logs in Wayk Now, reproduce the issue with your LAN proxy, and send back the logs? You can find information on how to do so in the manual: https://helpwayk.devolutions.net/index.html?options_advanced.htm

We currently don't have explicit support for proxy servers, but this is something we have on our backlog. If you can tell me which proxy server you are using, it would be helpful.

The connection to the Wayk Den uses the secure WebSocket protocol, a standard protocol designed to look like HTTPS except that it is stateful.

The first thing I will try to determine is if the connection is blocked because it didn't go through the proxy, or if the connection was intercepted (and possibly modified) by the proxy for deep packet inspection purposes like we've seen with some advanced products. I should be able to tell the difference just by looking at the logs.

Best regards,

Marc-André Moreau

signaturesignature

Clock6 mths

Thanks for your reply, here's the log in DEBUG level, I think you should get proxy settings directly from OS or put a new setting inside Wayk Now, actually our lan proxy supports standard protocols like http, https, socks v4 and v5 , etc..... it's a simple Windows program : CCPROXY, for more info their web site is :

http://www.youngzsoft.net/ccproxy/

Please let me know if you need more logs or tests.

Thanks again.

regards

WaykNow.log
Clock6 mths

Hi Mario,

Thank you for your quick response. Just looking at the logs, it appears to me that explicit proxy support is mandatory in your case. We are currently setting up a new lab environment to properly test such networking scenarios and enhance support for proxy environments.

We are currently working hard on fixing issues reported by Wayk Now 3.0 beta testers but I will see that we increase the priority on this specific task.

Best regards,

Marc-André Moreau

signaturesignature

Clock6 mths

Ok, thanks, let me know if you need more tests also on beta version, or translation in Italian language of your program if you need that.

Regards

PS : I don't find on your web site the download for beta 3 release....

Clock6 mths

Hi Mario,

The original download links have been sent to those who registered for the beta, but you can find the beta builds here:
https://devolutions.bintray.com/wayk-unattended/

As for the translation, I attached the current English json file that you can translate to Italian if you wish to do it smile

Since Italian is currently not listed in our UI, you can simply rename it to "fr.json" and copy it to "%AppData%\Wayk\locales\fr.json" and select "French" as your language. From there, you can edit the fr.json file and restart Wayk Now to see your Italian translations.

Best regards,

Marc-André Moreau

signaturesignature

en.json
Clock6 mths

I confirm you that also last beta version doesn't work with proxy (as you say....)


However please find attached log (trace) if you need it.

I'm working on Italian translation.....

Thanks, regard

WaykNow.log
Clock6 mths

> As for the translation, I attached the current English json file that you can translate to Italian if you wish to do it smile
>

> Since Italian is currently not listed in our UI, you can simply rename it to "fr.json" and copy it to "%AppData%\Wayk\locales\fr.json" and select
> "French" as your language. From there, you can edit the fr.json file and restart Wayk Now to see your Italian translations.

I attach the Italian translation, but I'm not sure about it because I was not able to test / debug it on Wayk program, I don't find the path with *.json files on my machine ! I search also all disk content but no fr.json or other file similar on it (please look at wayk.txt for all files and dir I find under the %appdata% path : where I find the txt logs in the past).

Please tell me how to test the Italian language... do I need a special executable for that ? I tried both the portable and the MSI installer of Wayk but no path for json file appears on file system.

Thanks.


Regards

wayk.txt
it.json
Clock6 mths

Hi Mario,

I got it working here, there were two small issues in the file that broke JSON parsing. You can use a site like jsonlint.com to validate the JSON formatting and avoid errors in the future. I attached a fixed it.json file so you can try it smile

As for the %AppData%\Wayk\locales directory, it is not created by default, you just have to create it manually.

To test, you can either copy "it.json" inside that directory and then manually edit %AppData%\Wayk\WaykNow.cfg and edit the following line:

"Language": "it",

After which you can restart the application. You will need to restart the application every time you want to reload your modifications.

Alternatively, you can select an existing language in the UI, such as French, and rename "it.json" to "fr.json" such that your Italian translations will get picked up instead. As we integrate your Italian translations, we will add "Italian" to the list of languages in the UI.

Best regards,

Marc-André Moreau

signaturesignature

it.json
Clock6 mths

Ok, I tested the Italian translation on Windows Wayk program and for me it's ok, you can use it in next releases.


