Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve VPN rekeying reliability #664

Merged
merged 12 commits into from
Feb 18, 2024
Merged

Improve VPN rekeying reliability #664

merged 12 commits into from
Feb 18, 2024

Conversation

samsymons
Copy link
Contributor

@samsymons samsymons commented Feb 15, 2024
edited
Loading

Please review the release process for BrowserServicesKit here.

Required:

Task/Issue URL: https://app.asana.com/0/414235014887631/1206607513978260/f
iOS PR: duckduckgo/iOS#2478
macOS PR: duckduckgo/macos-browser#2207
What kind of version bump will this require?: Major

Description:

This PR fixes three issues:

  1. The rekeying implementation was deleting the old key, and then registering a new one - however, if the registration call failed, then it got left in a confused state with a connection that didn't work
  2. The connection tester is what is responsible for triggering rekeying and the DAU pixel, but it was accidentally setting isRunning to false even when it was running just fine
  3. The DAU event was sent only when the connection was idle, which isn't necessary

Steps to test this PR:

  1. Make sure client PRs run and connect to NetP, try switching servers etc., generally just smoke test NetP
  2. Check out this branch in one of the clients and change the validityInterval in NetworkProtectionKeyStore to something shorter, like 30 seconds
  3. Edit the updateKeyPairExpirationDate function to also set a date of only 30 seconds in the future, so that you can test more frequent rekeying
  4. Run NetP, then watch the Console logs and check that rekeying is succeeding frequently (make sure you stop other network traffic so that the network is idle and rekeying can complete)

OS Testing:

  • iOS 14
  • iOS 15
  • iOS 16
  • macOS 10.15
  • macOS 11
  • macOS 12
Internal references:

Software Engineering Expectations
Technical Design Template

This was referenced Feb 15, 2024
Merged
Merged
@diegoreymendez diegoreymendez mentioned this pull request Feb 16, 2024
Merged
@diegoreymendez
Copy link
Contributor

@samsymons - Added some suggestions here: #666

diegoreymendez and others added 2 commits February 16, 2024 15:46
@diegoreymendez
Suggestions for rekeying fixes. (#666)
b85fdcc 
* Adds some suggestions for Sam's PR

* Removes an unnecessary break

* Makes some changes to fix rekeying

* Rolls back an unintentional change
@samsymons
Merge branch 'main' into sam/improve-rekeying-reliability
1b8c247 
* main:
  Improved tunnel session access (#655)
@samsymons samsymons merged commit 39a0ed6 into main Feb 18, 2024
7 checks passed
@samsymons samsymons deleted the sam/improve-rekeying-reliability branch February 18, 2024 19:13
samsymons added a commit to duckduckgo/iOS that referenced this pull request Feb 18, 2024
@samsymons
Improve VPN rekeying reliability (#2478)
6971f75 
Task/Issue URL: https://app.asana.com/0/414235014887631/1206607513978260/f
Tech Design URL:
CC:

Description:

Client PR for duckduckgo/BrowserServicesKit#664
samsymons added a commit to duckduckgo/macos-browser that referenced this pull request Feb 18, 2024
@samsymons
Improve VPN rekeying reliability (#2207)
ded95f1 
Task/Issue URL: https://app.asana.com/0/414235014887631/1206607513978260/f
Tech Design URL:
CC:

Description:

Client PR for duckduckgo/BrowserServicesKit#664
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diegoreymendez diegoreymendez diegoreymendez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samsymons @diegoreymendez