search

mullvad / wgephemeralpeer

Mullvad Post-Quantum-secure WireGuard tunnels for vanilla WireGuard and custom integrations.
https://mullvad.net
GNU General Public License v3.0
8 stars 1 forks source link

Bug: OpenWrt "Context deadline exceeded" #3

Closed Handrail9 closed 2 months ago

Handrail9 commented 2 months ago

Hi, I was troubleshooting this with Mullvad support recently and figured it may be helpful to file a bug report to track the issues status. Summary: OpenWrt is a Linux-kernel based embedded systems OS typically used for routers. The current Armv7 build does not appear to be compatible with OpenWrt.

What has been tried: I tried the pre-compiled binary and compiling from source on an x64 machine. Unfortunately my box does not have enough storage to compile on device, and it appears symlinking the hard coded dependency folder that the program is built in will not allow me to compile (meaning that using flash storage on a usb port of the device wouldnt work for me either to compile on the armv7 device). I may try again when I get some more free time. Regardless the precompiled Image and self compiled armv7 Image produce the same error (seen below)

Notes: OpenWrt can connect to the regular Mullvad Wireguard server fine. I confirmed this with the support tech, the issue is only with creating a quantum secure connection. OpenWrt unfortunately does not support regular WireGuard config files, and uses their own implementation. This effectively means the provided "PostUp" command that needs to be added to the WireGuars config can't be added, although I have been made aware that their replacement method is called hotplugs which I tried to write the equivalent script for. I will add it to this issue when I get the time. It should also be noted that OpenWrt does not provide the wg-quick command.

Error message: ` ``root@OpenWrt:~# ./mullvad-upgrade-tunnel -wg-interface Mullvad unable to connect ephemeral peer, context deadline exceeded```

As a last remark, thank you guys for being so helpful and making such a useful product. Mullvad is the best VPN provider Ive ever had and I hope it stays that way :)

mvd-ows commented 2 months ago

Hi,

Thanks for reaching out.

We suspect that your routing may prevent the mullvad-upgrade-tunnel utility from reaching the internal relay IP. With an active WireGuard tunnel, you should be able to ping 10.64.0.1. The service being connected to by mullvad-upgrade-tunnel listens on TCP 10.64.0.1:1337.

For additional assistance, please resume your support ticket and attach the output of:

(Run these on the router)

ip a ip r

Thanks.

Handrail9 commented 2 months ago

I think I may have found my issue. I am using Policy-based routing so not all traffic was being passed through WG. I had to add the IP to the WG rule and it fixed it right up. Thank you for the help!

mvd-ows commented 2 months ago

Excellent, thanks for the update.