I attach the json file here.


Please advise me when you'll release a beta Wayk with Lan proxy support so I can test it in our environment.

Thanks for your porgram and your support.

Regards

it.json
Clock6 mths

Hi Mario,

Thank you for the Italian translation, we will integrate it in the 3.0 release smile

As for the LAN proxy support, I can't make any promises, but we're working on it. There is one thing I am wondering: does everything need to go through the proxy, or is it only with connections to port 80/443 (HTTP/HTTPS)? The first thing I would adapt to go through the proxy would be the Wayk Den connection, but I am wondering if we need to make the remote desktop connection itself go through the proxy as well. If possible, I would recommend against forcing the remote desktop connection to go through the proxy for performance reasons.

You can try a direct connection using the IP address or machine hostname on the local network to see if it works with your proxy. Direct Wayk Now connections use TCP/4489. Connections done through the Wayk Den are UDP based with a port that changes every time, similar to WebRTC peer-to-peer connections.

Best regards,

Marc-André Moreau

signaturesignature

Clock6 mths

In out Lan every clients pc goes out on Internet via proxy, any Tcp or Udp port should go via proxy.

Normally we use standard ports like 80-443-21 and so on and when we need that a client use stange ports the better way is to sockify the program, we simply set the program to use SOCKS protocol on port 1080 and the program "tunnels" its protocols over this port via proxy.

Probably the best way to test your app is to install a proxy on your test Lan and try, there're a lot of free proxy programs for windows or Linux, also our CCProxy program is free with 3 users limit (http://www.youngzsoft.net/ccproxy/), so you can install it on any Windows pc and make some tests.

FYI : many remote control programs like TeamViewer, Anydesk or Supremo are able to work with proxy without socks but only on standard port like http or https I presume... (I personally tested them on my lan and some programs like TV get automatically proxy settings from Windows and use them, other need a proxy set in their parameters); I'm not a programmer (I'm a sys admin / blogger) but I think the right way is to "tunnels" your protocols over standard port when you get a proxy on Lan, in this way the program runs immediately and it's trasparent to end user.

Don't hesitate to contact me if you need some tests....

Regards

Clock6 mths

Hi Mario,

Thank you for the insight. I managed to get an initial connection to the Wayk Den using a SOCKS5 proxy today. I still need to improve the code robustness and implement the multiple SOCKS variants and then look into the HTTP proxies. If initial proxy support isn't ready for the 3.0 release, it should normally be available in a minor release not very long after.

As for using the proxy for peer-to-peer connections (UDP-based), I would expect it to require more work. One thing for sure is I will set up a lab environment with ccproxy to make some experiments and see how the other products behave in such a case. I don't even know how the standard WebRTC peer-to-peer connections operate with proxies, I am curious to see how it works. We're not using a standard form of WebRTC, but we are logically equivalent to it, so whatever affects WebRTC should normally apply to us as well.

Best regards,

Marc-André Moreau

signaturesignature

Clock5 mths

Hi Mario,

Just a quick update on this: I have initial support for SOCKS4/SOCKS4A/SOCKS5/SOCKS5H + HTTP/HTTPS proxies and I have tested with ccproxy. My code currently detects the same environment variables that tools like curl accept, but I have no idea yet how to detect system proxy settings for Windows.

If you can tell me the way you configured system-side proxy settings for Windows, I would make sure to add code to detect the configuration from the same place. One other thing: do you need proxy authentication? I didn't get the time to implement it yet.

Best regards,

Marc-André Moreau

signaturesignature

Clock5 mths

I attach my proxy settings for "normal" client (proxy1, usually only web navigation) or "full" client (proxy2 with socks support).

I think you can get proxy set from a Windows machine with this commands :

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | find /i "proxyserver"

or


netsh winhttp show proxy

We don't use authentication on our proxy, we use pc Mac addresses to categorize them, so we use the internal hardware address of nic to authorize a pc on proxy, but on other environments probably someone use authentication, in Windows Server lans probably AD users....

Regards

proxy1_no_socks.jpg
proxy2_socks.jpg
Clock5 mths

Hi Mario,

We have just released the Wayk Now 3.0 beta8 build, with initial support for proxies:

https://forum.devolutions.net/topic30635-wayk-now--unattended-mode-beta.aspx

Best regards,

Marc-André Moreau

signaturesignature

Clock5 mths

I tested beta8 but I was not able to make a connection with a Windows 7 prof 64 bit pc.... please could you send me an image of your internet settings in control panel so I can check them ?

thanks, regards

Clock5 mths

Hi Mario,

Were you able to connect to the Wayk Den first, or was it only the direct connection that failed? For the moment, I only enabled the proxy support for the Wayk Den connection. As for the Wayk Now to Wayk Now connection, it would be possible to enable proxy support for direct connections using the hostname or IP address, but it would not yet be possible to do so with peer-to-peer connections done using the Wayk Den.

Let me know which part did not work, and if you are trying a direct connection using the IP or hostname.


Best regards,

Marc-André Moreau

signaturesignature

Clock5 mths

I'm able to connect over local lan with hostname / IP address, but when I try a remote connection I get always the messages :

- Connecting to Wayk Den
- Disconnected from Wayk Den
and Source ID is empty.....
I attach some screenshots.
Regards

001.jpg
002.jpg
Clock5 mths

Hi Mario,

Can you enable the logs using these instructions?

There is a good chance that I should be able to figure out what goes wrong from the logs alone.

You can send the logs to support@devolutions.net

Best regards,

Marc-André Moreau

signaturesignature

Clock5 mths

Hi Mario,

Sorry for the late reply. I have looked at the logs, and it looks like we did not detect proxy settings. Can you export the registry keys under "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ? We parse "ProxyEnable" and "ProxyServer" under that registry key on Windows to detect proxy settings. If you export it as a .reg, I would be able to simulate detecting the same proxy settings on my side and ensure that it works. You can send them here or send them to support@devolutions.net. If this isn't the correct registry key, please point me to the right one.


Best regards,

Marc-André Moreau

signaturesignature

Clock5 mths

No problem, it's not an urgent matter, you're stiill in beta, so... we can make all tests.

I think the problem is in registry, I don't find the proxy setting ip server under HKCU but in HKLM, I attach the exported reg files so it will be clear, sincerely I don't understand why proxy settings is present both on local user and local machine registry paths.....

I made a full search on registry to find every key where my proxy IP appears, I attach all files here.

Thanks for your support and good work

HKCU Internet Settings.reg
HKLM Internet Settings.reg
HKLM2 Internet Settings.reg
Clock5 mths

Hi Mario,

We released Wayk Now 3.0.0 on November 2nd and 3.0.1 on November 12th smile We are no longer in beta.

As for the proxy settings, I will modify the logic to check HKCU and then HKLM, which should make it work. I don't know when Windows decides to store it in one or the other, but checking both, in order, should work fine.

Until this is fixed, you can also try setting the same key in HKCU and see if it works. Otherwise, you can wait until we release a fix to check both places.


Best regards,

Marc-André Moreau

signaturesignature

Clock5 mths

Hi,

I did my first try with Wayk Now v3.0.3 and I have the problem, that it can't connect.
We are forced here to use a proxy and it seems (debug logs) to find the right one but fails with the following:

setsockopt
curl_easy_perform (ipify)

But if I enter those 4 addresses (i.e. https://icanhazip.com) to get the public ip into a browser using our proxy it show the ip.

[11:09:25:720] [5944:00001598] [WARN][NowTcp] - setsockopt(SOL_TCP, TCP_KEEPCNT) failed
[11:09:25:720] [5944:00001598] [WARN][NowTcp] - setsockopt(SOL_TCP, TCP_KEEPINTVL) failed
[11:09:25:720] [5944:00001598] [WARN][NowTcp] - setsockopt(SOL_TCP, TCP_KEEPCNT) failed

[11:09:25:720] [5944:00001598] [WARN][NowTcp] - setsockopt(SOL_TCP, TCP_KEEPINTVL) failed

...

