Closed oskirby closed 3 years ago
I think I have narrowed the problem down a bit. The packets are being dropped by the windows firewall, which is being enabled by Wireguard whenever a default route is found in the allowedIPs (see: https://github.com/WireGuard/wireguard-windows/blob/ba4edc55c4712016921bea54dbd7c0408a69ae7b/tunnel/addressconfig.go#L177). This can occur when IPv6 is enabled and local network access is disabled.
This could possibly be explained as a wireguard bug, since an IPv6 setting is causing IPv4 traffic to get blocked... but we ought to be able to program something in the firewall to permit this traffic.
There are two ways that we can approach this issue:
::/0
route into 8000::/1
and ::/1
), so that wireguard never tries to program the firewall.I'm inclined to prefer the 2nd option since that also helps pave the way for multihop tunneling, even though it is probably more work.
➤ Valentina Virlics commented:
Verified this on the last VPN 2.5.0 (2.202109080337) build while using Windows 10. The Captive Portal notification is not displayed no mater what is checked/unchecked in Network Settings.
There seems to be an issue when the VPN is on that prevents network access to the addresses excluded from the tunnel (such as the captive portal and the VPN server's public IP address). This results in a bunch of error messages in the log like this:
We can confirm that a problem exists by attempting to ping the captive portal and the VPN server. In my case, they were 34.107.221.82 and 89.44.10.162 respectively, both of which report a general failure.
mozillavpn-captive-portal-failure.txt
┆Issue is synchronized with this Jira Task