Re: DNS name resolution should not be done during configuration parsing.

From: David Kerr <david@kerr.net>
To: Eryk Wieliczko <eryk@wieliczko.ninja>
Cc: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Re: DNS name resolution should not be done during configuration parsing.
Date: Sat, 16 Feb 2019 22:03:40 -0500	[thread overview]
Message-ID: <CAJJxGdG2G+busk12y==dZOL2__+C1T6nQy+tGRJM=M65-SuZ5Q@mail.gmail.com> (raw)
In-Reply-To: <8_iPFshR7GasRS24vRTFKp3pG-UGxQLluTaoZZeAO-UlYBTQ2nCHNlMniuKWz9tWpWPbbXS8Br3SxRpCjcruohwFw8PD83jko2lrf3E7hq4=@wieliczko.ninja>

[-- Attachment #1.1: Type: text/plain, Size: 2044 bytes --]

Erik, see here for a proposed fix.  No response from the WireGuard team
yet.

https://lists.zx2c4.com/pipermail/wireguard/2019-January/003842.html

Recently I had a power outage and both my gateway and cable modem went
offline. On power recovery both devices start up, but the gateway completes
startup before the cable modem completes its protocol negotiations, so
initially the external network (eth0) is not functional.  That comes online
say one minute later and all is well.

Except that all is not well.  Wireguard failed to start up because I have
Endpoint=<a URL> instead of a IP address.  And because external interface
is not live yet, DNS lookup fails and Wireguard does not gracefully handle
it.  This is really important because Wireguard may be my only way into my
local network.

As work-around I replaced the URL with the IP address... but that is not a
long term solution if the endpoint is not a static IP address.

Wireguard needs to handle the situation where external network may not have
stabilized at the time it starts up.  The above link proposed a fix.

David

On Sat, Feb 16, 2019 at 8:35 PM Eryk Wieliczko <eryk@wieliczko.ninja> wrote:

> Hello everyone!
>
> If you use a DNS address as an endpoint and there is no internet
> connection, WireGuard will hang for two minutes and then exit with error.
>
> IMO the expected behavior should be the same as in OpenVPN:
> WireGuard starts immediately and patiently tries to resolve the DNS until
> it succeeds.
>
> Thus, WireGuard should resolve the DNS just before connecting to the
> server. And just keep trying and trying without any timeouts.
>
> I'd like to install WireGuard on technician's computers and there is no
> guarantee that they will start phone tethering within 2 minutes of starting
> their machine. OpenVPN would pass this scenario.
>
> What do you think?
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
-- 
David Kerr Sent from Gmail Mobile

[-- Attachment #1.2: Type: text/html, Size: 3785 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard