Development discussion of WireGuard
 help / color / mirror / Atom feed
* [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
@ 2021-09-21 10:55 Juraj Hilje
  2021-09-22  8:08 ` Andrej Mihajlov
  2021-09-22  8:19 ` Jeroen Massar
  0 siblings, 2 replies; 10+ messages in thread
From: Juraj Hilje @ 2021-09-21 10:55 UTC (permalink / raw)
  To: wireguard

If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.

Here are some logs from the moment of this event:
2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
2021-09-20 12:07:26.736732: [NET] Device closing
2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
2021-09-20 12:07:26.753433: [NET] Device closed
2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped

Tested on devices: iOS 14.8, iPadOS 15
WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4

More info on includeAllNetworks option:
https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks

Can someone confirm this issue or point to a possible workaround?
Thanks!

Juraj H.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-21 10:55 [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch) Juraj Hilje
@ 2021-09-22  8:08 ` Andrej Mihajlov
  2021-09-22  8:55   ` Juraj Hilje
  2021-09-22 14:41   ` Jeffrey Walton
  2021-09-22  8:19 ` Jeroen Massar
  1 sibling, 2 replies; 10+ messages in thread
From: Andrej Mihajlov @ 2021-09-22  8:08 UTC (permalink / raw)
  To: Juraj Hilje; +Cc: wireguard

Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:

https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616

Waiting for the final release of iOS 15.

> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
> 
> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
> 
> Here are some logs from the moment of this event:
> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
> 2021-09-20 12:07:26.736732: [NET] Device closing
> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
> 2021-09-20 12:07:26.753433: [NET] Device closed
> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
> 
> Tested on devices: iOS 14.8, iPadOS 15
> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
> 
> More info on includeAllNetworks option:
> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
> 
> Can someone confirm this issue or point to a possible workaround?
> Thanks!
> 
> Juraj H.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-21 10:55 [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch) Juraj Hilje
  2021-09-22  8:08 ` Andrej Mihajlov
@ 2021-09-22  8:19 ` Jeroen Massar
  1 sibling, 0 replies; 10+ messages in thread
From: Jeroen Massar @ 2021-09-22  8:19 UTC (permalink / raw)
  To: Juraj Hilje; +Cc: wireguard

That flag, is a MAJOR privacy improvement.

If "All" really includes "all" networks.

Before, "some" undefined traffic to Apple systems might be routed outside the VPN.

I guess this is so that Apple Private Relay is private, and other VPNs, eg wireguard, can't say "but you still route traffic elsewhere" like before, which would be an unfair advantage.


Thanks Apple Employee X who arranged getting this in! Very very much appreciated!

Greets,
 Jeroen


> On 20210921, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
> 
> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
> 
> Here are some logs from the moment of this event:
> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
> 2021-09-20 12:07:26.736732: [NET] Device closing
> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
> 2021-09-20 12:07:26.753433: [NET] Device closed
> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
> 
> Tested on devices: iOS 14.8, iPadOS 15
> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
> 
> More info on includeAllNetworks option:
> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
> 
> Can someone confirm this issue or point to a possible workaround?
> Thanks!
> 
> Juraj H.


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-22  8:08 ` Andrej Mihajlov
@ 2021-09-22  8:55   ` Juraj Hilje
  2021-09-22  8:59     ` Andrej Mihajlov
  2021-09-22 14:41   ` Jeffrey Walton
  1 sibling, 1 reply; 10+ messages in thread
From: Juraj Hilje @ 2021-09-22  8:55 UTC (permalink / raw)
  To: Andrej Mihajlov; +Cc: wireguard

Hey Andrej, thanks for the response!

I've tested on iOS 14.8 and iOS 15.0 (public release), and even with the patch (b244febfdf3069dd4e8db2d31f0368d5474d7616) i still have the same issue on my end.

I will test the new iOS 15.1 Beta later today and let you know how it goes.

Juraj H.

