starred/Cloak
1
0
Fork 0
mirror of https://github.com/cbeuw/Cloak.git synced 2026-04-26 13:05:56 +03:00
Code Issues 144 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #288] Wireguard over cloak: An attempt was made to access a socket in a way forbidden by its access permissions in windows #226

New issue
Open
opened 2026-02-26 12:34:19 +03:00 by kerem · 0 comments
kerem commented 2026-02-26 12:34:19 +03:00
Owner
Copy link

Originally created by @intro99 on GitHub (Nov 15, 2024).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/288

I encountering the error connectex: An attempt was made to access a socket in a way forbidden by its access permissions when trying to use WireGuard over Cloak on Windows, even though WireGuard alone and Cloak with OpenVPN work fine?

Context:

I have setup wireguard and cloak in aws server
Issue: The error occurs when attempting to establish a connection using WireGuard over Cloak on Windows.
Observations:
WireGuard alone works without issues.
Cloak with OpenVPN also works without issues.
The same WireGuard + Cloak configuration works fine on Linux.
Cloak is being run with administrator privileges on Windows.
Troubleshooting Information:
Running netstat -aon | findstr :443 shows multiple established connections on port 443.
netsh interface ipv4 show excludedportrange protocol=udp indicates an excluded port range from 50000 to 50059 for UDP.

Cloak is using using port 443
I have even tried to changing port of wireguard to 1196 but still same error

this seems like a windows specifying error, any way to fix

thankyou in advance

wireguard config:

    [Interface]
  PrivateKey = *****
  Address = 10.66.66.2/32,fd42:42:42::2/128
  DNS = 1.1.1.1,1.0.0.1
  MTU = 1300
  
  [Peer]
  PublicKey = ******
  PresharedKey = *******
  Endpoint = 127.0.0.1:1984
  AllowedIPs = 0.0.0.0/2, 64.0.0.0/8, 65.0.0.0/22, 65.0.4.0/23, 65.0.6.0/25, 65.0.6.128/26, 65.0.6.192/29, 65.0.6.201/32, 65.0.6.202/31, 65.0.6.204/30, 65.0.6.208/28, 65.0.6.224/27, 65.0.7.0/24, 65.0.8.0/21, 65.0.16.0/20, 65.0.32.0/19, 65.0.64.0/18, 65.0.128.0/17, 65.1.0.0/16, 65.2.0.0/15, 65.4.0.0/14, 65.8.0.0/13, 65.16.0.0/12, 65.32.0.0/11, 65.64.0.0/10, 65.128.0.0/9, 66.0.0.0/7, 68.0.0.0/6, 72.0.0.0/5, 80.0.0.0/4, 96.0.0.0/3, 128.0.0.0/1, ::/0

running cloak:(in windows cmd runed as administrator )

.\ck-client.exe -s 65.0.*.** -u -c .\wireg_udp.json

the full Claok log:

   ```

.\ck-client.exe -s 65.0.. -u -c .\wireg_udp.json
time="2024-11-15T19:50:10+05:30" level=info msg="Starting standalone mode"
time="2024-11-15T19:50:10+05:30" level=info msg="Listening on UDP 127.0.0.1:1984 for wireg_udp client"
time="2024-11-15T19:50:13+05:30" level=info msg="Attempting to start a new session"
time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0..:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions."
time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0..:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions."
time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0..:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions."
time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0..:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions."

Originally created by @intro99 on GitHub (Nov 15, 2024). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/288 I encountering the error connectex: An attempt was made to access a socket in a way forbidden by its access permissions when trying to use WireGuard over Cloak on Windows, even though WireGuard alone and Cloak with OpenVPN work fine? Context: I have setup wireguard and cloak in aws server Issue: The error occurs when attempting to establish a connection using WireGuard over Cloak on Windows. Observations: WireGuard alone works without issues. Cloak with OpenVPN also works without issues. The same WireGuard + Cloak configuration works fine on Linux. Cloak is being run with administrator privileges on Windows. Troubleshooting Information: Running netstat -aon | findstr :443 shows multiple established connections on port 443. netsh interface ipv4 show excludedportrange protocol=udp indicates an excluded port range from 50000 to 50059 for UDP. Cloak is using using port 443 I have even tried to changing port of wireguard to 1196 but still same error this seems like a windows specifying error, any way to fix thankyou in advance wireguard config: ``` [Interface] PrivateKey = ***** Address = 10.66.66.2/32,fd42:42:42::2/128 DNS = 1.1.1.1,1.0.0.1 MTU = 1300 [Peer] PublicKey = ****** PresharedKey = ******* Endpoint = 127.0.0.1:1984 AllowedIPs = 0.0.0.0/2, 64.0.0.0/8, 65.0.0.0/22, 65.0.4.0/23, 65.0.6.0/25, 65.0.6.128/26, 65.0.6.192/29, 65.0.6.201/32, 65.0.6.202/31, 65.0.6.204/30, 65.0.6.208/28, 65.0.6.224/27, 65.0.7.0/24, 65.0.8.0/21, 65.0.16.0/20, 65.0.32.0/19, 65.0.64.0/18, 65.0.128.0/17, 65.1.0.0/16, 65.2.0.0/15, 65.4.0.0/14, 65.8.0.0/13, 65.16.0.0/12, 65.32.0.0/11, 65.64.0.0/10, 65.128.0.0/9, 66.0.0.0/7, 68.0.0.0/6, 72.0.0.0/5, 80.0.0.0/4, 96.0.0.0/3, 128.0.0.0/1, ::/0 ``` running cloak:(in windows cmd runed as administrator ) ` .\ck-client.exe -s 65.0.*.** -u -c .\wireg_udp.json` the full Claok log: ``` .\ck-client.exe -s 65.0.**.** -u -c .\wireg_udp.json time="2024-11-15T19:50:10+05:30" level=info msg="Starting standalone mode" time="2024-11-15T19:50:10+05:30" level=info msg="Listening on UDP 127.0.0.1:1984 for wireg_udp client" time="2024-11-15T19:50:13+05:30" level=info msg="Attempting to start a new session" time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0.**.**:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions." time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0.**.**:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions." time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0.**.**:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions." time="2024-11-15T19:50:13+05:30" level=error msg="Failed to establish new connections to remote: dial tcp 65.0.**.**:443: connectex: An attempt was made to access a socket in a way forbidden by its access permissions." ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/go-github.com-refraction-networking-utls-vulnerability
dependabot/go_modules/golang.org/x/crypto-0.45.0
utls-1.7.0
deps-20250430
padding
docker-tests
ptspec
legacy-v1
v2.12.0
v2.11.0
v2.10.0
v2.9.0
v2.8.0
v2.7.1-pre
v2.7.0
v2.6.1
v2.6.0
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.1
v2.4.0
v2.3.2
v2.3.1
v2.3.0
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.0
v1.1.2
v1.1.1
v1.1.0
v1.0.0
v0.2.0
v0.1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Cloak#226
No description provided.