Development discussion of WireGuard
 help / color / mirror / Atom feed
* wireguard-windows incompatible with Win10 hotspot
@ 2021-08-07 14:53 SC Lee
  2021-08-07 23:00 ` Jason A. Donenfeld
  0 siblings, 1 reply; 3+ messages in thread
From: SC Lee @ 2021-08-07 14:53 UTC (permalink / raw)
  To: wireguard

(This is my first time reporting wireguard issues, please kindly let
me know if this is the wrong place.)

I'm on Windows 10, and had no luck enabling WireGuard tunnels with the
builtin WiFi hotspot feature at the same time.
When I do so the tunnel stops working, and for some reason in Task
Manager I'm seeing hundreds of Mbps of outbound traffic generated on
the wireguard interface (but no actual traffic to the internet). The
tunnel process also takes up a full CPU core seemingly due to the
generated traffic.
Upon switching off the hotspot the tunnel comes back to function.

I wonder if this is a known issue? I believe it's a common use case to
share a VPN tunnel with devices via hotspot.
This seems unrelated to the "kill-switch" feature as it happens with
or without it.
FWIW I also tried both Wintun and WireGuardNT backends, and the same
happened with both.

My environment:
Windows 10 version 20H2 build 19042.1110
wireguard-windows version 0.4.2

Thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: wireguard-windows incompatible with Win10 hotspot
  2021-08-07 14:53 wireguard-windows incompatible with Win10 hotspot SC Lee
@ 2021-08-07 23:00 ` Jason A. Donenfeld
  2021-08-07 23:19   ` Jason A. Donenfeld
  0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2021-08-07 23:00 UTC (permalink / raw)
  To: lsc; +Cc: WireGuard mailing list

Hi lsc,

Thanks for the report. That's a curious bug indeed, especially given
that it affects both implementations.

For the wireguard-go/wintun implementation, we're using
setsockopt(IP_UNICAST_IF). For the wireguard-nt/kernel implementation,
we're using IP_PKTINFO in a cmsghdr. Judging by the description of
your report, it sounds like both of these cases are being ignored for
some reason when hotspot mode is enabled. Having a functional
IP_UNICAST_IF, and moreover a functional IP_PKTINFO, is extremely
important for things to work properly, and without it you wind up with
routing loops like the one you've described. It's actually not just
wireguard that uses those too -- I was reading the msquic source last
night and noticed that it does the same.

So, hm. I'll have to try to make a test environment for that, though
it might be slightly tricky given the hardware I have available. I'll
see what I can do.

Jason

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: wireguard-windows incompatible with Win10 hotspot
  2021-08-07 23:00 ` Jason A. Donenfeld
@ 2021-08-07 23:19   ` Jason A. Donenfeld
  0 siblings, 0 replies; 3+ messages in thread
From: Jason A. Donenfeld @ 2021-08-07 23:19 UTC (permalink / raw)
  To: lsc; +Cc: WireGuard mailing list

On Sun, Aug 8, 2021 at 1:00 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> So, hm. I'll have to try to make a test environment for that, though
> it might be slightly tricky given the hardware I have available. I'll
> see what I can do.

Turns out a USB wifi adapter and a boring VM made this very easy to
reproduce. Indeed I can confirm the bug, though I don't yet understand
it. I assume that the Windows 10 Hotspot feature is using some sort of
redirection rules without taking into account IP_UNICAST_IF or
IP_PKTINFO, so likely a Windows bug. Hm...

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-08-07 23:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-07 14:53 wireguard-windows incompatible with Win10 hotspot SC Lee
2021-08-07 23:00 ` Jason A. Donenfeld
2021-08-07 23:19   ` Jason A. Donenfeld

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.vuxu.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git