> On 22.09.2021., at 10:08, Andrej Mihajlov <and@mullvad.net> wrote:
> 
> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
> 
> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
> 
> Waiting for the final release of iOS 15.
> 
>> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>> 
>> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
>> 
>> Here are some logs from the moment of this event:
>> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
>> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
>> 2021-09-20 12:07:26.736732: [NET] Device closing
>> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
>> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
>> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
>> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
>> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
>> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
>> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
>> 2021-09-20 12:07:26.753433: [NET] Device closed
>> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
>> 
>> Tested on devices: iOS 14.8, iPadOS 15
>> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
>> 
>> More info on includeAllNetworks option:
>> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
>> 
>> Can someone confirm this issue or point to a possible workaround?
>> Thanks!
>> 
>> Juraj H.
> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-22  8:55   ` Juraj Hilje
@ 2021-09-22  8:59     ` Andrej Mihajlov
  2021-09-22 13:26       ` Juraj Hilje
  0 siblings, 1 reply; 10+ messages in thread
From: Andrej Mihajlov @ 2021-09-22  8:59 UTC (permalink / raw)
  To: Juraj Hilje; +Cc: wireguard

Hi Juraj,

Installing iOS 15 right now. I am gonna test it today too. 

What stands out to me that, while you have multiple interfaces available, the network monitor still says that the network is unsatisfied. Very odd.

Cheers,
Andrej

> On 22 Sep 2021, at 10:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
> 
> Hey Andrej, thanks for the response!
> 
> I've tested on iOS 14.8 and iOS 15.0 (public release), and even with the patch (b244febfdf3069dd4e8db2d31f0368d5474d7616) i still have the same issue on my end.
> 
> I will test the new iOS 15.1 Beta later today and let you know how it goes.
> 
> Juraj H.
> 
>> On 22.09.2021., at 10:08, Andrej Mihajlov <and@mullvad.net> wrote:
>> 
>> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
>> 
>> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
>> 
>> Waiting for the final release of iOS 15.
>> 
>>> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>> 
>>> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
>>> 
>>> Here are some logs from the moment of this event:
>>> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
>>> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
>>> 2021-09-20 12:07:26.736732: [NET] Device closing
>>> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
>>> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
>>> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
>>> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
>>> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
>>> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
>>> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
>>> 2021-09-20 12:07:26.753433: [NET] Device closed
>>> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
>>> 
>>> Tested on devices: iOS 14.8, iPadOS 15
>>> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
>>> 
>>> More info on includeAllNetworks option:
>>> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
>>> 
>>> Can someone confirm this issue or point to a possible workaround?
>>> Thanks!
>>> 
>>> Juraj H.
>> 
> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-22  8:59     ` Andrej Mihajlov
@ 2021-09-22 13:26       ` Juraj Hilje
  2021-09-28 11:03         ` Andrej Mihajlov
  0 siblings, 1 reply; 10+ messages in thread
From: Juraj Hilje @ 2021-09-22 13:26 UTC (permalink / raw)
  To: Andrej Mihajlov; +Cc: wireguard

Hi Andrej,

I've tested on iOS/iPadOS 15.1 Beta, and it looks like the issue is fixed there.
Let me know if you can confirm the same on your end.

Cheers,
Juraj H.

> On 22.09.2021., at 10:59, Andrej Mihajlov <and@mullvad.net> wrote:
> 
> Hi Juraj,
> 
> Installing iOS 15 right now. I am gonna test it today too. 
> 
> What stands out to me that, while you have multiple interfaces available, the network monitor still says that the network is unsatisfied. Very odd.
> 
> Cheers,
> Andrej
> 
>> On 22 Sep 2021, at 10:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>> 
>> Hey Andrej, thanks for the response!
>> 
>> I've tested on iOS 14.8 and iOS 15.0 (public release), and even with the patch (b244febfdf3069dd4e8db2d31f0368d5474d7616) i still have the same issue on my end.
>> 
>> I will test the new iOS 15.1 Beta later today and let you know how it goes.
>> 
>> Juraj H.
>> 
>>> On 22.09.2021., at 10:08, Andrej Mihajlov <and@mullvad.net> wrote:
>>> 
>>> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
>>> 
>>> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
>>> 
>>> Waiting for the final release of iOS 15.
>>> 
>>>> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>>> 
>>>> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
>>>> 
>>>> Here are some logs from the moment of this event:
>>>> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
>>>> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
>>>> 2021-09-20 12:07:26.736732: [NET] Device closing
>>>> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
>>>> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
>>>> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
>>>> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
>>>> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
>>>> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
>>>> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
>>>> 2021-09-20 12:07:26.753433: [NET] Device closed
>>>> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
>>>> 
>>>> Tested on devices: iOS 14.8, iPadOS 15
>>>> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
>>>> 
>>>> More info on includeAllNetworks option:
>>>> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
>>>> 
>>>> Can someone confirm this issue or point to a possible workaround?
>>>> Thanks!
>>>> 
>>>> Juraj H.
>>> 
>> 
> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-22  8:08 ` Andrej Mihajlov
  2021-09-22  8:55   ` Juraj Hilje
@ 2021-09-22 14:41   ` Jeffrey Walton
  1 sibling, 0 replies; 10+ messages in thread
From: Jeffrey Walton @ 2021-09-22 14:41 UTC (permalink / raw)
  To: WireGuard mailing list

On Wed, Sep 22, 2021 at 9:31 AM Andrej Mihajlov <and@mullvad.net> wrote:
>
> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
>
> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
>
> Waiting for the final release of iOS 15.

I believe Apple released iOS 15 and iPadOS 15 on September 20. Or I
received the security announcements for the release. iOS 15 and iPadOS
15 is APPLE-SA-2021-09-20-1 at
https://lists.apple.com/archives/security-announce/2021/Sep/index.html.

Jeff

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-22 13:26       ` Juraj Hilje
@ 2021-09-28 11:03         ` Andrej Mihajlov
  2021-10-19  9:54           ` Andrej Mihajlov
  0 siblings, 1 reply; 10+ messages in thread
From: Andrej Mihajlov @ 2021-09-28 11:03 UTC (permalink / raw)
  To: Juraj Hilje; +Cc: wireguard

Hi,

I can confirm that it behaves correctly on iOS 15 (tested on iPhone 12) and iOS 15.1 beta (tested on iPhone 7). Tested by toggling cellular/wi-fi and airplane mode on both devices and network monitor seems to be functioning properly. 

I haven’t tested this patch on iOS 14.8, but I had previously tested it on iOS 14.5 (IIRC) and it didn’t work there, that's why this patch is scoped to iOS 15+.

I am running the "am/enable-include-all-networks" branch which has the following changeset:
https://git.zx2c4.com/wireguard-apple/commit/?id=07bc66e7b181fb2068d457b31c1fdd05bdd2214a&id2=58e94f077329f6c7b96ec069243495d4e649fe36

Cheers,
Andrej

> On 22 Sep 2021, at 15:26, Juraj Hilje <juraj.hilje@gmail.com> wrote:
> 
> Hi Andrej,
> 
> I've tested on iOS/iPadOS 15.1 Beta, and it looks like the issue is fixed there.
> Let me know if you can confirm the same on your end.
> 
> Cheers,
> Juraj H.
> 
>> On 22.09.2021., at 10:59, Andrej Mihajlov <and@mullvad.net> wrote:
>> 
>> Hi Juraj,
>> 
>> Installing iOS 15 right now. I am gonna test it today too. 
>> 
>> What stands out to me that, while you have multiple interfaces available, the network monitor still says that the network is unsatisfied. Very odd.
>> 
>> Cheers,
>> Andrej
>> 
>>> On 22 Sep 2021, at 10:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>> 
>>> Hey Andrej, thanks for the response!
>>> 
>>> I've tested on iOS 14.8 and iOS 15.0 (public release), and even with the patch (b244febfdf3069dd4e8db2d31f0368d5474d7616) i still have the same issue on my end.
>>> 
>>> I will test the new iOS 15.1 Beta later today and let you know how it goes.
>>> 
>>> Juraj H.
>>> 
>>>> On 22.09.2021., at 10:08, Andrej Mihajlov <and@mullvad.net> wrote:
>>>> 
>>>> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
>>>> 
>>>> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
>>>> 
>>>> Waiting for the final release of iOS 15.
>>>> 
>>>>> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>>>> 
>>>>> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
>>>>> 
>>>>> Here are some logs from the moment of this event:
>>>>> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
>>>>> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
>>>>> 2021-09-20 12:07:26.736732: [NET] Device closing
>>>>> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
>>>>> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
>>>>> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
>>>>> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
>>>>> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
>>>>> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
>>>>> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
>>>>> 2021-09-20 12:07:26.753433: [NET] Device closed
>>>>> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
>>>>> 
>>>>> Tested on devices: iOS 14.8, iPadOS 15
>>>>> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
>>>>> 
>>>>> More info on includeAllNetworks option:
>>>>> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
>>>>> 
>>>>> Can someone confirm this issue or point to a possible workaround?
>>>>> Thanks!
>>>>> 
>>>>> Juraj H.
>>>> 
>>> 
>> 
> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-09-28 11:03         ` Andrej Mihajlov
@ 2021-10-19  9:54           ` Andrej Mihajlov
  2021-10-19 12:22             ` Juraj Hilje
  0 siblings, 1 reply; 10+ messages in thread
From: Andrej Mihajlov @ 2021-10-19  9:54 UTC (permalink / raw)
  To: Juraj Hilje; +Cc: wireguard

Follow up on this. It looks like the VPN connection breaks on my iPad running iPadOS 15 after changing DNS settings via WireGuardKit. 

Tested on iPadOS 15.1 beta today and it seems to be stable.

> On 28 Sep 2021, at 13:03, Andrej Mihajlov <and@mullvad.net> wrote:
> 
> Hi,
> 
> I can confirm that it behaves correctly on iOS 15 (tested on iPhone 12) and iOS 15.1 beta (tested on iPhone 7). Tested by toggling cellular/wi-fi and airplane mode on both devices and network monitor seems to be functioning properly. 
> 
> I haven’t tested this patch on iOS 14.8, but I had previously tested it on iOS 14.5 (IIRC) and it didn’t work there, that's why this patch is scoped to iOS 15+.
> 
> I am running the "am/enable-include-all-networks" branch which has the following changeset:
> https://git.zx2c4.com/wireguard-apple/commit/?id=07bc66e7b181fb2068d457b31c1fdd05bdd2214a&id2=58e94f077329f6c7b96ec069243495d4e649fe36
> 
> Cheers,
> Andrej
> 
>> On 22 Sep 2021, at 15:26, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>> 
>> Hi Andrej,
>> 
>> I've tested on iOS/iPadOS 15.1 Beta, and it looks like the issue is fixed there.
>> Let me know if you can confirm the same on your end.
>> 
>> Cheers,
>> Juraj H.
>> 
>>> On 22.09.2021., at 10:59, Andrej Mihajlov <and@mullvad.net> wrote:
>>> 
>>> Hi Juraj,
>>> 
>>> Installing iOS 15 right now. I am gonna test it today too. 
>>> 
>>> What stands out to me that, while you have multiple interfaces available, the network monitor still says that the network is unsatisfied. Very odd.
>>> 
>>> Cheers,
>>> Andrej
>>> 
>>>> On 22 Sep 2021, at 10:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>>> 
>>>> Hey Andrej, thanks for the response!
>>>> 
>>>> I've tested on iOS 14.8 and iOS 15.0 (public release), and even with the patch (b244febfdf3069dd4e8db2d31f0368d5474d7616) i still have the same issue on my end.
>>>> 
>>>> I will test the new iOS 15.1 Beta later today and let you know how it goes.
>>>> 
>>>> Juraj H.
>>>> 
>>>>> On 22.09.2021., at 10:08, Andrej Mihajlov <and@mullvad.net> wrote:
>>>>> 
>>>>> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
>>>>> 
>>>>> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
>>>>> 
>>>>> Waiting for the final release of iOS 15.
>>>>> 
>>>>>> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>>>>> 
>>>>>> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
>>>>>> 
>>>>>> Here are some logs from the moment of this event:
>>>>>> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
>>>>>> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
>>>>>> 2021-09-20 12:07:26.736732: [NET] Device closing
>>>>>> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
>>>>>> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
>>>>>> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
>>>>>> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
>>>>>> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
>>>>>> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
>>>>>> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
>>>>>> 2021-09-20 12:07:26.753433: [NET] Device closed
>>>>>> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
>>>>>> 
>>>>>> Tested on devices: iOS 14.8, iPadOS 15
>>>>>> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
>>>>>> 
>>>>>> More info on includeAllNetworks option:
>>>>>> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
>>>>>> 
>>>>>> Can someone confirm this issue or point to a possible workaround?
>>>>>> Thanks!
>>>>>> 
>>>>>> Juraj H.
>>>>> 
>>>> 
>>> 
>> 
> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
  2021-10-19  9:54           ` Andrej Mihajlov
@ 2021-10-19 12:22             ` Juraj Hilje
  0 siblings, 0 replies; 10+ messages in thread
From: Juraj Hilje @ 2021-10-19 12:22 UTC (permalink / raw)
  To: Andrej Mihajlov, wireguard

Thanks for the follow-up!
I had the same result on my end, everything worked as expected on the iOS 15.1 Beta.

