* macOS Catalina failing https
@ 2020-02-27 16:46 Sean Baildon
2020-03-01 7:08 ` Eiji Tanioka
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Sean Baildon @ 2020-02-27 16:46 UTC (permalink / raw)
To: wireguard
Hey,
Recently purchased and upgraded a new MBP to Catalina.
Requests to https enabled sites over the VPN no longer work, even
using my old configuration. Requests to insecure sites—ex.
http://example.com—work just fine.
My iOS devices work as expected. I've tried using the iOS
configurations on the laptop, but it's the same behaviour; hanging.
I'm using the Mac App Store version of wireguard on a vanilla install
of macOS Catalina. Are there any known issues? Happy to provide any
useful debug
Thanks,
Sean
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: macOS Catalina failing https
2020-02-27 16:46 macOS Catalina failing https Sean Baildon
@ 2020-03-01 7:08 ` Eiji Tanioka
2020-03-01 8:44 ` Barry Scott
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Eiji Tanioka @ 2020-03-01 7:08 UTC (permalink / raw)
To: Sean Baildon; +Cc: wireguard
Hi,
I'm using wireguard on macOS Catalina 10.15.3 on MacBook Air 2013.
My environment is not vanilla( latest clean install is High Sierra ),
but I can access HTTPS sites over WireGuard VPN tunnel using Chrome,
Safari, curl.
My client config is very simple:
- [Interface] section have PrivateKey, ListenPort, Address, DNS, MTU.
- ListenPort is "51820", default value.
- [Peer] section have PublicKey, AllowedIPs, Endpoint, PersistentKeepalive.
- AllowedIPs is "0.0.0.0/0" only.
- Endpoint is "{Server's IP}:51820".
- PersistentKeepalive is "0".
> Requests to https enabled sites over the VPN no longer work,
When access to https site over VPN tunnel, what is happening?
Connection failed?
Thanks,
2020年2月29日(土) 20:39 Sean Baildon <sean@baildon.co>:
>
> Hey,
>
> Recently purchased and upgraded a new MBP to Catalina.
>
> Requests to https enabled sites over the VPN no longer work, even
> using my old configuration. Requests to insecure sites—ex.
> http://example.com—work just fine.
>
> My iOS devices work as expected. I've tried using the iOS
> configurations on the laptop, but it's the same behaviour; hanging.
>
> I'm using the Mac App Store version of wireguard on a vanilla install
> of macOS Catalina. Are there any known issues? Happy to provide any
> useful debug
>
> Thanks,
> Sean
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: macOS Catalina failing https
2020-02-27 16:46 macOS Catalina failing https Sean Baildon
2020-03-01 7:08 ` Eiji Tanioka
@ 2020-03-01 8:44 ` Barry Scott
2020-03-01 8:55 ` Barry Scott
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Barry Scott @ 2020-03-01 8:44 UTC (permalink / raw)
To: Sean Baildon; +Cc: wireguard
[-- Attachment #1.1: Type: text/plain, Size: 4532 bytes --]
> On 27 Feb 2020, at 16:46, Sean Baildon <sean@baildon.co> wrote:
>
> Hey,
>
> Recently purchased and upgraded a new MBP to Catalina.
>
> Requests to https enabled sites over the VPN no longer work, even
> using my old configuration. Requests to insecure sites—ex.
> http://example.com—work just fine.
>
> My iOS devices work as expected. I've tried using the iOS
> configurations on the laptop, but it's the same behaviour; hanging.
>
> I'm using the Mac App Store version of wireguard on a vanilla install
> of macOS Catalina. Are there any known issues? Happy to provide any
> useful debug
I like to use curl to find out the details of what is breaking.
This is the result of my testing using wireguard on macOS 10.15.3.
I connect wireguard via mobile data to my home router 172.16.4.1.
I change the Allowed IPs to include the IP of example.com:
Allowed IPS: 93.184.216.34/32, 172.16.2.0/24, 172.16.4.0/24
And used trace route to see if example.com <http://example.com/> was routed via
wireguard.
$ traceroute example.com
traceroute to example.com (93.184.216.34), 64 hops max, 52 byte packets
1 172.16.4.1 (172.16.4.1) 108.362 ms 69.420 ms 61.568 ms
$ curl --verbose https://example.com
* Rebuilt URL to: https://example.com/
* Trying 93.184.216.34...
