WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* Port dependent issues on iOS 13
@ 2019-09-24  9:36 wireguard
  2019-09-25 22:01 ` John huttley
  0 siblings, 1 reply; 3+ messages in thread
From: wireguard @ 2019-09-24  9:36 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 985 bytes --]

Hello,

in place upgrades from iOS 12 -> iOS 13 (release) seem to work well in general. But there is a bizarre issue depending on remote endpoint ports. If you have, in my case, 4500/UDP configured as remote endpoint the tunnel does not send or receive traffic. Changing it to any other port works. Changing back to 4500/UDP breaks it again reproducibly. For others, documented here https://www.reddit.com/r/WireGuard/comments/d6in39/wg_broken_on_ios_13/  , it is 1500/UDP, in #WireGuard there has been a documented issue for 500/UDP not working.

I have AnyConnect installed in parallel and checked, whether that's related. But removing and resetting Network settings did not fix port 4500 for me.

As there is no port number dependent branching in the WireGuard-iOS code base, this is likely an iOS regression. Does any one of you have a working channel to Apple to report this?

Thank you for an else excellent product. Let me know if I can be of any help.

Best regards,

Christian

[-- Attachment #1.2: Type: text/html, Size: 1408 bytes --]

<!doctype html>
<html>
 <head> 
  <meta charset="UTF-8"> 
 </head>
 <body>
  <div>
   Hello,
  </div>
  <div>
   <br>
  </div>
  <div>
   in place upgrades from iOS 12 -&gt; iOS 13 (release) seem to work well in general. But there is a bizarre issue depending on 
   <strong>remote</strong> endpoint ports. If you have, in my case, 4500/UDP configured as remote endpoint the tunnel does not send or receive traffic. Changing it to any other port works. Changing back to 4500/UDP breaks it again reproducibly. For others, documented 
   <a href="https://www.reddit.com/r/WireGuard/comments/d6in39/wg_broken_on_ios_13/">here</a>&nbsp;, it is 1500/UDP, in #WireGuard there has been a documented issue for 500/UDP not working.
  </div>
  <div>
   <br>
  </div>
  <div>
   I have AnyConnect installed in parallel and checked, whether that's related. But removing and resetting Network settings did not fix port 4500 for me.
  </div>
  <div>
   <br>
  </div>
  <div>
   As there is no port number dependent branching in the WireGuard-iOS code base, this is likely an iOS regression. Does any one of you have a working channel to Apple to report this?
  </div>
  <div>
   <br>
  </div>
  <div>
   Thank you for an else excellent product. Let me know if I can be of any help.
  </div>
  <div>
   <br>
  </div>
  <div>
   Best regards,
  </div>
  <div>
   <br>
  </div>
  <div>
   Christian
  </div> 
 </body>
</html>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Port dependent issues on iOS 13
  2019-09-24  9:36 Port dependent issues on iOS 13 wireguard
@ 2019-09-25 22:01 ` John huttley
  2019-09-26  0:13   ` Reid Rankin
  0 siblings, 1 reply; 3+ messages in thread
From: John huttley @ 2019-09-25 22:01 UTC (permalink / raw)
  To: wireguard, wireguard

[-- Attachment #1.1: Type: text/plain, Size: 1387 bytes --]

Hi,

Port  4500 is the IPSec UDP nat port and 500 is IKE.

Anyconnect uses ISPEC so I think those ports are simply in use.


--John

On 24/09/19 9:36 PM, wireguard@p-np.de wrote:
> Hello,
>
> in place upgrades from iOS 12 -> iOS 13 (release) seem to work well in 
> general. But there is a bizarre issue depending on *remote* endpoint 
> ports. If you have, in my case, 4500/UDP configured as remote endpoint 
> the tunnel does not send or receive traffic. Changing it to any other 
> port works. Changing back to 4500/UDP breaks it again reproducibly. 
> For others, documented here 
> <https://www.reddit.com/r/WireGuard/comments/d6in39/wg_broken_on_ios_13/> , 
> it is 1500/UDP, in #WireGuard there has been a documented issue for 
> 500/UDP not working.
>
> I have AnyConnect installed in parallel and checked, whether that's 
> related. But removing and resetting Network settings did not fix port 
> 4500 for me.
>
> As there is no port number dependent branching in the WireGuard-iOS 
> code base, this is likely an iOS regression. Does any one of you have 
> a working channel to Apple to report this?
>
> Thank you for an else excellent product. Let me know if I can be of 
> any help.
>
> Best regards,
>
> Christian
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

[-- Attachment #1.2: Type: text/html, Size: 2663 bytes --]

