MacOS and wg 1.0.11 issues (for me)

MacOS and wg 1.0.11 issues (for me)

[Janne Johansson]

I waited until 1.0.11 was out to not have to workaround the 1.0.10
issue if you didn't have DNS in the [Interface] section, and got a
"reverse" of it. I could not connect tunnels which did have DNS
entries in the interface section. As soon as I tried removing DNS =
the tunnels worked fine.

After MUCH back and forth with Jason, I have ended up where I can
either have DNS set in resolv.conf only and not ask wg to set any, OR,
I can have a local resolver running on 127.0.0.1, and ask wg via the
tunnel interface config to set this one and it will work for me. If my
localhost resolver is not running, the tunnel also doesn't come up.

I have no idea why my Mac is this weird, and we have tried a lot in
order to replicate this at his end without luck, so if anyone out
there upgrades to .11, has issues as long as DNS= is in the interface
section, please reach out to jason (and/or me) so we can figure why
this happens and what the conditions to trigger/reproduce this is.

In my case, the gui quickly shows the local udp port, then it goes
away. Data sent show some 146 bytes, but it doesn't show any received
data or a timestamp for last handshake.

wg logs have lines looping like this when it doesn't work:
2020-12-18 16:32:35.876 [NET] peer(kU2O…g42s) - Sending handshake initiation
2020-12-18 16:32:35.877 [NET] peer(kU2O…g42s) - Failed to send
handshake initiation no bind
2020-12-18 16:32:41.042 [NET] peer(kU2O…g42s) - Handshake did not
complete after 5 seconds, retrying (try 2)

Macbook pro, Big Sur 11.1, wg 1.0.11(20) from app store, and configs
that used to run ok in the 2019 wg from app store.

-- 
May the most significant bit of your life be positive.

Re: MacOS and wg 1.0.11 issues (for me)

[Jason A. Donenfeld]

Tentative patch is here:
https://git.zx2c4.com/wireguard-go/commit/?id=54b5f7d7173d56508daa768e96a9f7d85de951dc

I'm unable to repro this problem on any of my systems, however, in
order to test that patch. And Apple's signing restrictions make it
impossible for me to send a test build to Janne, because
NetworkExtension is mac-app-store-only. So if anyone else experiences
what he's described AND has an apple developer account, please get in
touch.

Re: MacOS and wg 1.0.11 issues (for me)

[Laura Smith]

Jason,

Out of curiosity, is NetworkExtension not available if you push a test app via TestFlight ?

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, 18 December 2020 16:19, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> Tentative patch is here:
> https://git.zx2c4.com/wireguard-go/commit/?id=54b5f7d7173d56508daa768e96a9f7d85de951dc
>
> I'm unable to repro this problem on any of my systems, however, in
> order to test that patch. And Apple's signing restrictions make it
> impossible for me to send a test build to Janne, because
> NetworkExtension is mac-app-store-only. So if anyone else experiences
> what he's described AND has an apple developer account, please get in
> touch.

Re: MacOS and wg 1.0.11 issues (for me)

[Jason A. Donenfeld]

On Sat, Dec 19, 2020 at 12:10 PM Laura Smith
<n5d9xq3ti233xiyif2vp@protonmail.ch> wrote:
>
> Jason,
>
> Out of curiosity, is NetworkExtension not available if you push a test app via TestFlight ?

There is no testflight on macos.

I've now added Janne as a developer device on the WireGuard account by
using the unique hardware ID of his laptop, so we're able to make a
bit of progress that way, but Janne's availability for testing is a
bit limited, so I'd still be happy to learn about other people who
have the same problem and can help out. I still am unable to reproduce
it myself.

Jason

Re: MacOS and wg 1.0.11 issues (for me)

[Alex Burke]

Hey Jason,

> There is no testflight on macos.

That doesn't mean we should throw the iOS baby out with the macOS bathwater.

Food for thought.

Cheers,
Alex


> Le 19 déc. 2020 à 12:48, Jason A. Donenfeld <Jason@zx2c4.com> a écrit :
> 
> On Sat, Dec 19, 2020 at 12:10 PM Laura Smith
> <n5d9xq3ti233xiyif2vp@protonmail.ch> wrote:
>> 
>> Jason,
>> 
>> Out of curiosity, is NetworkExtension not available if you push a test app via TestFlight ?
> 
> There is no testflight on macos.
> 
> I've now added Janne as a developer device on the WireGuard account by
> using the unique hardware ID of his laptop, so we're able to make a
> bit of progress that way, but Janne's availability for testing is a
> bit limited, so I'd still be happy to learn about other people who
> have the same problem and can help out. I still am unable to reproduce
> it myself.
> 
> Jason

Re: MacOS and wg 1.0.11 issues (for me)

[Janne Johansson]

Den lör 19 dec. 2020 kl 12:56 skrev Finn Behrens <me@kloenk.de>:
> I see problems regarding DNS resolution when setting a DNS entry into the config. But pinging my wg hosts via ipv4 addresses in the tunnel works. Did Janne set a IP address or a hostname for DNS?
> Not sure why my system does not work when setting a dns, but as I don’t use that feature I did not debug it yet.
>

I set ips on my DNS config, and it prevents the tunnel from
activating, which is easily seen on the gui since no data ever gets
"received" and no data after the initial handshake gets sent no matter
how much I ping.

-- 
May the most significant bit of your life be positive.

Re: MacOS and wg 1.0.11 issues (for me)

[Laura Smith]

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, 19 December 2020 11:48, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> On Sat, Dec 19, 2020 at 12:10 PM Laura Smith
> n5d9xq3ti233xiyif2vp@protonmail.ch wrote:
>
> > Jason,
> > Out of curiosity, is NetworkExtension not available if you push a test app via TestFlight ?
>
> There is no testflight on macos.
>
> I've now added Janne as a developer device on the WireGuard account by
> using the unique hardware ID of his laptop, so we're able to make a
> bit of progress that way, but Janne's availability for testing is a
> bit limited, so I'd still be happy to learn about other people who
> have the same problem and can help out. I still am unable to reproduce
> it myself.
>
> Jason


Fair enough.

If rumors are to be believed [1] TestFlight for macOS is on the horizon

Meanwhile the macOS method seems to be this one[2] (said for the benefit of the list, I'm sure Jason knows this already !)

[1] https://appleinsider.com/articles/20/11/03/testflight-could-come-to-macos-at-the-apple-silicon-event
[2] https://help.apple.com/xcode/mac/current/#/dev295cc0fae