Re: [Android] Wireguard on the Amazon FireTV stick
Looks like the intent com.wireguard.android.action.SET_TUNNEL_UP does not do much. I tried to start the tunnel like this: am broadcast -a com.wireguard.android.action.SET_TUNNEL_UP -e tunnel wg0 -n com.wireguard.android/.model.TunnelManager After further investigation, the code to handle this intent is deactivated [1]. Any help would be appreciated! [1]: https://git.zx2c4.com/wireguard-android/tree/app/src/main/java/com/wireguard/android/model/TunnelManager.java#n275 ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [Android] Wireguard on the Amazon FireTV stick
> > I guess it allows also a full shell... adb shell ? > Yes, adb shell works. > No way to plug USB keyboard? > A keyboard would not help, you can't focus the area I need with the arrows. You need a mouse. It is also impossible to connect a Bluetooth mouse on the Fire TV stick (only on the regular Fire TV [1]). > Or better controller: https://www.youtube.com/watch?v=QfmuXuYI288 > This is their smartphone app, it does not give you better control of the UI, it is just a virtual remote. > > https://git.zx2c4.com/wireguard-android/tree/app/src/main/AndroidManifest.xml#n49 > So I guess the correct intent would be com.wireguard.android.action.SET_TUNNEL_UP, but I guess I need to provide the name of the interface as a payload? Thanks for the pointer, I'll dig in the code to see how the payload needs to be provided. [1]: https://www.amazon.com/gp/help/customer/display.html?nodeId=201739960 "You cannot connect a keyboard or mouse to Fire TV Stick." ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [Android] Wireguard on the Amazon FireTV stick
On Tue, Jan 8, 2019 at 11:27 AM Christophe-Marie Duquesne wrote: > > Hi there, > > I tried to run Wireguard on the FireTV stick. The only other relevant > reference I found for doing this was on reddit [1], where people recommended > to use TunSafe. TunSafe is unfortunately still closed-souce (AFAIK), and the > wireguard developers have already expressed negative opinions against it [2], > so I would rather use the official app instead. I am reporting here so that > people interested in doing the same thing find this thread and know what has > been attempted. > Great! > Here is where I am stuck: > The FireTV stick can only be navigated with their remote control, which has a > very basic keypad allowing to move from button to button with , , > , . Unfortunately, once an interface is configured, I do not > manage to navigate to the button to enable it. > I guess it allows also a full shell... adb shell ? No way to plug USB keyboard? Or better controller: https://www.youtube.com/watch?v=QfmuXuYI288 > And here are questions to the Wireguard Android devs: > - Could you let me know which Intent is sent when one enables the interface? > I would like to try to enable the interface from adb. > https://git.zx2c4.com/wireguard-android/tree/app/src/main/AndroidManifest.xml#n49 ? Kalin. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[Android] Wireguard on the Amazon FireTV stick
Hi there, I tried to run Wireguard on the FireTV stick. The only other relevant reference I found for doing this was on reddit [1], where people recommended to use TunSafe. TunSafe is unfortunately still closed-souce (AFAIK), and the wireguard developers have already expressed negative opinions against it [2], so I would rather use the official app instead. I am reporting here so that people interested in doing the same thing find this thread and know what has been attempted. Here is what worked do so far: - Install the app - Load a configuration for an interface Here is what I still cannot do: - Start the interface - Automatically start it at boot How to reproduce: - Install the app: - On the FireTV: - activate the relevant developer options on the FireTV stick (adb and external sources) - On a workstation: - visit F-Droid [3] and download the apk adb start-server adb connect adb install com.wireguard.android_445.apk - Load a configuration: - On a workstation: adb push wg0.conf /sdcard - On the FireTV: - navigated the menu to create a configuration from file, selected the file I pushed Here is where I am stuck: The FireTV stick can only be navigated with their remote control, which has a very basic keypad allowing to move from button to button with , , , . Unfortunately, once an interface is configured, I do not manage to navigate to the button to enable it. And here are questions to the Wireguard Android devs: - Could you let me know which Intent is sent when one enables the interface? I would like to try to enable the interface from adb. - In case Wireguard turns out to run on the FireTV, would you consider adding code to make the UI navigable? Cheers, Christophe-Marie [1]: https://www.reddit.com/r/WireGuard/comments/9zmzgv/wireguard_on_a_fire_tv_stick/ [2]: https://lists.zx2c4.com/pipermail/wireguard/2018-March/002448.html [3]: https://f-droid.org/en/packages/com.wireguard.android/ ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Connections dropped after long in-activity
On Tue, Jan 8, 2019 at 3:20 AM Muhammad Naseer Bhatti wrote: > Facing a strange issue with single and sometimes with double NAT with client > running Wireguard with the server on Public IP address. If client remains > idle for long time (more than 15 minutes) NAT table in the route is dropped > for that port combination (at the ISP side) since there is no activity, and > Wireguard does not re-establishes the connection or tries to refresh. I am > not sure why Keep alives set to 30 seconds not working either since if Keep > Alives are set this should not happen. > This should not be the case, if keep-alive is enabled. But note that it is off by default, e.g. man page The use of persistent-keepalive is optional and is by default off; setting it to 0 or "off" disables it. Otherwise it reprŠµsents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this. What does this command (replace with yours) say: wg show persistent-keepalive > Is this the desired behavior or am I missing something here? > Do a packet dump/capture and observe that there is indeed traffic (keep-alives) going from the client (wireshark, tcpdump, etc). If you use iptables, you can check packet count going through wg interface. Cheers, Kalin. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Traffic flow stopping
Hello Mike,
On Tue, Jan 8, 2019 at 3:20 AM Mike O'Connor wrote:
> So I've been using Wireguard to route part of my class C to my home for
> about 4 months now, but for the last few days the traffic stops for a
> short while every few minutes.
