--local-to-remote cannot parse remote port

[RUzOfuz5m]

Describe the bug

Command line arguments that use to work no longer work in the latest version. -L 'udp://51820:localhost:443?timeout_sec=0' gives cannot parse remote port from localhost:443?timeout_sec=0

I only tested a couple UDP ports as noted below and it seems to be UDP 443 causing issues.

To Reproduce

Steps to reproduce the behavior:

$ wstunnel client --http-upgrade-path-prefix testingupgrade -L 'udp://51820:localhost:442?timeout_sec=0' wss://myserver.com:443
2025-04-12T12:38:46.904796Z  INFO wstunnel: Starting wstunnel client v10.1.10
2025-04-12T12:38:46.904813Z  INFO wstunnel::protocols::udp::server: Starting UDP server listening cnx on 127.0.0.1:51820 with cnx timeout of 0s


$ wstunnel client --http-upgrade-path-prefix testingupgrade -L 'udp://51820:localhost:443?timeout_sec=0' wss://myserver.com:443
error: invalid value 'udp://51820:localhost:443?timeout_sec=0' for '--local-to-remote <{tcp,udp,socks5,stdio,unix}://[BIND:]PORT:HOST:PORT>': cannot parse remote port from localhost:443?timeout_sec=0

$ wstunnel client --http-upgrade-path-prefix testingupgrade -L 'udp://51820:localhost:444?timeout_sec=0' wss://myserver.com:443
2025-04-12T12:39:51.311319Z  INFO wstunnel: Starting wstunnel client v10.1.10
2025-04-12T12:39:51.311335Z  INFO wstunnel::protocols::udp::server: Starting UDP server listening cnx on 127.0.0.1:51820 with cnx timeout of 0s

Expected behavior

A clear and concise description of what you expected to happen.

$ wstunnel_9.1.0 --version
wstunnel 9.1.0

$ wstunnel_9.1.0 client --http-upgrade-path-prefix testingupgrade -L 'udp://51820:localhost:442?timeout_sec=0' wss://myserver.com:443
2025-04-12T12:43:48.584041Z  INFO wstunnel::udp: Starting UDP server listening cnx on 127.0.0.1:51820 with cnx timeout of 0s

$ wstunnel_9.1.0 client --http-upgrade-path-prefix testingupgrade -L 'udp://51820:localhost:443?timeout_sec=0' wss://myserver.com:443
2025-04-12T12:43:54.416075Z  INFO wstunnel::udp: Starting UDP server listening cnx on 127.0.0.1:51820 with cnx timeout of 0s

Your wstunnel setup

--log-lvl=DEBUG doesn't show anything different from above.

Desktop (please complete the following information):

debian 12.10

Additional context
Don't really need anything setup, just grab the binary and run the command to get the error.

[wpdevelopment11]

Commit 38180e7 is probably related. It tests that string ends with 443 and returns the port, but this check fails here, because you have a query parameter: ?timeout_sec=0.

If you remove the timeout_sec parameter, it works:

wstunnel client --http-upgrade-path-prefix testingupgrade -L udp://51820:localhost:443 wss://myserver.com:443

See servo/rust-url#706 for the root cause.

[RUzOfuz5m]

If you remove the timeout_sec parameter, it works:

Is that fine to leave out for Wireguard?

[erebe]

Hello,
Thanks for reporting the issue, i am going to fix the parsing next week.

Regarding if it is safe for wireguard, it is if you configure wireguard client to send an PersistentKeepalive = 20, the wstunnel timeout kick in on idle connection.

[RUzOfuz5m]

I replaced the binary on both my systems, removed ?timeout_sec=0 from the client, and added PersistentKeepalive = 20 to wireguard on both ends. What has been working for over a year on 9.1.0 isn't working any more. I'm going though Nginx so maybe there's more changes that need to be made but I'll do that on the next version.

For now I left all the settings (no timeout_sec and short PersistentKeepalive) and replaced the binary back to 9.1.0 and I'm up and running.

in any case, thank you so much for all your work erebe!!

# Client
[Interface]
Address = 192.168.254.2/24
ListenPort = 51820
PrivateKey = aaaaaaa
#PublicKey = bbbbbbbbb

PreUp = ip route del 1.2.3.4 || true
PreUp = killall wstunnel || true
PreUp = ip route add 1.2.3.4 via $(ip route | grep default | awk '{print $3}')
PreUp = wstunnel client --http-upgrade-path-prefix lalalalalala -L 'udp://51821:127.0.0.1:443' wss://mysite.com:443 &
PostDown = ip route del 1.2.3.4
PostDown = killall -INT wstunnel


[Peer]
PublicKey = cccccccc
PresharedKey = zzzzzzzzzzzz
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 20
Endpoint = 127.0.0.1:51821


# Server
  location /lalalalalala/ {
    proxy_pass          http://127.0.0.1:8080;        
    proxy_http_version  1.1;        
    proxy_set_header    Upgrade $http_upgrade;
    proxy_set_header    Connection "upgrade";      
    proxy_set_header    Host $http_host;        
    proxy_set_header    X-Real-IP $remote_addr;                                                                                                                                                                                             
  } 


/usr/local/bin/wstunnel server --restrict-to 127.0.0.1:443 ws://127.0.0.1:8080

[erebe]

it is fixed is the latest release https://github.com/erebe/wstunnel/releases/tag/v10.1.11

Thanks again for reporting

[RUzOfuz5m]

Everything works in my setup with the latest version, thank you!!!