WireGuard: Listen UDP over netstack fails with no route to host

# 09-04 06:02:43.900  6467 13080 D VpnLifecycle: firewall: ConnTrackerMetaData(uid=10126, usrId=0, sourceIP=10.111.222.1, sourcePort=42757, destIP=74.125.8.3, destPort=443, timestamp=1725409963900, isBlocked=false, blockedByRule=, proxyDetails=, blocklists=, protocol=17, query=rr3---sn-oj5hn5-55.googlevideo.com, connId=d51a11db5802aadd, connType=Metered)
# 09-04 06:02:43.912  6467 13080 D VpnLifecycle: flow: wg is active/lockdown/catch-all; wg14, d51a11db5802aadd, 10126; canRoute? true
# 09-04 06:02:43.913  6467 13080 I VpnLifecycle: flow: returning mark: Mark{PID:wg14,CID:d51a11db5802aadd,UID:10126,} for src(10.111.222.1: 42757), dest(74.125.8.3:443)
...
09-04 06:02:43.914  6467 13129 I GoLog   : common.go:204: VV intra: makeIPPorts(v4? true, v6? false); tot: 1; in: [74.125.8.3], out: [74.125.8.3:443]
09-04 06:02:43.914  6467 13129 I GoLog   : wgproxy.go:762: D wg: wg14 announce: start udp4 0.0.0.0:0
09-04 06:02:43.914  6467 13129 I GoLog   : wgnet.go:194: V wg: dial: translate ipp: 0.0.0.0:0 -> 0.0.0.0
09-04 06:02:43.914  6467 13129 I GoLog   : wgproxy.go:771: I wg: wg14 announce: end udp4 0.0.0.0:0; err <nil>
09-04 06:02:43.914  6467 13129 I GoLog   : udpmux.go:508: I udp: mux: d51a11db5802aadd new assoc for 10.111.222.1:42757
09-04 06:02:43.914  6467 13129 I GoLog   : udpmux.go:137: D udp: mux: d51a11db5802aadd awaiter: watching 0.0.0.0:33215 => 74.125.8.3:443
09-04 06:02:43.914  6467 13129 I GoLog   : udpmux.go:281: I udp: mux: d51a11db5802aadd route: egress #1 new for 74.125.8.3:443; stats: &{0 {13956101688201358586 26913300621836 487147180032} {{} 1} {{} 0} {{} 0}}
09-04 06:02:43.914  6467 13129 I GoLog   : connmap.go:58: D connmap: track: 2 conns for d51a11db5802aadd
...
09-04 06:02:43.915  6467 13047 I GoLog   : common.go:39: D intra: d51a11db5802aadd upload(0) done(write udp 0.0.0.0:33215->74.125.8.3:443: no route to host) b/w a(10.111.222.1:42757->100.94.246.245:443) => b(0.0.0.0:33215<-74.125.8.3:443)
09-04 06:02:43.915  6467 13150 E GoLog   : icmp.go:208: E udp: mux: d51a11db5802aadd demux: write: 0.0.0.0:33215 => 74.125.8.3:443; done(sz: 0/1250); err? write udp 0.0.0.0:33215->74.125.8.3:443: no route to host
...
09-04 06:02:43.915  6467 13047 I GoLog   : udpmux.go:398: I udp: mux: d51a11db5802aadd demux from 0.0.0.0:33215 => 74.125.8.3:443 closed
09-04 06:02:43.915  6467 13047 I GoLog   : udpmux.go:292: I udp: mux: d51a11db5802aadd unrouting... 0.0.0.0:33215 => 74.125.8.3:443
09-04 06:02:43.915  6467 13047 I GoLog   : common.go:50: D intra: d51a11db5802aadd download(0) done(use of closed network connection) b/w a(10.111.222.1:42757->100.94.246.245:443) => b(0.0.0.0:33215<-74.125.8.3:443)
...
09-04 06:02:43.915  6467 13047 I GoLog   : udpmux.go:385: D udp: mux: d51a11db5802aadd demux 0.0.0.0:33215 => 74.125.8.3:443 close, in: 0, over: 0
09-04 06:02:43.916  6467 13047 I GoLog   : udpmux.go:385: D udp: mux: d51a11db5802aadd demux 0.0.0.0:33215 => 74.125.8.3:443 close, in: 0, over: 0
09-04 06:02:43.916  6467 13047 I GoLog   : connmap.go:69: D connmap: untrack: 2 conns for d51a11db5802aadd
...
09-04 06:02:44.844  6467 13129 I GoLog   : udpmux.go:385: D udp: mux: d51a11db5802aadd demux 0.0.0.0:33215 => 74.125.8.3:443 close, in: 0, over: 0
09-04 06:02:44.844  6467 13129 I GoLog   : udpmux.go:398: I udp: mux: d51a11db5802aadd demux from 0.0.0.0:33215 => 74.125.8.3:443 closed
09-04 06:02:44.844  6467 13129 I GoLog   : udpmux.go:292: I udp: mux: d51a11db5802aadd unrouting... 0.0.0.0:33215 => 74.125.8.3:443
09-04 06:02:44.844  6467 13129 I GoLog   : udpmux.go:385: D udp: mux: d51a11db5802aadd demux 0.0.0.0:33215 => 74.125.8.3:443 close, in: 0, over: 0
09-04 06:02:44.844  6467 13129 I GoLog   : udpmux.go:385: D udp: mux: d51a11db5802aadd demux 0.0.0.0:33215 => 74.125.8.3:443 close, in: 0, over: 0
09-04 06:02:44.844  6467 13129 I GoLog   : udpmux.go:385: D udp: mux: d51a11db5802aadd demux 0.0.0.0:33215 => 74.125.8.3:443 close, in: 0, over: 0
...
09-04 06:02:44.844  6467 13129 E GoLog   : icmp.go:208: E udp: mux: d51a11db5802aadd demux: write: 0.0.0.0:33215 => 74.125.8.3:443; done(sz: 0/1250); err? write udp 0.0.0.0:33215->74.125.8.3:443: no route to host
celzero / firestack

WireGuard: Listen UDP over netstack fails with no route to host #90