>
Does it start on its own "after few minutes"?
> route part of my class C
>
Your configs show "allowed ips: 0.0.0.0/0, ::/0" that is you are
routing everything at wireguard level.
Or are you filtering/mangling in iptables ("fwmark: 0xca6c") only?
> I can not think of anything which has changed, turning OpenVPN back on
> fixes everything. I've tried reducing the keepalive thinking the NAT
> route could have been the issue but that has not help.
>
"turning OpenVPN back on" ?? What/where do you do that?
When ping fails, check your next hop:
ip route get 8.8.8.8
It may mess up your default route, examine network config before/after
"turning on OpenVPN"...
bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ip route get
8.8.8.8; ping -c3 8.8.8.8"
> Any ideas ? Any more tests or debug (if you tell me how) I could provide ?
>
Anything changing periodically like services that die and are
restarted, cronjobs?
Cheers,
Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: issue with certain apps + wireguard
On Tue, Jan 8, 2019 at 3:22 AM Arpit Gupta wrote:
> A new user here. Recently setup wireguard to run on my pi 3 + pi hole. I am
> noticing some interesting behavior with certain apps.
>
Apps running where? Name your hosts (fakename if you prefer) for clarity.
> When using Google Duo on my android phone it would not work if wireguard was
> configured in split tunnel mode. When i enabled all traffic via wireguard it
> worked fine.
>
"android phone"? How does it connect to where?
> Downloading app updates my phone when on wireguard would not work regardless
> if it was split tunnel or all traffic was being routed via wireguard.
> Interestingly installing an app did not have any issue.
>
Is there wireguard tunnel starting from "phone" (end ending where?), or no?
> Another issue i noticed is when i try to open lets say a pdf attachment in my
> browser from gmail it gets stuck in downloading state. I then turn off
> wireguard and then it works fine.
> I am noob in the matters of VPN, security, network etc so i wanted to see if
> people had thoughts on how i can debug this further to determine if this is
> an issue with the wireguard app on my phone vs the peer running on my pi and
> if there are certain types of apps i should add to my exclude list. Right now
> i have added google duo and play store to it.
>
For a start, get one or two levels below "Google store", "app" and so
on. Test with simple tools, possibly platform agnostic (ping,
wget/curl).
In IP networks, data travels in packets, apps talk via sockets and
send those packets. Packet flow can be observed via Wireshark
(tcpdump, thsark) and can be recorded in a packet capture (pcap file).
Linux networking is flexible enough to allow non-working
configurations (or working not in the way one thinks);
examining/sharing (running) configurations is a key point (`ip addr;
ip route; wg; cat /etc/resolv.conf; ping -c3 8.8.8.8` commands run as
root might help).
> I have confirmed pi hole is not causing issues as when i disable wireguard
> applications are working fine and still using pi hole dns.
>
Since you have "working" and "non-working" state (i.e. when you
"enable wireguard"), compare (diff) the two and try to understand what
changes (execute the commands and record their output in a text file
before and after:
bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ping -c3
8.8.8.8" >test.good 2>&1
bash -c "ip addr; ip route; wg; cat /etc/resolv.conf; ping -c3
8.8.8.8" >test.bad 2>&1
Then compare test.{good,bad} with a diff utility (diff, sdiff,
gvimdiff, etc.). When you have more than one host involved, do that
for each host before/after.
Cheers,
Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
