core.Instance.Close() does not close wireguard client #4613
Description
Integrity requirements
- I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
- I searched issues and did not find any similar issues.
- The problem can be successfully reproduced in the latest Release
Description
core.Instance.Close() does not close wireguard client. Wireguard client continues to send keepalive and handshake packets even after core.Instance.Close() is called.
This is problematic for android apps, since xray server is started and stopped multiple times within the same process and wireguard client is leaked on each restart.
I can also reproduce this bug in v2rayng by manually editing the config JSON and setting "keepAlive": 10
Reproduction Method
package main
import (
"bufio"
"fmt"
"os"
"strings"
"time"
"github.com/xtls/xray-core/core"
_ "github.com/xtls/xray-core/main/distro/all"
)
const CONFIG = `
{
"inbounds": [
{
"port": 10001,
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"log": {
"loglevel": "debug"
},
"outbounds": [
{
"protocol": "wireguard",
"settings": {
"address": [
"10.2.0.2/32"
],
"kernelMode": false,
"peers": [
{
"allowedIPs": [
"0.0.0.0/0"
],
"endpoint": "***",
"keepAlive": 10,
"preSharedKey": "",
"publicKey": "***"
}
],
"reserved": [
0,
0,
0
],
"secretKey": "***",
"workers": 2
}
}
]
}
`
func main() {
cfg, err := core.LoadConfig("json", strings.NewReader(CONFIG))
if err != nil {
panic(err)
}
xrayServer, err := core.New(cfg)
if err != nil {
panic(err)
}
err = xrayServer.Start()
if err != nil {
panic(err)
}
scanner := bufio.NewScanner(os.Stdin)
scanner.Scan() // wait for enter
err = xrayServer.Close()
if err != nil {
panic(err)
}
fmt.Println("XRAY CLOSED")
time.Sleep(time.Hour)
}- Run the code above
- Run
curl --proxy socks5://127.0.0.1:10001 myip.wtf/jsonto make some requests to xray - Press enter to stop xray server
- Use wireshark to monitor packets and you will see xray is sending keepalive and handshake packets
Client config
Details
{
"inbounds": [
{
"port": 10001,
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"log": {
"loglevel": "debug"
},
"outbounds": [
{
"protocol": "wireguard",
"settings": {
"address": [
"10.2.0.2/32"
],
"kernelMode": false,
"peers": [
{
"allowedIPs": [
"0.0.0.0/0"
],
"endpoint": "***",
"keepAlive": 10,
"preSharedKey": "",
"publicKey": "***"
}
],
"reserved": [
0,
0,
0
],
"secretKey": "***",
"workers": 2
}
}
]
}Server config
I used protonvpn for testing
Client log
Details
2025/04/13 13:37:32.651477 [Debug] app/log: Logger started 2025/04/13 13:37:32.651632 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:10001 2025/04/13 13:37:32.651786 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:10001 2025/04/13 13:37:32.651919 [Info] transport/internet/udp: listening UDP on 0.0.0.0:10001 2025/04/13 13:37:32.651926 [Warning] core: Xray 25.3.31 started 2025/04/13 13:37:36.503032 [Info] [1701141171] proxy/socks: TCP Connect request to tcp:142.44.215.161:80 2025/04/13 13:37:36.503261 [Info] [1701141171] app/dispatcher: default route for tcp:142.44.215.161:80 2025/04/13 13:37:36.503269 [Info] switching dialer 2025/04/13 13:37:36.503283 [Warning] proxy/wireguard: Using gVisor TUN. Kernel TUN is not supported on your OS, or your permission is insufficient. 2025/04/13 13:37:36.503379 from tcp:127.0.0.1:60606 accepted tcp:142.44.215.161:80 2025/04/13 13:37:36.504215 [Debug] Routine: encryption worker 2 - started 2025/04/13 13:37:36.504228 [Debug] Routine: encryption worker 1 - started 2025/04/13 13:37:36.504242 [Debug] Routine: decryption worker 1 - started 2025/04/13 13:37:36.504280 [Debug] Routine: handshake worker 1 - started 2025/04/13 13:37:36.504286 [Debug] UAPI: Updating private key 2025/04/13 13:37:36.504299 [Debug] Routine: handshake worker 9 - started 2025/04/13 13:37:36.504311 [Debug] Routine: decryption worker 2 - started 2025/04/13 13:37:36.504322 [Debug] Routine: handshake worker 2 - started 2025/04/13 13:37:36.504334 [Debug] Routine: encryption worker 3 - started 2025/04/13 13:37:36.504344 [Debug] Routine: decryption worker 3 - started 2025/04/13 13:37:36.504354 [Debug] Routine: handshake worker 3 - started 2025/04/13 13:37:36.504361 [Debug] Routine: encryption worker 4 - started 2025/04/13 13:37:36.504384 [Debug] Routine: decryption worker 4 - started 2025/04/13 13:37:36.504391 [Debug] Routine: handshake worker 4 - started 2025/04/13 13:37:36.504398 [Debug] Routine: encryption worker 5 - started 2025/04/13 13:37:36.504406 [Debug] Routine: decryption worker 5 - started 2025/04/13 13:37:36.504413 [Debug] Routine: handshake worker 5 - started 2025/04/13 13:37:36.504421 [Debug] Routine: encryption worker 6 - started 2025/04/13 13:37:36.504429 [Debug] Routine: decryption worker 6 - started 2025/04/13 13:37:36.504438 [Debug] Routine: handshake worker 6 - started 2025/04/13 13:37:36.504446 [Debug] Routine: decryption worker 15 - started 2025/04/13 13:37:36.504462 [Debug] Routine: handshake worker 13 - started 2025/04/13 13:37:36.504468 [Debug] Routine: encryption worker 7 - started 2025/04/13 13:37:36.504473 [Debug] Routine: encryption worker 14 - started 2025/04/13 13:37:36.504477 [Debug] Routine: decryption worker 14 - started 2025/04/13 13:37:36.504481 [Debug] Routine: handshake worker 14 - started 2025/04/13 13:37:36.504485 [Debug] Routine: encryption worker 15 - started 2025/04/13 13:37:36.504489 [Debug] Routine: decryption worker 8 - started 2025/04/13 13:37:36.504495 [Debug] Routine: handshake worker 8 - started 2025/04/13 13:37:36.504503 [Debug] Routine: encryption worker 9 - started 2025/04/13 13:37:36.504509 [Debug] Routine: decryption worker 7 - started 2025/04/13 13:37:36.504514 [Debug] Routine: decryption worker 9 - started 2025/04/13 13:37:36.504518 [Debug] Routine: decryption worker 11 - started 2025/04/13 13:37:36.504524 [Debug] Routine: encryption worker 10 - started 2025/04/13 13:37:36.504528 [Debug] Routine: decryption worker 10 - started 2025/04/13 13:37:36.504533 [Debug] Routine: handshake worker 10 - started 2025/04/13 13:37:36.504545 [Debug] Routine: handshake worker 7 - started 2025/04/13 13:37:36.504552 [Debug] Routine: encryption worker 11 - started 2025/04/13 13:37:36.504558 [Debug] Routine: encryption worker 8 - started 2025/04/13 13:37:36.504564 [Debug] Routine: decryption worker 12 - started 2025/04/13 13:37:36.504569 [Debug] Routine: handshake worker 11 - started 2025/04/13 13:37:36.504580 [Debug] Routine: decryption worker 16 - started 2025/04/13 13:37:36.504588 [Debug] Routine: handshake worker 15 - started 2025/04/13 13:37:36.504598 [Debug] Routine: encryption worker 16 - started 2025/04/13 13:37:36.504630 [Debug] Routine: encryption worker 12 - started 2025/04/13 13:37:36.504662 [Debug] Routine: handshake worker 12 - started 2025/04/13 13:37:36.504693 [Debug] Routine: encryption worker 13 - started 2025/04/13 13:37:36.504710 [Debug] Routine: TUN reader - started 2025/04/13 13:37:36.504743 [Debug] Routine: decryption worker 13 - started 2025/04/13 13:37:36.504748 [Debug] Routine: event worker - started 2025/04/13 13:37:36.504753 [Debug] Interface up requested 2025/04/13 13:37:36.504905 [Debug] peer(xLFg…XE2k) - UAPI: Created 2025/04/13 13:37:36.504918 [Debug] peer(xLFg…XE2k) - UAPI: Updating endpoint 2025/04/13 13:37:36.504923 [Debug] peer(xLFg…XE2k) - UAPI: Adding allowedip 2025/04/13 13:37:36.504928 [Debug] peer(xLFg…XE2k) - UAPI: Updating persistent keepalive interval 2025/04/13 13:37:36.504937 [Debug] peer(xLFg…XE2k) - Starting 2025/04/13 13:37:36.504941 [Debug] peer(xLFg…XE2k) - Sending keepalive packet 2025/04/13 13:37:36.504945 [Debug] peer(xLFg…XE2k) - Sending handshake initiation 2025/04/13 13:37:36.504951 [Debug] Routine: handshake worker 16 - started 2025/04/13 13:37:36.504956 [Debug] UDP bind has been updated 2025/04/13 13:37:36.505045 [Debug] Routine: receive incoming Open - started 2025/04/13 13:37:36.505052 [Debug] Routine: receive incoming Open - started 2025/04/13 13:37:36.505056 [Debug] peer(xLFg…XE2k) - Routine: sequential sender - started 2025/04/13 13:37:36.505060 [Debug] peer(xLFg…XE2k) - Routine: sequential receiver - started 2025/04/13 13:37:36.505566 [Debug] [1701141171] transport/internet: dialing to udp:149.22.82.88:51820 2025/04/13 13:37:36.505914 [Debug] Interface state was Down, requested Up, now Up 2025/04/13 13:37:36.508877 [Debug] peer(xLFg…XE2k) - Received handshake response 2025/04/13 13:37:37.554321 [Info] [1701141171] app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled 2025/04/13 13:37:39.527678 [Info] [3238788433] proxy/socks: TCP Connect request to tcp:142.44.215.161:80 2025/04/13 13:37:39.527719 [Info] [3238788433] app/dispatcher: default route for tcp:142.44.215.161:80 2025/04/13 13:37:39.527782 from tcp:127.0.0.1:60608 accepted tcp:142.44.215.161:80 2025/04/13 13:37:40.434434 [Info] [2927068517] proxy/socks: TCP Connect request to tcp:142.44.215.161:80 2025/04/13 13:37:40.434465 [Info] [2927068517] app/dispatcher: default route for tcp:142.44.215.161:80 2025/04/13 13:37:40.434492 from tcp:127.0.0.1:60622 accepted tcp:142.44.215.161:80 2025/04/13 13:37:40.591836 [Info] [3238788433] app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled 2025/04/13 13:37:41.498470 [Info] [2927068517] app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled 2025/04/13 13:37:51.539793 [Debug] peer(xLFg…XE2k) - Sending keepalive packet 2025/04/13 13:37:51.799993 [Debug] peer(xLFg…XE2k) - Receiving keepalive packet 2025/04/13 13:38:01.800951 [Debug] peer(xLFg…XE2k) - Sending keepalive packet
2025/04/13 13:38:04.177560 [Debug] app/log: Logger closing
XRAY CLOSED
Server log
N/A