search

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
https://rethinkfirewall.com/
Apache License 2.0
2.58k stars 129 forks source link

Always-on Wireguard fails on first start after reboot #1533

Open weedy opened 6 days ago

weedy commented 6 days ago

I can repro this best rebooting my phone.

As far as I can tell there's some timing weirdness at boot where it doesn't resolve the endpoint domain before setting up the tunnel.

And since I use "Always on", all other DNS queries fail and I have no connectivity to the internet.

Closing and opening rethink fixes everything and it never happens again unless I reboot.

DNS: DoT Advanced DNS: no DNS booster: yes Never proxy DNS: no

Proxy: Warp, always-on

Loopback proxy: no Do not local IPs: yes IP version: auto Connectivity checks: yes

ignoramous commented 6 days ago

Sounds terrible.

I am unable to reproduce the issue you're seeing.

Does your WireGuard not setup an IP at all for Peer Endpoint? Not being able to resolve IPs for an endpoint is an unrecoverable failure (ie, the WireGuard tunnel isn't even started).

Are you technical enough? If so, can you capture output from adb logcat? Make sure to put Rethink in Very Verbose mode from Configure -> Settings -> Log level.

# note the current size; the default is usually 256kb
adb logcat -g

# increase log buffer size to 16mb
adb logcat -G 16M

# see if it switched to 16mb
adb logcat -g

# after boot, when WireGuard does not work, capture logs
# make sure Rethink is at "Very Verbose" in Configure -> Settings -> Log level

# capture logs
# ref: https://www.xda-developers.com/how-to-take-logs-android/
adb logcat > /path/to/file

# compress with gzip
# the command below creates /path/to/file.gz
gzip -k /path/to/file 

# email mz at celzero dot com
# and mention this GitHub issue

Closing and opening rethink fixes everything

The next time, will you please see if tapping on the "refresh" button at the top right-hand corner in Configure -> Proxy UI fixes it?

And since I use "Always on", all other DNS queries fail and I have no connectivity to the internet.

You can disable, if you so wish, this behaviour by turning ON Never proxy DNS in Configure -> DNS.

Cache

Cache isn't used when resolving WireGuard Peer endpoints.

weedy commented 6 days ago

Screenshot_20240611_201734_com.celzero.bravedns.jpg

I can get logcat, but it will have to be later when I have my real laptop.

So I can get more info by turning on airplane mode and playing with Rethink. Then I get a toast from Rethink and no change in brokenness.

Refresh button doesn't help.

Never proxy DNS gets me lookups, but the tunnel still don't repair themselves. So I'm wrong about system DNS cache/resolver.

I was referring to system DNS cache, but doesn't matter I was wrong on that.

Assuming this is the same error I guess I don't have fully connected network at the time of Rethink launch and the interfaces aren't coming up properly.

No amount of flipping airplane mode or switching from LTE to WiFi and back clears it. I have to Stop/Start or turn off always on. Without Always on I haven't configured any apps for my main VPN tunnel, it seems up pop up then.

ignoramous commented 6 days ago

Looks like, like I mentioned above, not being able to resolve a Peer Endpoint domain name is not a recoverable failure (even with "refresh"). I'll try to make it recoverable with "refresh", but no guarantees.

As for why it consistently happens after a reboot is baffling. Logs would help understand just what's going on.