* TCP_NODELAY set
* Connected to example.com (93.184.216.34) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Los Angeles; O=Internet Corporation for Assigned Names and Numbers; OU=Technology; CN=www.example.org
* start date: Nov 28 00:00:00 2018 GMT
* expire date: Dec 2 12:00:00 2020 GMT
* subjectAltName: host "example.com" matched cert's "example.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: example.com
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Age: 485981
< Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
< Date: Sun, 01 Mar 2020 08:36:35 GMT
< Etag: "3147526947"
< Expires: Sun, 08 Mar 2020 08:36:35 GMT
< Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
< Server: ECS (nyb/1D1E)
< Vary: Accept-Encoding
< X-Cache: HIT
< Content-Length: 1256
<
<!doctype html>
<html>
<head>
<title>Example Domain</title>
<meta charset="utf-8" />
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style type="text/css">
body {
background-color: #f0f0f2;
margin: 0;
padding: 0;
font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
}
div {
width: 600px;
margin: 5em auto;
padding: 2em;
background-color: #fdfdff;
border-radius: 0.5em;
box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);
}
a:link, a:visited {
color: #38488f;
text-decoration: none;
}
@media (max-width: 700px) {
div {
margin: 0 auto;
width: auto;
}
}
</style>
</head>
<body>
<div>
<h1>Example Domain</h1>
<p>This domain is for use in illustrative examples in documents. You may use this
domain in literature without prior coordination or asking for permission.</p>
<p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
* Connection #0 to host example.com left intact
Barry
[-- Attachment #1.2: Type: text/html, Size: 9499 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: macOS Catalina failing https
2020-02-27 16:46 macOS Catalina failing https Sean Baildon
2020-03-01 7:08 ` Eiji Tanioka
2020-03-01 8:44 ` Barry Scott
@ 2020-03-01 8:55 ` Barry Scott
2020-03-01 12:11 ` Rémi Lapeyre
2020-03-01 22:28 ` Andrew Long
4 siblings, 0 replies; 6+ messages in thread
From: Barry Scott @ 2020-03-01 8:55 UTC (permalink / raw)
To: Sean Baildon; +Cc: wireguard
> On 27 Feb 2020, at 16:46, Sean Baildon <sean@baildon.co> wrote:
>
> Hey,
>
> Recently purchased and upgraded a new MBP to Catalina.
>
> Requests to https enabled sites over the VPN no longer work, even
> using my old configuration. Requests to insecure sites—ex.
> http://example.com—work just fine.
>
> My iOS devices work as expected. I've tried using the iOS
> configurations on the laptop, but it's the same behaviour; hanging.
>
> I'm using the Mac App Store version of wireguard on a vanilla install
> of macOS Catalina. Are there any known issues? Happy to provide any
> useful debug
I just noticed that I tested with /opt/local/bin/curl not /usr/bin/curl.
Both worked. For completeness here is the start of the curl --verbose
that shows the certificate store that is used:
$ /usr/bin/curl --verbose https://example.com
* Trying 93.184.216.34...
* TCP_NODELAY set
* Connected to example.com (93.184.216.34) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
Barry
>
> Thanks,
> Sean
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: macOS Catalina failing https
2020-02-27 16:46 macOS Catalina failing https Sean Baildon
` (2 preceding siblings ...)
2020-03-01 8:55 ` Barry Scott
@ 2020-03-01 12:11 ` Rémi Lapeyre
2020-03-01 22:28 ` Andrew Long
4 siblings, 0 replies; 6+ messages in thread
From: Rémi Lapeyre @ 2020-03-01 12:11 UTC (permalink / raw)
To: Sean Baildon; +Cc: wireguard
> Le 27 févr. 2020 à 17:46, Sean Baildon <sean@baildon.co> a écrit :
>
> Hey,
>
> Recently purchased and upgraded a new MBP to Catalina.
>
> Requests to https enabled sites over the VPN no longer work, even
> using my old configuration. Requests to insecure sites—ex.
> http://example.com—work just fine.
>
> My iOS devices work as expected. I've tried using the iOS
> configurations on the laptop, but it's the same behaviour; hanging.
>
> I'm using the Mac App Store version of wireguard on a vanilla install
> of macOS Catalina. Are there any known issues? Happy to provide any
> useful debug
This looks like what some of our users saw in some network. It may be unrelated but
can you try adding "MTU = 1200" in your configuration?
> Thanks,
> Sean
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: macOS Catalina failing https
2020-02-27 16:46 macOS Catalina failing https Sean Baildon
` (3 preceding siblings ...)
2020-03-01 12:11 ` Rémi Lapeyre
@ 2020-03-01 22:28 ` Andrew Long
4 siblings, 0 replies; 6+ messages in thread
From: Andrew Long @ 2020-03-01 22:28 UTC (permalink / raw)
To: Sean Baildon; +Cc: wireguard
[-- Attachment #1.1: Type: text/plain, Size: 908 bytes --]
im not experiencing any issues on catalina, mac mini drsktop device, i
tthink fo the last 2 osX updates
On Sat, Feb 29, 2020, 03:39 Sean Baildon <sean@baildon.co> wrote:
> Hey,
>
> Recently purchased and upgraded a new MBP to Catalina.
>
> Requests to https enabled sites over the VPN no longer work, even
> using my old configuration. Requests to insecure sites—ex.
> http://example.com—work just fine.
>
> My iOS devices work as expected. I've tried using the iOS
> configurations on the laptop, but it's the same behaviour; hanging.
>
> I'm using the Mac App Store version of wireguard on a vanilla install
> of macOS Catalina. Are there any known issues? Happy to provide any
> useful debug
>
> Thanks,
> Sean
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
[-- Attachment #1.2: Type: text/html, Size: 1507 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-03-03 23:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-27 16:46 macOS Catalina failing https Sean Baildon
2020-03-01 7:08 ` Eiji Tanioka
2020-03-01 8:44 ` Barry Scott
2020-03-01 8:55 ` Barry Scott
2020-03-01 12:11 ` Rémi Lapeyre
2020-03-01 22:28 ` Andrew Long
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).