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi, <br>
    </p>
    <p>Port  4500 is the IPSec UDP nat port and 500 is IKE.</p>
    <p>Anyconnect uses ISPEC so I think those ports are simply in use.</p>
    <p><br>
    </p>
    <p>--John<br>
    </p>
    <div class="moz-cite-prefix">On 24/09/19 9:36 PM, <a class="moz-txt-link-abbreviated" href="mailto:wireguard@p-np.de">wireguard@p-np.de</a>
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:1394974820.30160.1569317808871@office.mailbox.org">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <meta charset="UTF-8">
      <div> Hello, </div>
      <div> <br>
      </div>
      <div> in place upgrades from iOS 12 -&gt; iOS 13 (release) seem to
        work well in general. But there is a bizarre issue depending on
        <strong>remote</strong> endpoint ports. If you have, in my case,
        4500/UDP configured as remote endpoint the tunnel does not send
        or receive traffic. Changing it to any other port works.
        Changing back to 4500/UDP breaks it again reproducibly. For
        others, documented <a
href="https://www.reddit.com/r/WireGuard/comments/d6in39/wg_broken_on_ios_13/"
          moz-do-not-send="true">here</a> , it is 1500/UDP, in
        #WireGuard there has been a documented issue for 500/UDP not
        working. </div>
      <div> <br>
      </div>
      <div> I have AnyConnect installed in parallel and checked, whether
        that's related. But removing and resetting Network settings did
        not fix port 4500 for me. </div>
      <div> <br>
      </div>
      <div> As there is no port number dependent branching in the
        WireGuard-iOS code base, this is likely an iOS regression. Does
        any one of you have a working channel to Apple to report this? </div>
      <div> <br>
      </div>
      <div> Thank you for an else excellent product. Let me know if I
        can be of any help. </div>
      <div> <br>
      </div>
      <div> Best regards, </div>
      <div> <br>
      </div>
      <div> Christian </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
WireGuard mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WireGuard@lists.zx2c4.com">WireGuard@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/wireguard">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
    </blockquote>
  </body>
</html>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Port dependent issues on iOS 13
  2019-09-25 22:01 ` John huttley
@ 2019-09-26  0:13   ` Reid Rankin
  0 siblings, 0 replies; 3+ messages in thread
From: Reid Rankin @ 2019-09-26  0:13 UTC (permalink / raw)
  To: John huttley; +Cc: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 1740 bytes --]

FWIW, all those ports (4500, 1500, 500) seem to work for me with iOS 13 and
WireGuard for iOS build 0.0.20190610 (13).

On Wed, Sep 25, 2019 at 6:03 PM John huttley <john@mib-infotech.co.nz>
wrote:

> Hi,
>
> Port  4500 is the IPSec UDP nat port and 500 is IKE.
>
> Anyconnect uses ISPEC so I think those ports are simply in use.
>
>
> --John
> On 24/09/19 9:36 PM, wireguard@p-np.de wrote:
>
> Hello,
>
> in place upgrades from iOS 12 -> iOS 13 (release) seem to work well in
> general. But there is a bizarre issue depending on *remote* endpoint
> ports. If you have, in my case, 4500/UDP configured as remote endpoint the
> tunnel does not send or receive traffic. Changing it to any other port
> works. Changing back to 4500/UDP breaks it again reproducibly. For others,
> documented here
> <https://www.reddit.com/r/WireGuard/comments/d6in39/wg_broken_on_ios_13/> ,
> it is 1500/UDP, in #WireGuard there has been a documented issue for 500/UDP
> not working.
>
> I have AnyConnect installed in parallel and checked, whether that's
> related. But removing and resetting Network settings did not fix port 4500
> for me.
>
> As there is no port number dependent branching in the WireGuard-iOS code
> base, this is likely an iOS regression. Does any one of you have a working
> channel to Apple to report this?
>
> Thank you for an else excellent product. Let me know if I can be of any
> help.
>
> Best regards,
>
> Christian
>
> _______________________________________________
> WireGuard mailing listWireGuard@lists.zx2c4.comhttps://lists.zx2c4.com/mailman/listinfo/wireguard
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

[-- Attachment #1.2: Type: text/html, Size: 3188 bytes --]

<div><div dir="auto">FWIW, all those ports (4500, 1500, 500) seem to work for me with iOS 13 and WireGuard for iOS build 0.0.20190610 (13).</div></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Sep 25, 2019 at 6:03 PM John huttley &lt;<a href="mailto:john@mib-infotech.co.nz">john@mib-infotech.co.nz</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <p>Hi, <br>
    </p>
    <p>Port  4500 is the IPSec UDP nat port and 500 is IKE.</p>
    <p>Anyconnect uses ISPEC so I think those ports are simply in use.</p></div><div text="#000000" bgcolor="#FFFFFF">
    <p><br>
    </p>
    <p>--John<br>
    </p>
    <div>On 24/09/19 9:36 PM, <a href="mailto:wireguard@p-np.de" target="_blank">wireguard@p-np.de</a>
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      
      <div> Hello, </div>
      <div> <br>
      </div>
      <div> in place upgrades from iOS 12 -&gt; iOS 13 (release) seem to
        work well in general. But there is a bizarre issue depending on
        <strong>remote</strong> endpoint ports. If you have, in my case,
        4500/UDP configured as remote endpoint the tunnel does not send
        or receive traffic. Changing it to any other port works.
        Changing back to 4500/UDP breaks it again reproducibly. For
        others, documented <a href="https://www.reddit.com/r/WireGuard/comments/d6in39/wg_broken_on_ios_13/" target="_blank">here</a> , it is 1500/UDP, in
        #WireGuard there has been a documented issue for 500/UDP not
        working. </div>
      <div> <br>
      </div>
      <div> I have AnyConnect installed in parallel and checked, whether
        that&#39;s related. But removing and resetting Network settings did
        not fix port 4500 for me. </div>
      <div> <br>
      </div>
      <div> As there is no port number dependent branching in the
        WireGuard-iOS code base, this is likely an iOS regression. Does
        any one of you have a working channel to Apple to report this? </div>
      <div> <br>
      </div>
      <div> Thank you for an else excellent product. Let me know if I
        can be of any help. </div>
      <div> <br>
      </div>
      <div> Best regards, </div>
      <div> <br>
      </div>
      <div> Christian </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
WireGuard mailing list
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank">WireGuard@lists.zx2c4.com</a>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
    </blockquote>
  </div>

_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank">WireGuard@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote></div></div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-24  9:36 Port dependent issues on iOS 13 wireguard
2019-09-25 22:01 ` John huttley
2019-09-26  0:13   ` Reid Rankin

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git