From: Ivan Lundwall <ivanlundwall@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: IOS app no network permission on device sold in Mainland China
Date: Wed, 17 Apr 2019 12:39:26 +0800 [thread overview]
Message-ID: <CACGoAOzwjPLnw59jdgCqQJX34j_9iouBMq1e2stQn_hN6Zek9w@mail.gmail.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 2205 bytes --]
Hi,
First thanks on the excellent work on Wireguard.
Before explaining the issue, I want to make a clear introductioon on
the network permission thingy. It's a reinforced permission control issued
by Chinese gov, where an app will have no network access unless a
connection is requested then system will popup a notification to ask for
user to accept or decline the network permission. If it's not triggered,
network access is by default blocked. (the tricky thing is that udp socket
seems unable to trigger this)
So in my case where one endpoint is a domain, it says DNS resolution
failure when I activate the profile. It will connect and then I can access
nothing after I change the domain into an ip address.
There's a similar issue
https://github.com/pwn20wndstuff/Undecimus/issues/136
Here's a solution applying to an app also only transmitting udp
https://github.com/EspressifApp/EsptouchForIOS/issues/8
It's in Chinese, here's the translation for part of the last part
Previously, after receiving your feedback, our engineers used IOS10.0.2
(directly upgraded from ios 9.3 to ios 10.0.2) for testing, which is
configurable. I thought it was a bug in ios10.0.1.
Recently, we used an iPhone that was upgraded to ios10.0.2 by ios10.0.1
(you can't use Esptouch at the time), still not.
After research, iOS9 directly upgrades to all applications of ios10.0.1 to
disable all network permissions by default. All applications that ios9
directly upgrade to ios10.0.2 open all network permissions by default.
However, our Esptouch uses the underlying Socket function and does not use
the Cocoa Touch framework. Therefore, the network permission has not been
applied to the user. At this time, the UDP broadcast report cannot be sent
or received, and Esptouch cannot be successful.
Now the problem has been solved. The solution is to send a GET request of "
https://8.8.8.8 " when the application is opened, and it will apply for the
Network permission to the user. If you are not allowed to do so, you can
change it as follows:
Settings --> Wireless LAN --> Use wireless LAN and cellular mobile
applications (after all Wi-Fi lists) --> Select the appropriate application
--> Open permissions
Best regards
[-- Attachment #1.2: Type: text/html, Size: 2947 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
reply other threads:[~2019-05-06 20:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACGoAOzwjPLnw59jdgCqQJX34j_9iouBMq1e2stQn_hN6Zek9w@mail.gmail.com \
--to=ivanlundwall@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).