Merge branch 'win-deprecate-wg-go-fallback'

4 files changed, 39 insertions, 22 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 98accf7223..9208413a09 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,10 @@ Line wrap the file at 100 chars.                                              Th
 - Update the Post-Quantum secure key exchange gRPC client to use the stabilized
   `PskExchangeV1` endpoint
 
+#### Windows
+- Remove automatic fallback to wireguard-go. This is done as a first step before fully
+  deprecating it on Windows.
+
 ### Fixed
 #### Android
 - Fix adaptive app icon which previously had a displaced nose and some other oddities.
diff --git a/talpid-core/src/tunnel_state_machine/connecting_state.rs b/talpid-core/src/tunnel_state_machine/connecting_state.rs
index d5a49904eb..a10b6fa4f5 100644
--- a/talpid-core/src/tunnel_state_machine/connecting_state.rs
+++ b/talpid-core/src/tunnel_state_machine/connecting_state.rs
@@ -38,7 +38,7 @@ pub(crate) type TunnelCloseEvent = Fuse<oneshot::Receiver<Option<ErrorStateCause
 const MAX_ATTEMPTS_WITH_SAME_TUN: u32 = 5;
 const MIN_TUNNEL_ALIVE_TIME: Duration = Duration::from_millis(1000);
 #[cfg(target_os = "windows")]
-const MAX_ADAPTER_FAIL_RETRIES: u32 = 4;
+const MAX_RECOVERABLE_FAIL_RETRIES: u32 = 4;
 
 const INITIAL_ALLOWED_TUNNEL_TRAFFIC: AllowedTunnelTraffic = AllowedTunnelTraffic::None;
 
@@ -515,13 +515,14 @@ fn should_retry(error: &tunnel::Error, retry_attempt: u32) -> bool {
 
         #[cfg(windows)]
         tunnel::Error::WireguardTunnelMonitoringError(Error::TunnelError(
+            // This usually occurs when the tunnel interface cannot be created.
             TunnelError::RecoverableStartWireguardError,
-        )) if retry_attempt < MAX_ADAPTER_FAIL_RETRIES => true,
+        )) if retry_attempt < MAX_RECOVERABLE_FAIL_RETRIES => true,
 
         #[cfg(windows)]
         tunnel::Error::OpenVpnTunnelMonitoringError(
             talpid_openvpn::Error::WintunCreateAdapterError(_),
-        ) if retry_attempt < MAX_ADAPTER_FAIL_RETRIES => true,
+        ) if retry_attempt < MAX_RECOVERABLE_FAIL_RETRIES => true,
 
         _ => false,
     }
diff --git a/talpid-wireguard/src/lib.rs b/talpid-wireguard/src/lib.rs
index 8cb85e460e..9eaa477430 100644
--- a/talpid-wireguard/src/lib.rs
+++ b/talpid-wireguard/src/lib.rs
@@ -587,23 +587,15 @@ impl WireguardMonitor {
 
         #[cfg(target_os = "windows")]
         if config.use_wireguard_nt {
-            match wireguard_nt::WgNtTunnel::start_tunnel(
+            log::debug!("Using WireGuardNT");
+            return wireguard_nt::WgNtTunnel::start_tunnel(
                 config,
                 log_path,
                 resource_dir,
-                setup_done_tx.clone(),
-            ) {
-                Ok(tunnel) => {
-                    log::debug!("Using WireGuardNT");
-                    return Ok(Box::new(tunnel));
-                }
-                Err(error) => {
-                    log::error!(
-                        "{}",
-                        error.display_chain_with_msg("Failed to setup WireGuardNT tunnel")
-                    );
-                }
-            }
+                setup_done_tx,
+            )
+            .map(|tun| Box::new(tun) as Box<dyn Tunnel + 'static>)
+            .map_err(Error::TunnelError);
         }
 
         #[cfg(any(target_os = "linux", windows))]
@@ -812,14 +804,14 @@ pub(crate) trait Tunnel: Send {
 pub enum TunnelError {
     /// A recoverable error occurred while starting the wireguard tunnel
     ///
-    /// This is an error returned by wireguard-go that indicates that trying to establish the
+    /// This is an error returned by the implementation that indicates that trying to establish the
     /// tunnel again should work normally. The error encountered is known to be sporadic.
     #[error(display = "Recoverable error while starting wireguard tunnel")]
     RecoverableStartWireguardError,
 
     /// An unrecoverable error occurred while starting the wireguard tunnel
     ///
-    /// This is an error returned by wireguard-go that indicates that trying to establish the
+    /// This is an error returned by the implementation that indicates that trying to establish the
     /// tunnel again will likely fail with the same error. An error was encountered during tunnel
     /// configuration which can't be dealt with gracefully.
     #[error(display = "Failed to start wireguard tunnel")]
diff --git a/talpid-wireguard/src/wireguard_nt.rs b/talpid-wireguard/src/wireguard_nt.rs
index 1044a3fd9a..3180e56064 100644
--- a/talpid-wireguard/src/wireguard_nt.rs
+++ b/talpid-wireguard/src/wireguard_nt.rs
@@ -410,6 +410,27 @@ impl WgNtTunnel {
         config: &Config,
         log_path: Option<&Path>,
         resource_dir: &Path,
+        done_tx: futures::channel::mpsc::Sender<std::result::Result<(), BoxedError>>,
+    ) -> std::result::Result<Self, super::TunnelError> {
+        Self::start_tunnel_inner(config, log_path, resource_dir, done_tx).map_err(|error| {
+            log::error!(
+                "{}",
+                error.display_chain_with_msg("Failed to setup WireGuardNT tunnel")
+            );
+
+            match error {
+                Error::CreateTunnelDeviceError(_) => {
+                    super::TunnelError::RecoverableStartWireguardError
+                }
+                _ => super::TunnelError::FatalStartWireguardError,
+            }
+        })
+    }
+
+    fn start_tunnel_inner(
+        config: &Config,
+        log_path: Option<&Path>,
+        resource_dir: &Path,
         mut done_tx: futures::channel::mpsc::Sender<std::result::Result<(), BoxedError>>,
     ) -> Result<Self> {
         let dll = load_wg_nt_dll(resource_dir)?;
@@ -447,13 +468,12 @@ impl WgNtTunnel {
                 .await;
         });
 
-        let tunnel = WgNtTunnel {
+        Ok(WgNtTunnel {
             device,
             interface_name,
             setup_handle,
             _logger_handle: logger_handle,
-        };
-        Ok(tunnel)
+        })
     }
 
     fn stop_tunnel(&mut self) {