175
Mullvad and Tailscale Announce Partnership
(mullvad.net)
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
I had it set up pretty well with OPNSense as the wireguard gateway into my home and the official wireguard client on my lineage phone and it was working great for a year but something changed recently where it's become really unreliable. The problem is not OPNSense, but my phone. Not sure if it's the client or lineageos causing problems.
My WG Android client is so stable that I forget I have it on. I'm not running Lineage, though, so maybe that helps? Why are you sure it's not OPNSense? Also, there have been rumors of some carriers subtly sabotaging VPN connections; have you eliminated that?
It might be OPNSense, but the problem occurs when I leave my house. My network connectivity dies when it switches from wifi to mobile data, only to recover when I disable then re-enable wireguard. This indicates to me that the android client is not properly updating routes or DNS settings during the network change, or lineage OS is doing something wonky, but I could be wrong.
Interesting. Underlying network changes shouldn't make a difference to WG; TCIP routing is dynamic.
But you may be onto something about DNS. If, when you switch networks, the OS is overwriting the DNS server information that WG set up, that would do what you're describing. Restarting WG would re-assert the DNS serves that are configured. The one hitch is that normally this would only cause leakage, not failure to resolve... overwriting WG's DNS servers with public ones should still work.
Still, it's a good intuition, and if it were me, that's where I'd look.
Ok, it's not DNS. I opened a Termux terminal and tried pinging an IP on my network. No luck. Stopped and restarted the wireguard connection, and was able to ping the machine.
Good idea! Weird. I wonder if one of the networking apps could provide some diagnostics.
If you're using Termux, you could install the whole suite of common Linux networking tools, like traceroute. I haven't gone down this route before; I don't know how far you can go.
I'm also unfamiliar with OPSense, and don't know how the two apps interact. Good luck!
Thanks!
You know what, I think you are right, it is almost certainly a DNS. I have Adguard setup at home, so I route all my DNA requests through wireguard even though I'm using a split tunnel. That would explain why everything dies, even traffic that shouldn't be going through the tunnel.
I'll keep pulling on that thread, thanks for the insight.