From: "Jasper Knockaert" <jasper@knockaert.nl>
To: "Laura Smith" <n5d9xq3ti233xiyif2vp@protonmail.ch>
Cc: wireguard@lists.zx2c4.com
Subject: Re: Two small Wireguard frustrations on Mac & Apple iOS
Date: Thu, 01 Oct 2020 13:23:16 +0200 [thread overview]
Message-ID: <036BBED1-14F9-42A9-8915-835F24A97926@knockaert.nl> (raw)
In-Reply-To: <RO0eYtp8TKtVxKltNMcmKXS8FhbJRiFU1fBuG8XmE3h8AtjY2_JlRSw_k29pm-3r70B_3pQHIF1nk252-3wHqVMlnbGbub2GiCU3DN7arLY=@protonmail.ch>
Hi
Just one other issue with the MacOS client. When you have multiple users
on the same computer (say user A and user B) user A can import a
WireGuard config in the client. Then another user B can see the config
name, but cannot modify or connect because the required keys are in the
Keychain of user A. So far all is fine. But user A may specify the
config to connect on demand (basically upon login). Then when logging in
as user B, WireGuard will still try to connect without having access to
the connection settings (because they are stored in the keychain of user
A). This causes an endless loop, which should be avoided.
Best
Jasper
On 23 Aug 2020, at 20:34, Laura Smith wrote:
> Hi,
>
> These aren't show-stoppers per-se, but it would be nice to see them
> fixed and new clients pushed out via the App Store:
>
> (1) MacOS (10.15.6 but also observed on 10.15.5, not tested on
> anything older)
>
> - Start with WG client in an operational state
> - Disconnect network (e.g. if on WiFI, turn off the WiFi in the menu
> bar)
> - Sleep the machine
> - Wait- Wake the machine
> - Turn on Wifi
> - Note that WG client fails to re-establish connectivity (shows
> connected, but no traffic flows until you deactivate/reactivate WG)
>
> (2) iOS (13.6.1, also observed on 13.6, not tested on anything older)
>
> After a period of time, seems to be a few days to a week, WG seems to
> deactivate of its own accord (as if some sort of counter was reached
> or something). This does not appear to be correlated with network
> connectivity (e.g. I can switch to airplane mode for an extended
> period of time, then re-enable, and WG remains connected), so its
> something else in the WG code (either itself or the way it interacts
> with iOS).
>
> This is all a bit frustrating because you are unknowingly then using
> an unencrypted connection.
>
> Perhaps WG should consider adding "retry" functionality (OpenVPN
> client for iOS has such a feature, where you can tell it to retry for
> a period of time or indefinitely)
>
> Apart from that, WG is great ;-)
>
> Laura
next prev parent reply other threads:[~2020-10-01 11:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-23 18:34 Laura Smith
2020-08-27 8:29 ` Alexander Burke
2020-09-11 1:08 ` Eddie Jones
2020-09-28 12:59 ` Laura Smith
2020-09-28 13:20 ` Jonny
2020-09-28 13:53 ` Jeff Squyres
[not found] ` <CAPMuNSpqK6BOL4h9zkSNyEO4UJroDDMnU5GJprvAyDeTdXW=kw@mail.gmail.com>
2020-09-28 20:49 ` Dimitri J. Panagiotou
2020-09-30 1:25 ` Jeff Squyres
2020-10-01 1:04 ` Brian Gregory
2020-10-01 11:17 ` Jason A. Donenfeld
2020-10-08 14:04 ` Laura Smith
[not found] ` <a473a088-91f8-10bb-7522-67c989c7a052@k8s.local>
2020-09-15 23:29 ` Eddie Jones
2020-10-01 11:14 ` Jason A. Donenfeld
2020-10-01 11:23 ` Jasper Knockaert [this message]
2020-10-01 11:57 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=036BBED1-14F9-42A9-8915-835F24A97926@knockaert.nl \
--to=jasper@knockaert.nl \
--cc=n5d9xq3ti233xiyif2vp@protonmail.ch \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).