On Tue, Jan 8, 2019 at 3:22 AM Arpit Gupta wrote:
> A new user here. Recently setup wireguard to run on my pi 3 + pi hole. I am
> noticing some interesting behavior with certain apps.
>
Apps running where? Name your hosts (fakename if you prefer) for clarity.
> When using Google Duo on my android phone it would not work if wireguard was
> configured in split tunnel mode. When i enabled all traffic via wireguard it
> worked fine.
>
"android phone"? How does it connect to where?
> Downloading app updates my phone when on wireguard would not work regardless
> if it was split tunnel or all traffic was being routed via wireguard.
> Interestingly installing an app did not have any issue.
>
Is there wireguard tunnel starting from "phone" (end ending where?), or no?
> Another issue i noticed is when i try to open lets say a pdf attachment in my
> browser from gmail it gets stuck in downloading state. I then turn off
> wireguard and then it works fine.
> I am noob in the matters of VPN, security, network etc so i wanted to see if
> people had thoughts on how i can debug this further to determine if this is
> an issue with the wireguard app on my phone vs the peer running on my pi and
> if there are certain types of apps i should add to my exclude list. Right now
> i have added google duo and play store to it.
>
For a start, get one or two levels below "Google store", "app" and so
on. Test with simple tools, possibly platform agnostic (ping,
wget/curl).
In IP networks, data travels in packets, apps talk via sockets and
send those packets. Packet flow can be observed via Wireshark
(tcpdump, thsark) and can be recorded in a packet capture (pcap file).
Linux networking is flexible enough to allow non-working
configurations (or working not in the way one thinks);
examining/sharing (running) configurations is a key point (`ip addr;
ip route; wg; cat /etc/resolv.conf; ping -c3 8.8.8.8` commands run as
root might help).
> I have confirmed pi hole is not causing issues as when i disable wireguard
> applications are working fine and still using pi hole dns.
>
Since you have "working" and "non-working" state (i.e. when you
"enable wireguard"), compare (diff) the two and try to understand what
changes (execute the commands and record their output in a text file
before and after:
bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ping -c3
8.8.8.8" >test.good 2>&1
bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ping -c3
8.8.8.8" >test.bad 2>&1
Then compare test.{good,bad} with a diff utility (diff, sdiff,
gvimdiff, etc.). When you have more than one host involved, do that
for each host before/after.
Cheers,
Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard