From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0E18C10F04 for ; Sun, 17 Feb 2019 03:34:07 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 46E8721738 for ; Sun, 17 Feb 2019 03:34:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 46E8721738 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kerr.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: from krantz.zx2c4.com (localhost [IPv6:::1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id ea48f0a4; Sun, 17 Feb 2019 03:25:35 +0000 (UTC) Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 89f5b573 for ; Sun, 17 Feb 2019 02:55:38 +0000 (UTC) Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id ac799d97 for ; Sun, 17 Feb 2019 02:55:38 +0000 (UTC) Received: by mail-ot1-f46.google.com with SMTP id n8so22984013otl.6 for ; Sat, 16 Feb 2019 19:03:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wKECTBiY5xMG4Vd20Wtq4UwygBkTxDWWgFoIUNm0JTA=; b=cQMMBwDsg98V8lgbJ7Zj+15osV8vkPddN9cLjBJDQkjh65485gtMkCSgoUgmUT8/YQ cuI5SzrMDU3c8r+5xG8nehG8r0QQLpTzeKbP9Czbhe9J0c2mzq56HTeCWgVsBpGTqjAH z4EDJuzxPKDyLU0SudXDpBUsh2lrtQkTwK6K8hynbXgQGimSjQSpBh/0QeoeLulDrAw7 OAtHweex7nBGfbEkOfzf5R9iQ3q2YdvjsFvMc09YeBZqYpQqvSRu43oSfFzL8QALKupu vbkRiwBmwOJ2tyLj41lc/Ta+/5xbc4XZl1n+giMKlinJwZ61aEVT6pB9JlVVFMNuPgLZ JUQA== X-Gm-Message-State: AHQUAuZZMWTfcrJxwgZlfLHeIXyGndp1SKUtj1Crryza6FtMYcRd45ip BeaWV8S/sKX+EI8QVQ8XnRplfSsxyIva5NJFgJHl1NlW X-Google-Smtp-Source: AHgI3IbowzgMeMpallgFMtpdDn3EhjdenRzW4NP2aYs+cyysluhM5tlO1nPVtmZFVjwValq38dgep0nFAgX+QSZjejw= X-Received: by 2002:a9d:37e1:: with SMTP id x88mr10605347otb.85.1550372631326; Sat, 16 Feb 2019 19:03:51 -0800 (PST) MIME-Version: 1.0 References: <8_iPFshR7GasRS24vRTFKp3pG-UGxQLluTaoZZeAO-UlYBTQ2nCHNlMniuKWz9tWpWPbbXS8Br3SxRpCjcruohwFw8PD83jko2lrf3E7hq4=@wieliczko.ninja> In-Reply-To: <8_iPFshR7GasRS24vRTFKp3pG-UGxQLluTaoZZeAO-UlYBTQ2nCHNlMniuKWz9tWpWPbbXS8Br3SxRpCjcruohwFw8PD83jko2lrf3E7hq4=@wieliczko.ninja> From: David Kerr Date: Sat, 16 Feb 2019 22:03:40 -0500 Message-ID: Subject: Re: DNS name resolution should not be done during configuration parsing. To: Eryk Wieliczko X-Mailman-Approved-At: Sun, 17 Feb 2019 04:25:33 +0100 Cc: "wireguard@lists.zx2c4.com" X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============5705907540615776376==" Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" --===============5705907540615776376== Content-Type: multipart/alternative; boundary="000000000000f5ca2a05820e41c7" --000000000000f5ca2a05820e41c7 Content-Type: text/plain; charset="UTF-8" Erik, see here for a proposed fix. No response from the WireGuard team yet. https://lists.zx2c4.com/pipermail/wireguard/2019-January/003842.html Recently I had a power outage and both my gateway and cable modem went offline. On power recovery both devices start up, but the gateway completes startup before the cable modem completes its protocol negotiations, so initially the external network (eth0) is not functional. That comes online say one minute later and all is well. Except that all is not well. Wireguard failed to start up because I have Endpoint= instead of a IP address. And because external interface is not live yet, DNS lookup fails and Wireguard does not gracefully handle it. This is really important because Wireguard may be my only way into my local network. As work-around I replaced the URL with the IP address... but that is not a long term solution if the endpoint is not a static IP address. Wireguard needs to handle the situation where external network may not have stabilized at the time it starts up. The above link proposed a fix. David On Sat, Feb 16, 2019 at 8:35 PM Eryk Wieliczko wrote: > Hello everyone! > > If you use a DNS address as an endpoint and there is no internet > connection, WireGuard will hang for two minutes and then exit with error. > > IMO the expected behavior should be the same as in OpenVPN: > WireGuard starts immediately and patiently tries to resolve the DNS until > it succeeds. > > Thus, WireGuard should resolve the DNS just before connecting to the > server. And just keep trying and trying without any timeouts. > > I'd like to install WireGuard on technician's computers and there is no > guarantee that they will start phone tethering within 2 minutes of starting > their machine. OpenVPN would pass this scenario. > > What do you think? > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > -- David Kerr Sent from Gmail Mobile --000000000000f5ca2a05820e41c7 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Erik, see here for a proposed fix.=C2=A0 No response= from the WireGuard team yet.=C2=A0


Recently I had a power outage and both my = gateway and cable modem went offline. On power recovery both devices start = up, but the gateway completes startup before the cable modem completes its = protocol negotiations, so initially the external network (eth0) is not func= tional.=C2=A0 That comes online say one minute later and all is well.
=

Except that all is = not well.=C2=A0 Wireguard failed to start up because I have Endpoint=3D<= a URL> instead of a IP address.=C2=A0 And because external interface is = not live yet, DNS lookup fails and Wireguard does not gracefully handle it.= =C2=A0 This is really important because Wireguard may be my only way into m= y local network.

As work-around I replaced the URL with the IP address... but that is not= a long term solution if the endpoint is not a static=C2=A0IP address.

Wireguard needs to= handle the situation where external network may not have stabilized at the= time it starts up.=C2=A0 The above link proposed a fix.=C2=A0

David

On Sat, Feb 16, 2019 at 8:35 PM Eryk Wieliczko <eryk@wieliczko.ninja&g= t; wrote:
Hello everyone!

If you use a DNS address as an endpoint and there is n= o internet connection, WireGuard will hang for two minutes and then exit wi= th error.

IMO the expected behavior should be = the same as in OpenVPN:
WireGuard starts immediately and pati= ently tries to resolve the DNS until it succeeds.

<= div>Thus, WireGuard should resolve the DNS just before connecting to the se= rver. And just keep trying and trying without any timeouts.
<= br>
I'd like to install WireGuard on technician's compute= rs and there is no guarantee that they will start phone tethering within 2 = minutes of starting their machine. OpenVPN would pass this scenario.

What do you think?
________________________= _______________________
WireGuard mailing list
WireGuard@li= sts.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard=
--
David Kerr Sent from Gmail Mobile
--000000000000f5ca2a05820e41c7-- --===============5705907540615776376== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard --===============5705907540615776376==--