Hello Aaron,
thanks for your reply.
This would be technically achievable, but note that WireGuard
uses UDP, which has no concept of "connections". See also
below.
That is understood. But one can distinguish between a situation where a
(not sure about an alternative word) "connection" was established and
where not.
By the way: What does the Green Symbol today in the windows-client tell
me? Currently, I find it totally mis-leading. I think today it only
shows that:
1) the domain could be resolved to an IP
2) data was sent to it
That seems not very useful.
> 2) If a wireguard server responds, but the key is not valid
WireGuard does not respond if the keys are not valid. See
section 5.1 ("Silence is a Virtue") in the WireGuard
whitepaper [1].
Then, Silence is also a sign of a failed connection, no? --> red symbol.
But ok, it cannot show the reason "key invalid".
> 3) If the connection fails, the Windows Client should show
> a RED symbol under status.
This could only be determined by a previously-in-use session
having had no packets received for greater than the maximum
rekey interval (2 minutes).
Why? If a connection is established, data is received, in my experience
--> green Symbol. If no data is received --> red.
Sorry, but having to check the "bytes received" and ignoring the green
symbol is hardly intuitive (a bit geeky, if I may say that). The 99%
user does not know the backgrounds and/or the whitepaper.
However, WireGuard itself will not send any data if it has no
data to send (same section of the whitepaper), and so if you
are not using the tunnel for 2 minutes, this would be
indistinguishable from a failed tunnel.
Well, I was only thinking about the esablishing of a connection, not the
situation while a tunnel is up (but not used).
So, I understand that an icon that was turned green once may have to
stay green (as one cannot distinguish between no data *intended* to be
transmitted and no data transmitted *unintendedly*/failed connection.
Unless:
An exception is if you enable keepalives; they are 0-length
data packets.
In that case, the Icon would always be able to reflect the real status.
Now, would that not be something for the ToDo List?
Best regards,
Hendrik
[1] https://www.wireguard.com/papers/wireguard.pdf
Regards,
Aaron Jones
