v055c: Always-on WireGuard leaks conns when phone is restarted

[8itlew7r]

Possible bugs based on experience:

• It says "PROTECTED WITH WIREGUARD" even though it doesn't redirect connections to the VPN server.

• Happened to me twice.

• Auto-start on power up is dissabled.

[ignoramous]

It says "PROTECTED WITH WIREGUARD" even though it doesn't redirect connections to the VPN server

A few questions:

• Was the WireGuard config not active?
  • What was its status (failing, connected, starting)?
• Was WireGuard in Simple mode or Advanced mode?
  • If in Advanced mode: Was the WireGuard config Lockdown?
• Is Configure -> Network -> Enable network visibility turned ON?

[8itlew7r]

• Was the WireGuard config not active?

There are 2 configs, one is active and the other is not.

• What was its status (failing, connected, starting)?

Unfortunately, I didn't notice. But I will let you know if it happens again.

• Was WireGuard in Simple mode or Advanced mode?

Advanced mode.

• If in Advanced mode: Was the WireGuard config Lockdown?

Yep. And always on.

• Is Configure -> Network -> Enable network visibility turned ON?

Nope. It is disabled because the RethinkDNS application is in lockdown mode.

---

I can't reproduce the bug. Maybe because I removed the second inactive config and changed something. Just be aware that this bug is still lurking.

[8itlew7r]

Also I had to press the stop and start button to fix the VPN leak.

[ignoramous]

Thanks. This is concerning.

Rethink should never leak connections if "Always-on" WireGuard is setup.

says "PROTECTED WITH WIREGUARD" even though it doesn't redirect connections to the VPN server.

How did you verify the leaks? By looking at the Network Logs? Or, verifying it externally at router / access point / server?

[8itlew7r]

How did you verify the leaks? By looking at the Network Logs? Or, verifying it externally at router / access point / server?

Yeah, by looking at the network logs, there is no label that says "proxied", and also by checking my IP address in ipwho.de

[ignoramous]

We've found a couple of bugs wrt this, and we're fixing them. Thanks for patiently answering my queries (:

[8itlew7r]

What was its status (failing, connected, starting)?

The bug happened again.

The label of 3 proxy says "Failing" even though RDNS says "PROTECTED WITH WIREGUARD".

Do you have a Proton Mail account? I can send you the bug report there, or I'll just send it encrypted.

[ignoramous]

The label of 3 proxy says "Failing" even though RDNS says "PROTECTED WITH WIREGUARD". Do you have a Proton Mail account? I can send you the bug report there, or I'll just send it encrypted.

This is a separate issue and since it is reprodcible pretty readily, we've since fixed it, too. Thanks for the report.

[8itlew7r]

separate issue

I assume you're talking about the VPN leak.

[ignoramous]

assume you're talking about the VPN leak

Two scenarios:

• If WireGuard is failing it shouldn't leak traffic. If it does, that's a separate bug to this (which is about leaks when Android is restarted).
• Today, WireGuard shows failing even when it is really idling. Next version will distinctly identify idle but connected WireGuards.

[8itlew7r]

I had trouble connecting to internet on all three of my configurations. Also, I noticed a VPN leak (without rebooting) on one of them, even though the 'always on' setting was enabled. However, switching to simple mode fixed both issues. It seems that the bug only affects the advanced setting.

Good luck!

[ignoramous]

Yeah, we've since fixed these leaks. Expect a release in a day or so. Things are looking up in tests (as of today).

had trouble connecting to internet on all three of my configurations

There are spurious packet drops #515 Unsure if that's what's affecting your configs, too. If you're technical enough, what do you see in adb logcat (turn ON Verbose mode from Configure -> Settings -> Log Level)?

[8itlew7r]

There are spurious packet drops #515 Unsure if that's what's affecting your configs, too. If you're technical enough, what do you see in adb logcat (turn ON Verbose mode from Configure -> Settings -> Log Level)?

I mean absolutely no internet connection, with no data packets being transmitted. Previously, only 2/3 of the Wireguard configurations would work, followed by 1/3, and then none would allow me to connect to the internet. However, the simple mode not only resolves this issue, but also improves connection speed.

[ignoramous]

Released fixes for this issue in v055e. Please feel free to reopen if that's not the case.

I mean absolutely no internet connection, with no data packets being transmitted. Previously, only 2/3 of the Wireguard configurations would work, followed by 1/3, and then none would allow me to connect to the internet.

As a workaround, try tapping on Refresh button at the top right hand corner in Configure -> Proxy UI the next time this happens, and see if WireGuard (advanced) recovers.

We are tracking a fix for connection drops related to device waking up from deep sleep here:

• Wireguard Connection Fails If Screen Locked for a long time #1368

[ignoramous]

370995a