-
-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Add Second Device" doesn't work on Windows because of firewall sometimes #3218
Comments
Edited the issue with the info about |
...because of the firewall sometimes Closes deltachat/deltachat-desktop#3218
About the But the problem is that it fails unless you run it as admin.
Codeuse windows::{
core::BSTR,
Win32::{
Foundation::VARIANT_BOOL,
NetworkManagement::WindowsFirewall::{
INetFwPolicy2, INetFwRule, NetFwPolicy2, NetFwRule, NET_FW_ACTION_ALLOW,
},
System::Com::{
CoCreateInstance, CoInitializeEx, CLSCTX_INPROC_SERVER, COINIT_MULTITHREADED,
},
},
};
fn main() -> std::io::Result<()> {
unsafe {
CoInitializeEx(None, COINIT_MULTITHREADED)?;
let fw_policy: INetFwPolicy2 = CoCreateInstance(&NetFwPolicy2, None, CLSCTX_INPROC_SERVER)?;
let rule: INetFwRule = CoCreateInstance(&NetFwRule, None, CLSCTX_INPROC_SERVER)?;
rule.SetApplicationName(&BSTR::from(
"C:\\firewall-test\\target\\debug\\firewall-test.exe",
))?;
rule.SetAction(NET_FW_ACTION_ALLOW)?;
rule.SetEnabled(VARIANT_BOOL::from(true))?;
rule.SetName(&BSTR::from("firewall-test.exe"))?;
fw_policy.Rules()?.Add(&rule)?;
}
println!("Success!");
Ok(())
} |
can we check if the transfer would be blocked by the firewall? so that we can hint the user at what they need to do to fix it? |
There is a PR deltachat/deltachat-core-rust#4351, but I think this should be solved with a firewall rule without any user action if possible, so the user cannot accidentally block DC. |
A thing that wasn't mentioned: the alert pops up when you launch a webxdc app for the first time. |
maybe because of fill500? |
That's right. |
A manual solution was shared in the forum: https://support.delta.chat/t/add-hint-select-on-windows-desktop-private-network-to-add-a-second-device/2921 maybe we should incorporate it into the local help / FAQ and add a trouble shoot button that links into the inApp Help? this could solve this issue without the need for us to understand those apis. |
added a maybe sufficient hint at deltachat/deltachat-pages#799 |
Debugging
The connection fails, unless you have added DC desktop in "Allow an app through Windows Firewall", or unless it was added there in another way, say through the Windows Firewall alert that can pop up when an app tries to listen on a non-localhost network interface.
The "Add Second Device" feature was added here deltachat/deltachat-core-rust#4007, and it uses
iroh
. The binding address is specified here, down to here, but it doesn't trigger the Windows Firewall alert popup, like it usually does with, say, a simple HTTP server app.I have a suspicion that it may be related to the fact that DC listens for UDP packets, not TCP.
iroh
uses the QUIC protocol, which is UDP-based. I just triedAnd it did not trigger the alert, but with a concrete port
("0.0.0.0", 59999)
the alert is triggered. And, again, yes, if you set up an TCP listener, say, withThe alert does get triggered.
Possible solutions
windows-rs
library that DC already depends on, namely these two functions 1, 2. But I myself am not sure how they work. I heard they may require elevation ("Run as administrator"). But not only it is a proper solution, I also suspect that it might actually be better because it might (based on my intuition) cause the Firewall alert to pop up a second time if network access was previously denied for the application.The text was updated successfully, but these errors were encountered: