-
-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kill switch when ANY wg interface fails (advanced mode) #1700
Comments
This is what Lockdown does. If that's not what you see happening, it is a bug.
Always-on WireGuards are also (internally) Lockdown.
We've got a few reports about this. Can you check if the Peer Endpoint contains a domain name (these can also be IP addresses)? If so, we've fixed an issue related to it slowing connects/reconnects. |
I've managed to narrow this down.
|
Interesting. Can you share the Peer config (all fields are public and so it is usually okay to share)? If not, can you confirm if the Peer Endpoint is a public IP (as opposed to IP from
This uses a pretty old network engine (from 3 months and ~300 commits ago). Line 252 in 59aa0da
|
Here are the peer configs:
Even if you make that second one more simple like 0.0.0.0/0, you still see the issues. I tried updating the network engine to 140e42bd57, but this made it worse (the issue was present even when I was using a different CIDR than 10.x.x.x). However, I don't know if I implemented this updated version correctly since I just fixed anything that was causing build errors due to changes from the earlier version. |
Does it also happen with a single Peer? If you're comfortable doing so, turn ON Very verbose logging (from Configure -> Settings -> Log level) then |
Found the issue and submitted a pull request here: #1707. Turns out it had nothing to do with the 10.x.x.x subnet. The issue was just intermittent/random based on the randomly returned catch-all config. When fetching an optimal config, we need to only consider configs that can handle the route (eg: permitted by allowedIps). This bug also affected the code for finding a proxy to use for DNS queries. Thanks for pursuing this. |
Currently testing with 'main' branch (59aa0da).
I currently have 3 wg profiles set up in the advanced interface:
I keep LAN connected at all times and have selected "Always-on". The allowedIps wg option works to route my local LAN traffic through this interface.
I use either USA or FRANCE (one at a time). I have USA and FRANCE configured with all IPs not in the allowedIps of my LAN (so all non-LAN traffic routes through either of these).
First issue: SLOW to Connect
Second issue: No kill switch while wg interface connecting?
The text was updated successfully, but these errors were encountered: