<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000">Yes, your problem sounds quite similar to mine. However, I'm running into this issue on several different networks -- both wifi and cellular. To be clear: I haven't found a pattern of networks where this does / doesn't happen.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000">Details of my config:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><ul><li><div class="gmail_default">I'm running on an iPhone 8+; I've experienced this problem on both iOS 12.x and 13.x.</div><div class="gmail_default"></div></li><li>I used Algo to setup a VPN endpoint on a new Digital Ocean droplet (<a href="https://github.com/trailofbits/algo" target="_blank" style="font-family:Arial,Helvetica,sans-serif">https://github.com/trailofbits/algo</a>), and installed the Wireguard iOS app (v0.0.20191015 (15) / 0.0.20190909) on my iPhone 8+.<br></li><ul><li>My Droplet is in the Digital Ocean datacenter in North Bergen, NJ.</li></ul><li>I have the iOS Wireguard client set for "on-demand activation" on both Cellular and Wi-Fi (Any SSID).</li><li>When this problem occurs, I find that going into iOS Settings --> VPN and toggling the VPN off (which then immediately toggles back on, because of the Wireguard "on-demand" settings) fixes the problem. I do not need to go to Airplane mode or otherwise disconnect from / reconnect to the current network.</li><li>I have not found a pattern for when this happens / when this does not happen:</li><ul><li>Sometimes it happens when I switch from network A to network B, but other times -- when switching from the same network A to B -- it doesn't happen.</li><li>Sometimes when I wake up in the morning (when my phone has been charging on wifi all night), when I first pick it up in the morning, it is in this state.</li><li>It also happens sometimes when it's been sitting idle on my desk next to me for a while -- i.e., it's been on the same network for an extended period of time.</li><li>The only common thing that I have noticed is that it does not happen in the middle of interactive use. If it's working, it stays working / traffic keeps flowing for the duration of my interactive use. Specifically: I have only ever found it in this state right after unlocking my phone to use it (usually after it has been sitting with the screen locked or off for some period of time).</li></ul><li>If you wait long enough, sometimes the failed handshakes resolve themselves (see below). That usually takes many minutes (about 4 minutes in the screencast, below). I usually don't have that kind of patience, and just toggle the VPN on/off, which always seems to fix the problem immediately.</li></ul><div><div> <a href="https://youtu.be/9188GaszaLw" target="_blank">Here's a sorta-long screencast showing when this happened back on 11/27</a>. The behavior is the same today / in late Jan 2020; I just recorded this back when this started. Here's some notable points in the video:</div><div><ol><li style="margin-left:15px">The beginning shows that everything appears to be connected.</li><li style="margin-left:15px">At 0:22, I go into WG to show the current log, and you see the failed handshake messages.</li><li style="margin-left:15px">At 0:56, you see me try to load the zx2c4 "what's my IP?" page, and it hangs.</li><li style="margin-left:15px">At 1:38, you see me go back into WG and you can see all the failed handshake messages scroll by.</li><li style="margin-left:15px">Suddenly, at 3:53, the handshake succeeds, and now traffic appears to be flowing properly.</li><ul><li style="margin-left:15px">Note that nothing changed in my networking connectivity during that time, to my knowledge. I had 3-4 bars on AT&T.</li></ul><li style="margin-left:15px">After that (around 4:39), you can also see the IPv6 / IPv4 flip. The recording keeps going for a while, but you can probably skip the rest.</li></ol><div>Right after I finished the screencast, I saved the WG logs -- see attached. You can see all the handshake failures towards the end.</div></div></div><div><br></div><div>Is there any more information that I can provide to help diagnose this issue?</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jan 15, 2020 at 1:47 PM John <<a href="mailto:graysky@archlinux.us" target="_blank">graysky@archlinux.us</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Your issue sounds similar to mine linked below. Do you find this<br>
endless failed handshakes to be when you're connected to any network<br>
or just a specific one? I routinely connect to 4 networks in my<br>
travels and only 1 of them causes the problem.<br>
<br>
Link to my post:<br>
<a href="https://lists.zx2c4.com/pipermail/wireguard/2020-January/004858.html" rel="noreferrer" target="_blank">https://lists.zx2c4.com/pipermail/wireguard/2020-January/004858.html</a><br>
<br>
On Wed, Jan 15, 2020 at 1:31 PM Jeff Squyres <<a href="mailto:jeff@squyres.com" target="_blank">jeff@squyres.com</a>> wrote:<br>
><br>
> Over the past ~2 months, I have been experiencing an intermittent problem with the iOS WireGuard client: sometimes the WireGuard client gets into a loop of endlessly-failing handshakes, which therefore stops all traffic. If I disconnect/reconnect the WireGuard tunnel, the handshakes succeed, and traffic starts flowing normally again.<br>
><br>
> This happens multiple times a day. It has been happening with multiple versions of iOS starting with 12.x, and now with 13.x. WireGuard for iOS version 0.0.20191015(15), Go Backend 0.0.2019.0909.<br>
><br>
> I can send more details (logs, screenshots / screencast, etc.), but first: is this the right list to ask questions about the iOS client? If not, can someone point me in the right direction?<br>
><br>
> Additionally, another oddity: when my Wireguard tunnel is connected properly and I visit <a href="http://whoer.net" rel="noreferrer" target="_blank">whoer.net</a> or <a href="http://zx2c4.com/ip" rel="noreferrer" target="_blank">zx2c4.com/ip</a>, sometimes I see my WireGuard endpoint's IPv6 address, and sometimes I see my WireGuard endpoint's IPv4 address. This happens regardless of what network my iOS device (i.e., my phone) is on. Sometimes when the IPv6 address is shown and I refresh the page a few times (over the span of a few seconds), it switches to show the endpoint's IPv4 address.<br>
><br>
> Thanks!<br>
><br>
> --<br>
> {+} Jeff Squyres<br>
> _______________________________________________<br>
> WireGuard mailing list<br>
> <a href="mailto:WireGuard@lists.zx2c4.com" target="_blank">WireGuard@lists.zx2c4.com</a><br>
> <a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr">{+} Jeff Squyres</div></div>