macOS: skip VPN reconnect on same-SSID WiFi AP roams#310
Open
Safibulae wants to merge 1 commit intoWindscribe:masterfrom
Open
macOS: skip VPN reconnect on same-SSID WiFi AP roams#310Safibulae wants to merge 1 commit intoWindscribe:masterfrom
Safibulae wants to merge 1 commit intoWindscribe:masterfrom
Conversation
When macOS roams between access points on the same SSID (e.g. enterprise WiFi), NetworkInterface fields like metric or physicalAddress can change while interfaceName and networkOrSsid remain identical. The existing operator!= on NetworkInterface compares all 11 fields, so these cosmetic changes enter the "Unidentified interface change" branch in onNetworkStateChanged() and still emit networkChanged(), which triggers a full tunnel teardown and rebuild via ConnectionManager::updateConnectionSettings(). This causes 15-20 seconds of connectivity loss per roam event, which on multi-AP networks can happen repeatedly. This patch gates the networkChanged() emission on whether the change is significant (interface name or SSID actually changed). Minor changes such as same-SSID AP roams still update the cached state but no longer trigger a reconnect. The tunnel stays up through the roam, which WireGuard and AmneziaWG handle natively at the protocol level. Fixes Windscribe#307
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
On macOS with enterprise WiFi (multiple APs, same SSID, FT_PSK), AP roams trigger a full VPN tunnel teardown and rebuild, causing 15-20s connectivity loss per event.
The root cause is that
onNetworkStateChanged()innetworkdetectionmanager_mac.cppemitsnetworkChanged()even when only cosmeticNetworkInterfacefields change (e.g. metric, physicalAddress). Theoperator!=compares all 11 fields, so a same-SSID AP roam enters the "Unidentified interface change" branch and still triggersConnectionManager::updateConnectionSettings(), which blindly disconnects and reconnects.Change
Gate
networkChanged()emission on whether interfaceName or networkOrSsid actually changed. Minor interface property changes (same-SSID AP roams) still update the cached state but no longer trigger a reconnect. WireGuard and AmneziaWG handle endpoint roaming natively at the protocol level, so the tunnel stays up.One file changed, 9 insertions, 3 deletions.
Code path
networkdetectionmanager_mac.cpp:onNetworkStateChanged()— outer!=fires on any of 11 fieldsengine.cpp:onNetworkChange()— callsconnectionManager_->updateConnectionSettings()connectionmanager.cpp:updateConnectionSettings()— ifSTATE_CONNECTED, callsconnector_->startDisconnect()Testing
Verified the issue on macOS 26.4 (Tahoe), Windscribe 2.21.6, AmneziaWG, enterprise WPA2/FT_PSK WiFi with multiple APs. Observed 12 tunnel rebuilds in 47 minutes on the same SSID with retained DHCP lease (details in #307).
Fixes #307