[11:09:33:236] [5944:00001598] [WARN][NowNat] - curl_easy_perform failure: Couldn't connect to server
[11:09:33:236] [5944:00001598] [DEBUG][NowNat] - ipify (https://api.ipify.org/) status: -1002
[11:09:37:939] [5944:00001598] [WARN][NowNat] - curl_easy_perform failure: Couldn't connect to server
[11:09:37:939] [5944:00001598] [DEBUG][NowNat] - ipify (https://ipinfo.io/ip) status: -1002
[11:09:42:939] [5944:00001598] [WARN][NowNat] - curl_easy_perform failure: Timeout was reached
[11:09:42:939] [5944:00001598] [DEBUG][NowNat] - ipify (https://icanhazip.com) status: -1002
[11:09:47:939] [5944:00001598] [WARN][NowNat] - curl_easy_perform failure: Timeout was reached
[11:09:47:939] [5944:00001598] [DEBUG][NowNat] - ipify (https://devolutions.net/getpublicip.ashx) status: -1002
[11:09:47:939] [5944:00001598] [WARN][NowDen] - Failed to fetch publicIp: -1002

Any idea what I could try?

I have renamed the IPs in the logs from Windows 10 / 2012 R2.

WaykNow_W10_a.log
WaykNow_W2012R2_a.log
Clock3 mths

Hi,

As you have probably noticed from the logs, we are using libcurl internally to try and detect the external IP. I can see from the logs that the connection to the Wayk Den (WebSocket) worked with proper detection of the proxy settings from Windows. libcurl, just like curl.exe, doesn't detect proxy settings from the regular location on Windows and checks for the "http_proxy" or "https_proxy" environment variable.

Our code to detect proxy settings sets the "https_proxy" environment variable inside the process such that calls to libcurl will use the proxy. One way to debug this issue would be to try and use curl.exe on Windows, passing it explicit command-line arguments for your proxy settings. My guess is we probably don't produce an https_proxy environment variable string that libcurl processes correctly, so we can simulate the same issue with curl.exe.

You can find curl for Windows here:
https://curl.haxx.se/windows/

And instructions on how to pass proxy settings to curl here:
https://ec.haxx.se/usingcurl-proxies.html

The value of the https_proxy environment variable set by Wayk Now after detection of proxy settings from the Windows registry corresponds to the value in the log shown in the "[DEBUG][NowProxy] - proxyUrl:" line.

Start by trying to reproduce the issue with curl.exe. If you can reproduce it, it's good, we just need to figure out an alternative format for the https_proxy environment that will get picked up correctly.

Best regards,

Marc-André Moreau

signaturesignature

Clock3 mths

Thanks, that was quick.

Yes the generated proxy URL is the problem, because the proxy is only working with http:// not https://:

curl -x http://proxy.x.x.com:8080 https://icanhazip.com
xx.xx.xx.xx

curl -x https://proxy.x.x.com:8080 https://icanhazip.com

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number


...
Update:

I manually set the environment variable https_proxy in a commandline window and then started wayk from there and it does connect to the Den successfully!

But I am unable to establish a connection between two of my systems, when I try to connect to the target ID 5xx xxx it shows the "Initiating remote connection ..." and then closes it again without any further message.

Clock3 mths

Could not attach the log to the previous message for some reason ...

WaykNow_W10_Connect_a.log
Clock3 mths

Hi,

From the logs you provided, it looks like UDP traffic is blocked. Can you provide more details on the proxy server enforced in your network environment?

Best regards,

Marc-André Moreau

signaturesignature

Clock3 mths

Yes we have many networks separated with firewalls and proxy servers, there is nearly blocked everything in most networks.
So there is no tunneling currently possible over http(s) + Proxy + Den as far as I heave read?

Wayk Now still needs a "direct" connection for the UDP packets ... so yeah, this will not work here, it would need to go over the proxy.


As firewalls we mostly use Cisco ASA, but what exactly the proxy is, I don't know right now, could be some Squid based or some professional appliances.
I can tell that it uses "Blue Coat Web Filter".


Maybe I can get the details. I will try to find out.

Clock3 mths

Hi,

Please try to get the details about the proxy server, it will make it easier to investigate potential options that could work with it. One thing I would like to know is if it supports SOCKS5 in addition to HTTP proxying (SOCKS works with HTTP, but "true" HTTP proxies only work with HTTP).

We have developed a prototype TCP relay server protocol in hope of improving support for cases where UDP traffic gets blocked. It is not yet production ready, but we could look into getting you to test it in your environment. However, if your network environment requires explicit proxy support (the application is fully aware of the proxy and connects to it directly), we would need to make further improvements before it could work. If your proxy is "transparent", meaning applications don't need to be fully aware of proxy settings, we could look into getting a prototype ready for testing next week.

Best regards,

Marc-André Moreau

signaturesignature

Clock3 mths