Re: [Android] Wireguard on the Amazon FireTV stick
Looks like the intent com.wireguard.android.action.SET_TUNNEL_UP does not do much. I tried to start the tunnel like this: am broadcast -a com.wireguard.android.action.SET_TUNNEL_UP -e tunnel wg0 -n com.wireguard.android/.model.TunnelManager After further investigation, the code to handle this intent is deactivated [1]. Any help would be appreciated! [1]: https://git.zx2c4.com/wireguard-android/tree/app/src/main/java/com/wireguard/android/model/TunnelManager.java#n275 ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [Android] Wireguard on the Amazon FireTV stick
> > I guess it allows also a full shell... adb shell ? > Yes, adb shell works. > No way to plug USB keyboard? > A keyboard would not help, you can't focus the area I need with the arrows. You need a mouse. It is also impossible to connect a Bluetooth mouse on the Fire TV stick (only on the regular Fire TV [1]). > Or better controller: https://www.youtube.com/watch?v=QfmuXuYI288 > This is their smartphone app, it does not give you better control of the UI, it is just a virtual remote. > > https://git.zx2c4.com/wireguard-android/tree/app/src/main/AndroidManifest.xml#n49 > So I guess the correct intent would be com.wireguard.android.action.SET_TUNNEL_UP, but I guess I need to provide the name of the interface as a payload? Thanks for the pointer, I'll dig in the code to see how the payload needs to be provided. [1]: https://www.amazon.com/gp/help/customer/display.html?nodeId=201739960 "You cannot connect a keyboard or mouse to Fire TV Stick." ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [Android] Wireguard on the Amazon FireTV stick
On Tue, Jan 8, 2019 at 11:27 AM Christophe-Marie Duquesne wrote: > > Hi there, > > I tried to run Wireguard on the FireTV stick. The only other relevant > reference I found for doing this was on reddit [1], where people recommended > to use TunSafe. TunSafe is unfortunately still closed-souce (AFAIK), and the > wireguard developers have already expressed negative opinions against it [2], > so I would rather use the official app instead. I am reporting here so that > people interested in doing the same thing find this thread and know what has > been attempted. > Great! > Here is where I am stuck: > The FireTV stick can only be navigated with their remote control, which has a > very basic keypad allowing to move from button to button with , , > , . Unfortunately, once an interface is configured, I do not > manage to navigate to the button to enable it. > I guess it allows also a full shell... adb shell ? No way to plug USB keyboard? Or better controller: https://www.youtube.com/watch?v=QfmuXuYI288 > And here are questions to the Wireguard Android devs: > - Could you let me know which Intent is sent when one enables the interface? > I would like to try to enable the interface from adb. > https://git.zx2c4.com/wireguard-android/tree/app/src/main/AndroidManifest.xml#n49 ? Kalin. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[Android] Wireguard on the Amazon FireTV stick
Hi there, I tried to run Wireguard on the FireTV stick. The only other relevant reference I found for doing this was on reddit [1], where people recommended to use TunSafe. TunSafe is unfortunately still closed-souce (AFAIK), and the wireguard developers have already expressed negative opinions against it [2], so I would rather use the official app instead. I am reporting here so that people interested in doing the same thing find this thread and know what has been attempted. Here is what worked do so far: - Install the app - Load a configuration for an interface Here is what I still cannot do: - Start the interface - Automatically start it at boot How to reproduce: - Install the app: - On the FireTV: - activate the relevant developer options on the FireTV stick (adb and external sources) - On a workstation: - visit F-Droid [3] and download the apk adb start-server adb connect adb install com.wireguard.android_445.apk - Load a configuration: - On a workstation: adb push wg0.conf /sdcard - On the FireTV: - navigated the menu to create a configuration from file, selected the file I pushed Here is where I am stuck: The FireTV stick can only be navigated with their remote control, which has a very basic keypad allowing to move from button to button with , , , . Unfortunately, once an interface is configured, I do not manage to navigate to the button to enable it. And here are questions to the Wireguard Android devs: - Could you let me know which Intent is sent when one enables the interface? I would like to try to enable the interface from adb. - In case Wireguard turns out to run on the FireTV, would you consider adding code to make the UI navigable? Cheers, Christophe-Marie [1]: https://www.reddit.com/r/WireGuard/comments/9zmzgv/wireguard_on_a_fire_tv_stick/ [2]: https://lists.zx2c4.com/pipermail/wireguard/2018-March/002448.html [3]: https://f-droid.org/en/packages/com.wireguard.android/ ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Connections dropped after long in-activity
On Tue, Jan 8, 2019 at 3:20 AM Muhammad Naseer Bhatti wrote: > Facing a strange issue with single and sometimes with double NAT with client > running Wireguard with the server on Public IP address. If client remains > idle for long time (more than 15 minutes) NAT table in the route is dropped > for that port combination (at the ISP side) since there is no activity, and > Wireguard does not re-establishes the connection or tries to refresh. I am > not sure why Keep alives set to 30 seconds not working either since if Keep > Alives are set this should not happen. > This should not be the case, if keep-alive is enabled. But note that it is off by default, e.g. man page The use of persistent-keepalive is optional and is by default off; setting it to 0 or "off" disables it. Otherwise it reprŠµsents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this. What does this command (replace with yours) say: wg show persistent-keepalive > Is this the desired behavior or am I missing something here? > Do a packet dump/capture and observe that there is indeed traffic (keep-alives) going from the client (wireshark, tcpdump, etc). If you use iptables, you can check packet count going through wg interface. Cheers, Kalin. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Traffic flow stopping
Hello Mike, On Tue, Jan 8, 2019 at 3:20 AM Mike O'Connor wrote: > So I've been using Wireguard to route part of my class C to my home for > about 4 months now, but for the last few days the traffic stops for a > short while every few minutes. > Does it start on its own "after few minutes"? > route part of my class C > Your configs show "allowed ips: 0.0.0.0/0, ::/0" that is you are routing everything at wireguard level. Or are you filtering/mangling in iptables ("fwmark: 0xca6c") only? > I can not think of anything which has changed, turning OpenVPN back on > fixes everything. I've tried reducing the keepalive thinking the NAT > route could have been the issue but that has not help. > "turning OpenVPN back on" ?? What/where do you do that? When ping fails, check your next hop: ip route get 8.8.8.8 It may mess up your default route, examine network config before/after "turning on OpenVPN"... bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ip route get 8.8.8.8; ping -c3 8.8.8.8" > Any ideas ? Any more tests or debug (if you tell me how) I could provide ? > Anything changing periodically like services that die and are restarted, cronjobs? Cheers, Kalin. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: issue with certain apps + wireguard
On Tue, Jan 8, 2019 at 3:22 AM Arpit Gupta wrote: > A new user here. Recently setup wireguard to run on my pi 3 + pi hole. I am > noticing some interesting behavior with certain apps. > Apps running where? Name your hosts (fakename if you prefer) for clarity. > When using Google Duo on my android phone it would not work if wireguard was > configured in split tunnel mode. When i enabled all traffic via wireguard it > worked fine. > "android phone"? How does it connect to where? > Downloading app updates my phone when on wireguard would not work regardless > if it was split tunnel or all traffic was being routed via wireguard. > Interestingly installing an app did not have any issue. > Is there wireguard tunnel starting from "phone" (end ending where?), or no? > Another issue i noticed is when i try to open lets say a pdf attachment in my > browser from gmail it gets stuck in downloading state. I then turn off > wireguard and then it works fine. > I am noob in the matters of VPN, security, network etc so i wanted to see if > people had thoughts on how i can debug this further to determine if this is > an issue with the wireguard app on my phone vs the peer running on my pi and > if there are certain types of apps i should add to my exclude list. Right now > i have added google duo and play store to it. > For a start, get one or two levels below "Google store", "app" and so on. Test with simple tools, possibly platform agnostic (ping, wget/curl). In IP networks, data travels in packets, apps talk via sockets and send those packets. Packet flow can be observed via Wireshark (tcpdump, thsark) and can be recorded in a packet capture (pcap file). Linux networking is flexible enough to allow non-working configurations (or working not in the way one thinks); examining/sharing (running) configurations is a key point (`ip addr; ip route; wg; cat /etc/resolv.conf; ping -c3 8.8.8.8` commands run as root might help). > I have confirmed pi hole is not causing issues as when i disable wireguard > applications are working fine and still using pi hole dns. > Since you have "working" and "non-working" state (i.e. when you "enable wireguard"), compare (diff) the two and try to understand what changes (execute the commands and record their output in a text file before and after: bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ping -c3 8.8.8.8" >test.good 2>&1 bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ping -c3 8.8.8.8" >test.bad 2>&1 Then compare test.{good,bad} with a diff utility (diff, sdiff, gvimdiff, etc.). When you have more than one host involved, do that for each host before/after. Cheers, Kalin. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard