From: Perry The Cynic <perry@cynic.org>
To: wireguard@lists.zx2c4.com
Subject: Wireguard, iPhone, and cruise ships
Date: Thu, 13 Jun 2024 07:34:32 -0700 [thread overview]
Message-ID: <60B826FA-3FCA-40B5-9771-8FFEDA6278AB@cynic.org> (raw)
Dear wg community,
I recently enjoyed a cruise to Alaska. Fun and easy, and with Starlink on board, the WiFi connectivity was actually not bad (some sporadic packet drops, mostly). Sadly, the cruise company’s network unceremoniously drops UDP of most kinds, leading to my Wireguard VPN (to my inside network at home) failing entirely. The cruise line is utterly immovable on this: “it’s someone else’s fault, and how dare you want to do this nonstandard thing?” Yes, I actually talked to their onboard IT guy. “It’s on the network path somewhere, and they don’t even tell me how and why."
Now I totally understand Wireguard’s attitude towards this: It’s not a “core” wg problem, and should be solved on the outside by whatever tools happen to fit the problem. If this was a linux-to-linux connection, I’d just pop in my favorite TCP-ish tunnel tool and move on. But it’s an iPhone (and iPad). And iOS doesn’t seem to like network composability. At all. Once you move outside the “it’s a VPN endpoint” paradigm, things get stuck very quickly. I realize this is all Apple’s fault, and they should allow building arbitrary network stacks in iOS. But they don’t (yet). NWConnection is getting pretty good, but it requires in-app code composition. AFAIK, you can’t stack two iOS VPNs on top of each other (right?).
So what are the practically available options here? I can set up whatever is needed on the server endpoint (it’s Debian), but what can I do on my phone to make wg work through an HTTP(s)-shaped pinhole? I’d hate to have to ditch wg for some other vpn just for that rare case… but what’s the answer?
And, to prefetch a possible ending of this discussion: if I coded up patches to the iOS client that add some tcp-wrapper option, would you take it?
Cheers
— perry
---------------------------------------------------------------------------
Perry The Cynic perry@cynic.org
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------
next reply other threads:[~2024-06-13 14:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-13 14:34 Perry The Cynic [this message]
[not found] ` <CAOG=JUJ=TWZicAd1zfa36GwFBh8EU3bgsO5JRJiEhdhQ1VWf+Q@mail.gmail.com>
2024-06-13 14:42 ` Perry The Cynic
2024-06-13 14:45 ` Antonio Quartulli
2024-06-13 14:52 ` Perry The Cynic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60B826FA-3FCA-40B5-9771-8FFEDA6278AB@cynic.org \
--to=perry@cynic.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).