search

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
https://rethinkfirewall.com/
Apache License 2.0
2.61k stars 132 forks source link

WireGuard-connection fails because using ipv6 #1483

Open cybgh7 opened 4 weeks ago

cybgh7 commented 4 weeks ago

Fresh installation of v0.5.5m on a fresh installed GrapheneOS device with default RethinkDNS configuration. When configuring a WireGuard-connection within RethinkDNS and trying to start the connection, the connection cannot be established.

When using the official WireGuard client on the same device, the connection can successfully be established.

The RethinkDNS log says "Failed to send handshake initiation: write udp6, sendto: network is unreachable". Changing ip-version from default "IPv4" to "IPv6" or "Auto" (in RethinkDNS) does not change anything. Changing DNS in RethinkDNS from "Rethink DNS" to "System DNS" (and restarting RethinkDNS after that) does not change anything.

The destination to connect to is a dynamic dns, which resolves to ip4 and ip6 addresses. When editing the peer in RethinkDNS/WireGuard/Peer and changing the dns to a fixed ipv4-address, the connection can be established. When using dns again, connection cannot be established anymore. It seems, RethinkDNS always tries to use ipv6 address and fails.

soshial commented 4 weeks ago

I have the same problem.

Using RethinkDNS with IPv6 setting: screenshot:
Using Wireguard: screenshot:
ignoramous commented 4 weeks ago

Thanks. Looks like the official WireGuard for Android simply skips IPv6 while Rethink assumes dual-stack.

https://github.com/WireGuard/wireguard-android/blob/4ba87947ae3346280da76e13ef6981a631e43c3c/tunnel/src/main/java/com/wireguard/config/InetEndpoint.java#L97

We're going to fix our dual-stack impl to better handle IPv6 scenarios (like we had before: #1002).

soshial commented 4 weeks ago

Thank you so much — I donated today as a gratitude for your efforts. I'm looking forward to see the connection getting more stable.

soshial commented 4 weeks ago

As an example: Google Maps simple doesn't work, when IP mode is set to AUTO (ipv4+ipv6) in Configure -> Network. And can't find in logs what actually causes the problem :(

screenshots 3:
ignoramous commented 4 weeks ago

And can't find in logs what actually causes the problem :(

Are you technical enough? If so, put Rethink in Very Verbose from Configure -> Settings -> Log level, and then start capturing adb logcat | grep "GoLog".

Google Maps simple doesn't work

You mean, Some WireGuard (in Simple mode) with a IPv6 Peer Endpoint? Try removing the IPv6 address and any domain names (from Peer), and that should bypass the bug (while you wait for the fix to land).

weedy commented 3 weeks ago

Everything used to be fine in 55i, I had no problems starting Warp from ipv4 only internet connections.

Ever since upgrading past i it's been broken.

ignoramous commented 3 weeks ago

Ever since upgrading past i it's been broken.

Apologies. This bug is a priority for us.

As a workaround while we root-cause to release a fix: remove engage.cloudflareclient... from Peer's endpoint configuration and replace it with its equivalent IPv4 addr: 162.159.192.1 (preserving the port number from the original config).