Show HN: Test your WireGuard connectivity and see global stats, no client needed
probe.shHi HN,
Some misbehaving networks drop WireGuard packets either by accident or on purpose. Commonly the latter is done with simple DPI rules that block the handshake initiation [1], but it could be applied to other message types as well.
We thought it would be great if there was tool for folks to use as a quick litmus test to see if this happening for them, without having to configure a client to send data through a random, functional WireGuard tunnel to an untrusted remote host. So we built probe.sh.
How it works:
- The probe.sh web app is an Elixir Phoenix app that spawns a few gen_udp servers across a variety of common UDP ports. - When a user visits the app, Probe starts a LiveView process and generates a unique cryptographic token to use for the test. - When the user runs the script shown, it first sends an HTTP request to start the test, followed by a series of UDP payloads, and finally either a complete or cancel request to end the test. - The UDP payloads are crafted to resemble real world WireGuard packets and sent with widely available tools like netcat (Unix) and System.Net.Sockets.UdpClient (Win) already on your OS. - The gen_udp server receives these payloads, and if they match one of the four WireGuard message types by header, it broadcasts test updates to the LiveView process for that test, and the test is marked as success. - The user is immediately shown the results of the test.
The entire tool is open source at https://github.com/firezone/probe (README contains guide for self-hosting) and you can find a FAQ with more useful info at https://probe.sh/faq. You can also see our tally of global results organized by country: https://probe.sh/stats
We hope you find it useful for testing your network for WireGuard connectivity issues.
Thanks for reading - feedback welcome!
[1] https://x.com/6h4n3m/status/1459462360003919875 Can a user provide the test results back to the central server? This would allow for wireguard censorship observability reporting, opt in of course. Similar to the old ICSI Netalyzer:
https://www.icsi.berkeley.edu/icsi/gazette/2011/09/netalyzr-... https://web.archive.org/web/20190402220256/http://netalyzr.i... Unfortunately the app wasn't designed to intake test results from runs that didn't originate from itself. We wanted to make it harder to submit fake results, and didn't want to add a lot of friction around user auth and such. Would you accept a pull request that enables this in a secure and privacy first manner? My team is looking for a project. PRs welcome! We may not have much bandwidth to help, but happy to review anything that comes along. We can discuss further perhaps on a GitHub issue so the rest of the Firezone team can offer input: https://github.com/firezone/probe/issues/new. FYI this also does run via Termux on Android, which could be mentioned instead of the "Android is not supported" message Noted! I'll update it to use the Unix instructions in that case. Thanks for the feedback! I've exposed `Android` as a support OS. Give it a shot now. Thanks! Awesome, now I can prove that my cell network (MegaFon Russia) blocks wireguard Great! Did the test report the block accurately for you?