Hi,

The Windows laptop that I'm usin as "destination ping" has the network profile set to private, so the S10e and Macbook are able to ping it.

The phones that we've tested so far that work as intended are:

- Pixel 2, Android 11
- Pixel 2XL, Android 11
- Meizu M5S, Android 6 (flyme 6.3.1)
- Oneplus 2, LineageOS 17.1
- Sony Xperia XZ1, Android 9

The phone I have access to and does not work properly:

- Samsung Galaxy S10e, Android 10. One UI 2.0 with android security patch level 1 February 2020.

WireGuard on iOS with excluding private IPs is able to ping the Windows laptop.

I'm attaching a photo of the Sony Xperia XZ1 & Samsung Galaxy S10e next to each other, displaying discoverable devices in the newly created wifi network to troubleshoot this further.

Command output has also been attached from Sony Xperia XZ1 & Samsung Galaxy S10e.

Thanks,
David


På 9 oktober 2020 kl. 14:22:01, Jason A. Donenfeld (jason@zx2c4.com) skrev:
> Hi David,
>  
> I haven't seen other reports like this before, so I'm not really sure off hand.
>  
> Firstly, do the Macbook and the Thinkpad respond to pings in the first
> place? Modern macOS and Windows have built-in firewalls that usually
> prevent this. So make sure that the pings work without WireGuard part
> of the equation. If you've done this, and it works without WireGuard,
> and it doesn't work with WireGuard, then we can proceed assuming this
> is an issue with WireGuard.
>  
> That config seems fine on a cursory glance. You mentioned that this
> only happens on certain phones. Which Android phones work as intended,
> and which do not? Which operating system versions are each of these
> running? The more general information about this that you can provide,
> the more we can narrow it down.
>  
> Between Android releases, there have been subtle changes in their
> routing particulars, and between Android vendors, I've seen aggressive
> power management policies affecting WireGuard, and between Android
> configurations, I've seen newer features like DoH/DoT confusing the
> VPN subsystem too. And there may be other weird patterns and quirks
> too. If this really is a problem with "phone X but not phone Y," we'll
> need some more smells to find out what's going on.
>  
> Alternatively, you can dump `ip route show table all` and `ip rule
> show` and `iptables-save` on each of the phones and see if you notice
> an obvious difference in the routing that netd sets up. That might not
> lead to a fix of the issue, but it might add more precision to why
> it's not working as intended.
>  
> Jason
>