> On 19.10.2021., at 11:54, Andrej Mihajlov <and@mullvad.net> wrote:
> 
> Follow up on this. It looks like the VPN connection breaks on my iPad running iPadOS 15 after changing DNS settings via WireGuardKit. 
> 
> Tested on iPadOS 15.1 beta today and it seems to be stable.
> 
>> On 28 Sep 2021, at 13:03, Andrej Mihajlov <and@mullvad.net> wrote:
>> 
>> Hi,
>> 
>> I can confirm that it behaves correctly on iOS 15 (tested on iPhone 12) and iOS 15.1 beta (tested on iPhone 7). Tested by toggling cellular/wi-fi and airplane mode on both devices and network monitor seems to be functioning properly. 
>> 
>> I haven’t tested this patch on iOS 14.8, but I had previously tested it on iOS 14.5 (IIRC) and it didn’t work there, that's why this patch is scoped to iOS 15+.
>> 
>> I am running the "am/enable-include-all-networks" branch which has the following changeset:
>> https://git.zx2c4.com/wireguard-apple/commit/?id=07bc66e7b181fb2068d457b31c1fdd05bdd2214a&id2=58e94f077329f6c7b96ec069243495d4e649fe36
>> 
>> Cheers,
>> Andrej
>> 
>>> On 22 Sep 2021, at 15:26, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>> 
>>> Hi Andrej,
>>> 
>>> I've tested on iOS/iPadOS 15.1 Beta, and it looks like the issue is fixed there.
>>> Let me know if you can confirm the same on your end.
>>> 
>>> Cheers,
>>> Juraj H.
>>> 
>>>> On 22.09.2021., at 10:59, Andrej Mihajlov <and@mullvad.net> wrote:
>>>> 
>>>> Hi Juraj,
>>>> 
>>>> Installing iOS 15 right now. I am gonna test it today too. 
>>>> 
>>>> What stands out to me that, while you have multiple interfaces available, the network monitor still says that the network is unsatisfied. Very odd.
>>>> 
>>>> Cheers,
>>>> Andrej
>>>> 
>>>>> On 22 Sep 2021, at 10:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>>>> 
>>>>> Hey Andrej, thanks for the response!
>>>>> 
>>>>> I've tested on iOS 14.8 and iOS 15.0 (public release), and even with the patch (b244febfdf3069dd4e8db2d31f0368d5474d7616) i still have the same issue on my end.
>>>>> 
>>>>> I will test the new iOS 15.1 Beta later today and let you know how it goes.
>>>>> 
>>>>> Juraj H.
>>>>> 
>>>>>> On 22.09.2021., at 10:08, Andrej Mihajlov <and@mullvad.net> wrote:
>>>>>> 
>>>>>> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
>>>>>> 
>>>>>> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
>>>>>> 
>>>>>> Waiting for the final release of iOS 15.
>>>>>> 
>>>>>>> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>>>>>> 
>>>>>>> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
>>>>>>> 
>>>>>>> Here are some logs from the moment of this event:
>>>>>>> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
>>>>>>> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
>>>>>>> 2021-09-20 12:07:26.736732: [NET] Device closing
>>>>>>> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
>>>>>>> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
>>>>>>> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
>>>>>>> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
>>>>>>> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
>>>>>>> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
>>>>>>> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
>>>>>>> 2021-09-20 12:07:26.753433: [NET] Device closed
>>>>>>> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
>>>>>>> 
>>>>>>> Tested on devices: iOS 14.8, iPadOS 15
>>>>>>> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
>>>>>>> 
>>>>>>> More info on includeAllNetworks option:
>>>>>>> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
>>>>>>> 
>>>>>>> Can someone confirm this issue or point to a possible workaround?
>>>>>>> Thanks!
>>>>>>> 
>>>>>>> Juraj H.
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
> 


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-10-19 12:22 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-21 10:55 [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch) Juraj Hilje
2021-09-22  8:08 ` Andrej Mihajlov
2021-09-22  8:55   ` Juraj Hilje
2021-09-22  8:59     ` Andrej Mihajlov
2021-09-22 13:26       ` Juraj Hilje
2021-09-28 11:03         ` Andrej Mihajlov
2021-10-19  9:54           ` Andrej Mihajlov
2021-10-19 12:22             ` Juraj Hilje
2021-09-22 14:41   ` Jeffrey Walton
2021-09-22  8:19 ` Jeroen Massar

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.vuxu.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git