From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: bounce+bb36c1.b0ed2-wireguard=lists.zx2c4.com@depau.eu Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c8739d7c for ; Mon, 30 Apr 2018 13:23:19 +0000 (UTC) Received: from mail30.static.mailgun.info (mail30.static.mailgun.info [104.130.122.30]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6c567932 for ; Mon, 30 Apr 2018 13:23:19 +0000 (UTC) Sender: davide@depau.eu Received: by mail-ot0-f174.google.com with SMTP id o8-v6so663789ota.12 for ; Mon, 30 Apr 2018 06:24:46 -0700 (PDT) MIME-Version: 1.0 From: Davide Depau Date: Mon, 30 Apr 2018 13:24:36 +0000 Message-ID: Subject: Issues with WireGuard on Android (with kernel module) To: wireguard@lists.zx2c4.com Content-Type: multipart/alternative; boundary="0000000000000b0bc9056b10c7a5" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --0000000000000b0bc9056b10c7a5 Content-Type: text/plain; charset="UTF-8" Hello, I set up yesterday WireGuard on my OpenWrt router. I configured it on my computer and it works - everything is setup correctly and traffic is forwarded through WireGuard to the router and then to the outside. On Android, after enabling the interface using the app or with wg-quick manually, network is unreachable. I cannot even ping IPs on the same LAN as the WireGuard interface. I'm not sure how to find the routes as Android is a bit special. As I said in the subject, my kernel (NetHunter kernel for OnePlus 3T) has the module builtin. Router conf (interface IP: 192.168.2.1/24): [Interface] ListenPort = 4500 PrivateKey = ... [Peer] PublicKey = ... AllowedIPs = 192.168.2.196/32 [Peer] PublicKey = ... AllowedIPs = 192.168.2.4/32 Computer conf (working): [Interface] Address = 192.168.2.196/32 PrivateKey = ... DNS = 1.1.1.1 [Peer] PublicKey = ... AllowedIPs = 0.0.0.0/0 Endpoint = (hostname):4500 PersistentKeepalive = 25 Phone conf (generated by app, not working): [Interface] Address = 192.168.2.4/24 DNS = 1.1.1.1 PrivateKey = ... [Peer] AllowedIPs = 0.0.0.0/0 Endpoint = (hostname):4500 PersistentKeepalive = 25 PublicKey = ... Any hints? Thank you --0000000000000b0bc9056b10c7a5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,
I set up yesterday WireGuard on my O= penWrt router. I configured it on my computer and it works - everything is = setup correctly and traffic is forwarded through WireGuard to the router an= d then to the outside.
On Android, after enabling the interf= ace using the app or with wg-quick manually, network is unreachable. I cann= ot even ping IPs on the same LAN as the WireGuard interface.
I= 9;m not sure how to find the routes as Android is a bit special.
= As I said in the subject, my kernel (NetHunter kernel for OnePlus 3T) has t= he module builtin.

Router conf (interface IP: = 192.168.2.1/24):

=
[Interface]
ListenPort =3D 4500
PrivateKey =3D ...

[Peer]=
PublicKey =3D ...
AllowedIPs =3D 192.168.2.196/32

[Peer]
PublicKey =3D ...
AllowedIPs =3D = 192.168.2.4/32


Computer conf (working):

[Interf= ace]
Address =3D 192.168.2.196/32
PrivateKey =3D ...
DNS =3D 1.1.1.1

[Peer]
PublicKey =3D .= ..
AllowedIPs =3D 0.0.0.0/0
Endpoint= =3D (hostname):4500
PersistentKeepalive =3D 25


Phone conf (generated by app, not working):

<= /div>
[Interface]
Address =3D 192.= 168.2.4/24
DNS =3D 1.1.1.1
PrivateKey =3D ...

[Peer]
Al= lowedIPs =3D 0.0.0.0/0
Endpoint =3D (ho= stname):4500
PersistentKeepalive =3D 25
PublicKey =3D ...


Any hints?
Thank you
--0000000000000b0bc9056b10c7a5-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id ced9b821 for ; Mon, 30 Apr 2018 17:33:09 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e4fe07f7 for ; Mon, 30 Apr 2018 17:33:09 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 88281aaa for ; Mon, 30 Apr 2018 17:09:29 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 4a0fdcfe (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Mon, 30 Apr 2018 17:09:28 +0000 (UTC) Received: by mail-ot0-f174.google.com with SMTP id n1-v6so10363380otf.7 for ; Mon, 30 Apr 2018 10:34:38 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Mon, 30 Apr 2018 19:34:37 +0200 Message-ID: Subject: Re: Issues with WireGuard on Android (with kernel module) To: Davide Depau Content-Type: text/plain; charset="UTF-8" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi Davide, It's possible you mixed up the keys in the config. The next version of the Android app, which should be out soon, will have the ability to export configs to .zip files, so you'll be able to test your configuration on your computer, to verify that the problem is not Android. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: bounce+bb36c1.b0ed2-wireguard=lists.zx2c4.com@depau.eu Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b919e5a8 for ; Fri, 4 May 2018 09:47:45 +0000 (UTC) Received: from mail30.static.mailgun.info (mail30.static.mailgun.info [104.130.122.30]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c930a348 for ; Fri, 4 May 2018 09:47:45 +0000 (UTC) Sender: davide@depau.eu Received: by mail-oi0-f44.google.com with SMTP id a6-v6so18621794oia.2 for ; Fri, 04 May 2018 02:49:42 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Davide Depau Date: Fri, 04 May 2018 09:49:31 +0000 Message-ID: Subject: Re: Issues with WireGuard on Android (with kernel module) To: "Jason A. Donenfeld" Content-Type: multipart/alternative; boundary="0000000000003e4098056b5e3dfa" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --0000000000003e4098056b5e3dfa Content-Type: text/plain; charset="UTF-8" Hi Jason, I've already extracted the configs generated by the app: my phone is rooted and I found them in /data. Anyway I learned a few days ago that my university's wifi blocks traffic by protocol: though the UDP port I'm using for WireGuard I'm using is technically open, their firewall apparently analyzes the frames and, finding unexpected encrypted traffic, filters it. I'll change the server port to OpenVPN's, which is also open and hopefully won't look suspicious, and do some more checks. Thank you Davide On Mon, Apr 30, 2018 at 7:34 PM Jason A. Donenfeld wrote: > Hi Davide, > > It's possible you mixed up the keys in the config. The next version of > the Android app, which should be out soon, will have the ability to > export configs to .zip files, so you'll be able to test your > configuration on your computer, to verify that the problem is not > Android. > > Jason > --0000000000003e4098056b5e3dfa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Jason,
I've already extracted the co= nfigs generated by the app: my phone is rooted and I found them in /data.
Anyway I learned a few days ago that my university's wifi bloc= ks traffic by protocol: though the UDP port I'm using for WireGuard I&#= 39;m using is technically open, their firewall apparently analyzes the fram= es and, finding unexpected encrypted traffic, filters it.
I'l= l change the server port to OpenVPN's, which is also open and hopefully= won't look suspicious, and do some more checks.

Thank you
Davide

On Mon, Apr 30, 2018 at 7:34 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
Hi Davide,

It's possible you mixed up the keys in the config. The next version of<= br> the Android app, which should be out soon, will have the ability to
export configs to .zip files, so you'll be able to test your
configuration on your computer, to verify that the problem is not
Android.

Jason
--0000000000003e4098056b5e3dfa--