wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Andrej Mihajlov <and@mullvad.net>
To: Juraj Hilje <juraj.hilje@gmail.com>
Cc: wireguard@lists.zx2c4.com
Subject: Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
Date: Wed, 22 Sep 2021 10:59:20 +0200	[thread overview]
Message-ID: <9D47F45A-59C7-4FB0-A9F8-2F13A1D4AB1A@mullvad.net> (raw)
In-Reply-To: <CB84BD03-DB8A-4855-94CC-898100C0B97E@gmail.com>

Hi Juraj,

Installing iOS 15 right now. I am gonna test it today too. 

What stands out to me that, while you have multiple interfaces available, the network monitor still says that the network is unsatisfied. Very odd.

Cheers,
Andrej

> On 22 Sep 2021, at 10:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
> 
> Hey Andrej, thanks for the response!
> 
> I've tested on iOS 14.8 and iOS 15.0 (public release), and even with the patch (b244febfdf3069dd4e8db2d31f0368d5474d7616) i still have the same issue on my end.
> 
> I will test the new iOS 15.1 Beta later today and let you know how it goes.
> 
> Juraj H.
> 
>> On 22.09.2021., at 10:08, Andrej Mihajlov <and@mullvad.net> wrote:
>> 
>> Have you tried on the most recent beta? I think it works over there, but requires some tweaks to the network monitor code in WireGuard. I had a patch somewhere here but haven’t spent much time testing it:
>> 
>> https://git.zx2c4.com/wireguard-apple/commit/?h=am/enable-include-all-networks&id=b244febfdf3069dd4e8db2d31f0368d5474d7616
>> 
>> Waiting for the final release of iOS 15.
>> 
>>> On 21 Sep 2021, at 12:55, Juraj Hilje <juraj.hilje@gmail.com> wrote:
>>> 
>>> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
>>> 
>>> Here are some logs from the moment of this event:
>>> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
>>> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
>>> 2021-09-20 12:07:26.736732: [NET] Device closing
>>> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
>>> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
>>> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
>>> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
>>> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
>>> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
>>> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
>>> 2021-09-20 12:07:26.753433: [NET] Device closed
>>> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
>>> 
>>> Tested on devices: iOS 14.8, iPadOS 15
>>> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
>>> 
>>> More info on includeAllNetworks option:
>>> https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks
>>> 
>>> Can someone confirm this issue or point to a possible workaround?
>>> Thanks!
>>> 
>>> Juraj H.
>> 
> 


  reply	other threads:[~2021-09-22 13:29 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-21 10:55 Juraj Hilje
2021-09-22  8:08 ` Andrej Mihajlov
2021-09-22  8:55   ` Juraj Hilje
2021-09-22  8:59     ` Andrej Mihajlov [this message]
2021-09-22 13:26       ` Juraj Hilje
2021-09-28 11:03         ` Andrej Mihajlov
2021-10-19  9:54           ` Andrej Mihajlov
2021-10-19 12:22             ` Juraj Hilje
2021-09-22 14:41   ` Jeffrey Walton
2021-09-22  8:19 ` Jeroen Massar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9D47F45A-59C7-4FB0-A9F8-2F13A1D4AB1A@mullvad.net \
    --to=and@mullvad.net \
    --cc=juraj.hilje@gmail.com \
    --cc=wireguard@lists.zx2c4.com \
    --subject='Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).