From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: David Wibergh <david@ovpn.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Samsung Galaxy S10e can’t reach local devices in network
Date: Fri, 9 Oct 2020 14:21:46 +0200 [thread overview]
Message-ID: <CAHmME9rTGWNuS=AOj_jUnC7QvWW1od5jmJcvLurA-oukFiwf=g@mail.gmail.com> (raw)
In-Reply-To: <etPan.5f80552b.45639067.8db@ovpn.com>
Hi David,
I haven't seen other reports like this before, so I'm not really sure off hand.
Firstly, do the Macbook and the Thinkpad respond to pings in the first
place? Modern macOS and Windows have built-in firewalls that usually
prevent this. So make sure that the pings work without WireGuard part
of the equation. If you've done this, and it works without WireGuard,
and it doesn't work with WireGuard, then we can proceed assuming this
is an issue with WireGuard.
That config seems fine on a cursory glance. You mentioned that this
only happens on certain phones. Which Android phones work as intended,
and which do not? Which operating system versions are each of these
running? The more general information about this that you can provide,
the more we can narrow it down.
Between Android releases, there have been subtle changes in their
routing particulars, and between Android vendors, I've seen aggressive
power management policies affecting WireGuard, and between Android
configurations, I've seen newer features like DoH/DoT confusing the
VPN subsystem too. And there may be other weird patterns and quirks
too. If this really is a problem with "phone X but not phone Y," we'll
need some more smells to find out what's going on.
Alternatively, you can dump `ip route show table all` and `ip rule
show` and `iptables-save` on each of the phones and see if you notice
an obvious difference in the routing that netd sets up. That might not
lead to a fix of the issue, but it might add more precision to why
it's not working as intended.
Jason
next prev parent reply other threads:[~2020-10-09 12:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-09 12:18 David Wibergh
2020-10-09 12:21 ` Jason A. Donenfeld [this message]
2020-10-09 13:44 ` David Wibergh
2020-10-09 14:02 ` Jason A. Donenfeld
2020-10-09 14:52 ` David Wibergh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9rTGWNuS=AOj_jUnC7QvWW1od5jmJcvLurA-oukFiwf=g@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=david@ovpn.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).