From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7B1EC282C3 for ; Thu, 24 Jan 2019 04:00:30 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1276D2184C for ; Thu, 24 Jan 2019 04:00:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1276D2184C Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=familie-schwamborn.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: from krantz.zx2c4.com (localhost [IPv6:::1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b40c46db; Thu, 24 Jan 2019 03:55:19 +0000 (UTC) Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6eaa58ea for ; Wed, 16 Jan 2019 21:25:37 +0000 (UTC) Received: from 4.mo179.mail-out.ovh.net (4.mo179.mail-out.ovh.net [46.105.36.149]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id f52004b6 for ; Wed, 16 Jan 2019 21:25:37 +0000 (UTC) Received: from player690.ha.ovh.net (unknown [10.109.143.72]) by mo179.mail-out.ovh.net (Postfix) with ESMTP id 6D98111074D for ; Wed, 16 Jan 2019 22:29:49 +0100 (CET) Received: from familie-schwamborn.com (p4FC47FA1.dip0.t-ipconnect.de [79.196.127.161]) (Authenticated sender: fabian@familie-schwamborn.com) by player690.ha.ovh.net (Postfix) with ESMTPSA id DA5C519D6C38; Wed, 16 Jan 2019 21:29:47 +0000 (UTC) Subject: Re: Optional DNS-Check or Ping-test for the Android App To: David Cowden References: <4844f7fa-6e60-4fe3-30b3-e9f87952235b@familie-schwamborn.com> From: Fabian Schwamborn Message-ID: <012090d9-5191-9741-12e0-bd7352307aa0@familie-schwamborn.com> Date: Wed, 16 Jan 2019 22:29:44 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: X-Ovh-Tracer-Id: 11695003809630185039 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtledrgeehgdduhedvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddm X-Mailman-Approved-At: Thu, 24 Jan 2019 04:55:18 +0100 Cc: wireguard@lists.zx2c4.com X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============4923757331349012303==" Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" This is a multi-part message in MIME format. --===============4923757331349012303== Content-Type: multipart/alternative; boundary="------------8B775635DC3AB67470D54EA4" This is a multi-part message in MIME format. --------------8B775635DC3AB67470D54EA4 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit I think you misunderstood me. Most broadband providers don't offer fixed IPv4. Due to privacy considerations, even under IPv6 on normal connections, addresses will always change. (prefix) As soon as an address changes and my dynamic DNS system registers it, an IPsec or OpenVPN client on my phone can reconnect. (This happens once a week). The Wireguard app simply lacks a monitor to see if the IP address has changed. Therefore a ttl in the DNS was introduced .... (After a registered loss of the connection - also shown in the log - no DNS request is executed and the tunnel breaks down permanently.) I think these are the most common scenarios with OpenWRT routers ... Having a DNS entry does not mean that it always points to a static ip, so when a tunnel disconnects, the Android-app itself (userspace) should handle this like many other existing VPN-Clients do by a re-query of the DNS entry... My question is, is there any opinion on such an implementation? Should i try to implement it into the android app and provide the code? (Unfortunately i am not a good android app-developer) Am 16.01.2019 um 21:57 schrieb David Cowden: > You need to setup dns for your home site then use that to connect. Or > you need to synchronize the endpoint out of band. I can't imagine this > is something wg wants to tackle--this is a general problem all > software encounters. > > On Tue, Jan 15, 2019 at 10:52 PM Fabian Schwamborn > > > wrote: > > Hello, > > I have a suggestion for improving the Android app or would like to > ask if such a change would be desirable in general (e.g. pull > request): > > I'm using Wireguard as a connection between my home router and my > mobile phone, but unfortunately I don't have a fixed IP address. > As soon as the IP address changes, the app does not reconnect. > (Happens once a week) > > Is it possible to integrate a function into the app, that pings > through the tunnel so that you can perform a keep-alive check and > reconnect the tunnel completely after a failure (including DNS > request)? > > Is it conceivable, to implement a DNS-check function in the app? > (E.g. like the existing example DNS check script for Linux works?) > > Then the app would have the same functionality as my previous > IP-Sec client. This would also allow better coverage of failover > IP scenarios. > > > Best Regards > > Fabian > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > --------------8B775635DC3AB67470D54EA4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

I think you misunderstood me. Most broadband providers don't offer fixed IPv4. Due to privacy considerations, even under IPv6 on normal connections, addresses will always change. (prefix) As soon as an address changes and my dynamic DNS system registers it, an IPsec or OpenVPN client on my phone can reconnect. (This happens once a week).
The Wireguard app simply lacks a monitor to see if the IP address has changed. Therefore a ttl in the DNS was introduced .... (After a registered loss of the connection - also shown in the log - no DNS request is executed and the tunnel breaks down permanently.)

I think these are the most common scenarios with OpenWRT routers ...

Having a DNS entry does not mean that it always points to a static ip, so when a tunnel disconnects, the Android-app itself (userspace) should handle this like many other existing VPN-Clients do by a re-query of the DNS entry...

My question is, is there any opinion on such an implementation? Should i try to implement it into the android app and provide the code? (Unfortunately i am not a good android app-developer)


Am 16.01.2019 um 21:57 schrieb David Cowden:
You need to setup dns for your home site then use that to connect. Or you need to synchronize the endpoint out of band. I can't imagine this is something wg wants to tackle--this is a general problem all software encounters.

On Tue, Jan 15, 2019 at 10:52 PM Fabian Schwamborn <fabian@familie-schwamborn.com> wrote:

Hello,

 

I have a suggestion for improving the Android app or would like to ask if such a change would be desirable in general (e.g. pull request):

I'm using Wireguard as a connection between my home router and my mobile phone, but unfortunately I don't have a fixed IP address. As soon as the IP address changes, the app does not reconnect. (Happens once a week)

Is it possible to integrate a function into the app, that pings through the tunnel so that you can perform a keep-alive check and reconnect the tunnel completely after a failure (including DNS request)?

Is it conceivable, to implement a DNS-check function in the app? (E.g. like the existing example DNS check script for Linux works?)

Then the app would have the same functionality as my previous IP-Sec client. This would also allow better coverage of failover IP scenarios.


Best Regards 

Fabian

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

--------------8B775635DC3AB67470D54EA4-- --===============4923757331349012303== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard --===============4923757331349012303==--