Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(windows): NRPT DNS rules sometimes persist after reboot #4899

Closed
ReactorScram opened this issue May 6, 2024 · 1 comment · Fixed by #4918
Closed

bug(windows): NRPT DNS rules sometimes persist after reboot #4899

ReactorScram opened this issue May 6, 2024 · 1 comment · Fixed by #4918
Assignees
@ReactorScram
Labels
area/tauri_client The Windows and Linux Tauri GUI clients area/windows_client Issues related to the Windows client needs triage Issues opened by the public or need further labeling
Milestone
06/24

Comments

@ReactorScram
Copy link
Collaborator

ReactorScram commented May 6, 2024
edited

Describe the bug

I had my x64 Windows laptop sleeping or possibly shut down all weekend. I started it up just now, and Task Manager reports 3 hours of uptime, and Powershell shows that the NRPT rules for Firezone are in effect, breaking my DNS.

To Reproduce

  1. Sign in to Firezone
  2. Hold the computer's power button for about 10 seconds until it forces a shut down. (Ignore the Windows "slide to shut down" screen)
  3. Open the Start Menu and ask Windows to reboot.

To fix, open and close Firezone. You may need to reconnect to Wi-Fi, since Windows sometimes disconnects Wi-Fi if there's no Internet. (it seems)

Expected behavior

Expected Firezone NRPT rules to be removed on shutdown.

Screenshots / Logs

image

Platform (please complete the following information)

  • Component (i.e. macOS client / Linux client / Gateway / Admin portal): Windows Client
  • Firezone Version (e.g. 1.0.0 or N/A): Probably Version 1.0.1 (bc7203e) and newer. All the recent builds have the NRPT feature
  • OS and version: (e.g. Ubuntu 22.04 or N/A): Windows 11
  • Deployment method: (e.g. Docker / Systemd / App Store or N/A): Possibly MSI from CI, MSI from release page, or built from source.

Additional context

Add both to the manual checklist:

  1. Soft reboots (Start Menu)
  2. Hard reboots (holding power button)

There's at least two things to fix:

  1. We aren't catching any "system is shutting down" hint from Windows and using it to trigger cleanup like we should
  2. If we really do crash or the system loses power, nothing cleans up our rules

My plan is to catch the reboot / shutdown signal if it's easy, so at least that case is fixed. Then set up a system service that clears the Firezone NRPT rules when the system starts. That service will be needed later for #3712 anyway.
@ReactorScram ReactorScram added area/windows_client Issues related to the Windows client needs triage Issues opened by the public or need further labeling area/tauri_client The Windows and Linux Tauri GUI clients labels May 6, 2024
@ReactorScram ReactorScram added this to the 05/24 milestone May 6, 2024
@ReactorScram ReactorScram self-assigned this May 6, 2024
ReactorScram added a commit that referenced this issue May 8, 2024
@ReactorScram
fix(windows-client): clear Firezone-specific DNS rules at startup
83f807d 
This has a known gap where theoretically the GUI could sign in while the
service is hung in startup, and then the service would wipe out the GUI's
DNS rules.

The workaround for that would be to restart the GUI, but in practice I think
this is almost impossible, Windows would have to give the service no CPU time
while the user was signing in, then the user would have to immediately open
Firezone before the service got running.

Closes #4899
@ReactorScram ReactorScram mentioned this issue May 8, 2024
Merged
@ReactorScram ReactorScram linked a pull request May 8, 2024 that will close this issue
fix(windows-client): clear Firezone-specific DNS rules at startup #4918
Merged
This was referenced May 8, 2024
Closed
Merged
github-merge-queue bot pushed a commit that referenced this issue May 13, 2024
@ReactorScram
fix(windows-client): clear Firezone-specific DNS rules at startup (#4918
dadaeb0 
)

Closes #4899

This has a known gap where theoretically the GUI could sign in while the
service is hung in startup, and then the service would wipe out the
GUI's DNS rules.

The workaround for that would be to restart the GUI, but in practice I
think the gap will not be hit, and it will go away once #3712 is done
anyway.

I tested it manually once using the reproduction steps from #4899 and it
worked.
@ReactorScram
Copy link
Collaborator Author

I tested it manually on my x86_64 Windows laptop, using the unreleased Firezone Version 1.0.4 (26b181e)

Looks fixed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ReactorScram ReactorScram

Labels
area/tauri_client The Windows and Linux Tauri GUI clients area/windows_client Issues related to the Windows client needs triage Issues opened by the public or need further labeling
Projects
None yet
Milestone
06/24
Development

Successfully merging a pull request may close this issue.

fix(windows-client): clear Firezone-specific DNS rules at startup firezone/firezone
1 participant
@ReactorScram