v055l (F-Droid): Connection of Fritz apps interrupts / Unstable WireGuard connection

[Kamika242]

Since v055l the Fritz app tells me "An error occurred" after opening and the Fritz Fon app always loses the connection (telephony inactive) or tells me it's connected to the guest-wifi, but this is disabled or "Fritzbox not reachable". Sometimes the connection is ok. After opening the Fritzbox configuration page via browser it starts to load and the content is visible, then it stops with message "Error: connection broken", this happens on 2 devices with v055l, no matter if the Fritz apps are tunneled through Wireguard or not. On a device with v055j no problems with the Fritz app and the Fritz configuration page opens normally, but the Fritz Fon app isn't able to find the Fritzbox, even not when typing in the IP address manually, also not in v055l. On a Linux Mint laptop the Fritzbox configuration page also opens normally, the issue is definitely caused by v055l. There where no updates of the Fritz apps in between. All happens in home or mobile network, it seems that the Wireguard connection to the Fritzbox sometimes isn't recognised as a home network connection. I tried to change several DND and network options in RethinkDNS, no solution.

[ignoramous]

We don't have a Fritz Box. Can you please see if you can email us (mz at celzero dot com) logs exactly as this issue happens? Make sure to put Rethink in Very Verbose from Configure -> Settings -> Log level.

# note the current size; the default is usually 256kb
adb logcat -g

# increase log buffer size to 16mb
adb logcat -G 16M

# see if it switched to 16mb
adb logcat -g

# now, at some later time, when fritz-box does not work, capture logs
# make sure Rethink is at "Very Verbose" in Configure -> Settings -> Log level

# capture logs
# ref: https://www.xda-developers.com/how-to-take-logs-android/
adb logcat > /path/to/file

# compress with gzip
# the command below creates /path/to/file.gz
gzip -k /path/to/file 

# email mz at celzero dot com
# and mention this GitHub issue

[Kamika242]

We don't have a Fritz Box. Can you please see if you can email us (mz at celzero dot com) logs exactly as this issue happens? Make sure to put Rethink in Very Verbose from Configure -> Settings -> Log level.

It's much easier for me to capture logs directly on the device via the Logcat Reader app from F-Droid, wouldn't this be enough for you? Here is a screenshot with the actual settings, should I change something before capturing?

Thank you!

screenshot

img0: 

[ignoramous]

device via the Logcat Reader app from F-Droid, wouldn't this be enough for you

I doubt it can change logcat buffer size to 16mb, though?

Let's try. Hopefully, Logcat Reader is up to its job.

[Markuzcha]

Another user here. I can reproduce the issue with the FritzBox configuration page in the browser. It appeared with the recent update from f-droid v0.5.5l

If the Logcat Reader output doesn't reveal enough for debugging, then please let me know, I can try to retrieve the log via adb as described.

Furthermore I discovered that this issue with the interrupted loading of the config webpage disappears, when I'm in local WiFi + not using the app's WireGuard Proxy + choosing Rethink's "DNS Only" mode (i.e. deactivating the firewall).

Yet, my Rethink firewall had no universal rule, no app specific rules, only a list of IMO unrelated domain rules set up in the firewall. From the latter all were allowing rules, to bypass some RethinkDNS filter blocks, only one is a blocking rule, but for "locationhistory-pa.googleapis.com".

[Kamika242]

Another user here. I can reproduce the issue with the FritzBox configuration page in the browser.

Ah, thank you, so I am not alone.

Furthermore I discovered that this issue with the interrupted loading of the config webpage disappears, when I'm in local WiFi + not using the app's WireGuard Proxy + choosing Rethink's "DNS Only" mode (i.e. deactivating the firewall).

On my mobile phone the Fritz apps are tunnelled through Wireguard in lockdown mode, on my tablet not, the config page loading interruption and the unspecified "An error occurred" in the Fritz app happen on both devices. The only firewall rule I have set is "Block when DNS is bypassed".

The Fritz Fon App is successfully connected for a while now, but ongoing in between the connection is lost or connected to the imaginary guest network (Wi-Fi). The connection is most stable with the option "Never proxy DNS" set to on.

[ignoramous]

Remove fritz.box (domain name) from WireGuard config's Peer endpoint if there's an IPv4 address already in the config and see if things work? If there's both IPv6 and IPv4 addresses, then remove the IPv6 address as well (along with the domain name).

• 1483

[Kamika242]

Remove fritz.box (domain name) from WireGuard config's Peer endpoint if there's an IPv4 address already in the config and see if things work? If there's both IPv6 and IPv4 addresses, then remove the IPv6 address as well (along with the domain name).

Unfortunately this doesn't help. There is only an IPv4 entry and it doesn't matter if I remove the additional "fritz.box" entry or not. I also tried to switch back the Fritzbox and Rethink to IPv4-only mode and restarted all, problem still persists (and also on devices without Wireguard).

[ignoramous]

I also tried to switch back the Fritzbox and Rethink to IPv4-only mode and restarted all, problem still persists (and also on devices without Wireguard).

Gotcha. We're working on multiple fixes that seem related to what you're seeing. When the new version is out, hopefully, this issue is also gone.

That said, if you can capture (Configure -> Settings -> Log Level -> Very Verbose) logs from immediately the time this happens, I'd appreciate that as well.

[Kamika242]

Gotcha. We're working on multiple fixes that seem related to what you're seeing. When the new version is out, hopefully, this issue is also gone.

Great to hear, thank you!

That said, if you can capture (Configure -> Settings -> Log Level -> Very Verbose) logs from immediately the time this happens, I'd appreciate that as well.

Just sent to the known email address.

[Kamika242]

Meanwhile I went back to v055j. The Fritz app here shows a successful connection to the home network (in WiFi and mobile network via Wireguard), the Fritzbox config page loads fully and without interruption in the browser, but sometimes via (in this case correct) the Fritzbox's home IP (192.168. ...) and sometimes via the personal public address (... .myfritz.net), what should never happen in the home network. I suspect Rethink sometimes doesn't recognise correctly that it is connected to the WiFi home network and this also might be the reason for the connection problems of the Fritz Fon app. Additionally there is the very unstable Wireguard connection and here is an urgent need of a stable option to bypass Wireguard in the home network, I think.

No criticism, just wanted to report my experiences. I'm very patient again. Thanks!

[ignoramous]

Thanks.

Know that we are working on stability for quite a few versions now. And hopefully, in not so distant future, these investments will pay up.

WireGuard really has not been as easy to support as I first imagined. While hardware/software like Fritz have their own quirks and it isn't always clear why it does what it does (esp, since we don't own one, to be able to test things).

Additionally there is the very unstable Wireguard connection and here is an urgent need of a stable option to bypass Wireguard in the home network, I think.

This requires location permission, but it is something we want to do once we get other important/priority issues out of the way.

Ex:

• 1130

• 1294

[Kamika242]

Issue still persists in v055n (F-Droid).

[ignoramous]

Issue still persists in v055n (F-Droid)

Unfortunately, we are shooting in the dark trying to fix this issue with no access to fritzbox. Can you please resend them for v055n? We are going to make sharing debug/verbose logs easier in v055o (ie, adb logcat wouldn't be required).

From the logs you did share before, we did fix the errors we saw in them.

[Kamika242]

Just wanted to tell.

On my mobile phone I'll stay with v055a, the most reliable version for a stable connection of the Fritz Fon app via Wireguard, on my tablet I'll stay on v055j, the last version with working access to the Fritzbox configuration page via Browser. On another tablet (test device) I try out the latest releases.

I think more logcats wouldn't make sense as they seem to show up no differences to the log just sent?. Maybe in the future the issue is solved "by magic" and if not, no problem for me as I stay with the aforementioned versions.

[ignoramous]

think more logcats wouldn't make sense as they seem to show up no differences to the log just sent

In each new version we add more debug logs for issues we fix, and change a bunch of things, so the logs do make a difference.

[Kamika242]

Ah, thank you, that's something I didn't know!

Another still unanswered question, are the logs from the "Logcat Reader" app enough or are logs via ADB more useful?

[ignoramous]

Another still unanswered question, are the logs from the "Logcat Reader" app

Someone shared logs from LogFox, and it was enough because their phone was either rooted or LogFox used device admin (one of Shizuku / adb) capabilities to read logs of other apps: https://github.com/celzero/rethink-app/issues/1513#issuecomment-2149715248

Hopefully, in v055o this entire business of capturing logs with external tools isn't required for debugging cases like these (using the custom log capture tool we are implementing).

[Kamika242]

Ok, just recorded a log using Logfox and sent it zipped as an additional attachment to an error report email to hello@... . My Phone isn't rooted and I don't know how this Shizuku stuff works, so recording in Logfox happened only via the internal ADB permission.

[ignoramous]

From the logs that were sent and additional observation shared over email by @Kamika242 (that Rethink might be re-connecting too soon and that this issue started happening after v055f, a version since which we started refactoring how we handle TCP on port 443 ie HTTPS connections), I think we've found the bug (though we can't be sure until we re-test the next version, v055o due in 2 days or so, with FritzBox): https://github.com/celzero/firestack/commit/f68de7c5f4f0c936fa7c65bedaf197040030b085 (edit: on a second though... may be not)...