On Mon, Dec 4, 2017 at 8:27 PM, Whit Blauvelt wrote:
> While it's obvious wg-quick is a special purpose script, the precise niche
> it's good for is underspecified; as is the incompatibility of the resulting
> extra lines in the conf files. So if you were going to expand the docs to
> avoid confus
https://lists.zx2c4.com/pipermail/wireguard/2017-April/001177.html
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
On Tue, Dec 5, 2017 at 3:48 PM, Ferris Ellis wrote:
> 2. If you had another program which used Curve25519 keys it could
> theoretically use the keys from two WireGuard clients, but that’s outside
> the scope of WireGuard and also likely not a very secure practice.
Nobody should be reusing WireGua
On Thu, Dec 7, 2017 at 11:22 AM, Stefan Tatschner
wrote:
> I have a question which is related to the involved crypto. As far as I
> have understood the protocol and the concept of wireguard, there is no
> crypto agility in the design. That means we cannot easily replace the
> underlying cryptograp
On Thu, Dec 7, 2017 at 10:57 PM, Daniel Kahn Gillmor
wrote:
> On Thu 2017-12-07 07:37:59 -0600, Bruno Wolff III wrote:
>> On Thu, Dec 07, 2017 at 11:22:04 +0100,
>> Stefan Tatschner wrote:
>>>
>>>Assuming I am right according the crypto agility, what's the upgrade
>>>path if any of the involved
Hi Joe,
On Thu, Dec 7, 2017 at 5:34 PM, Joe Doss wrote:
> We do need a place for users to communicate that isn't going to collide with
> devel chatter. https://www.discourse.org/ is pretty great for users, easy to
> use and not terrible to self host. I think it would be good to give users a
> non
Hi Lonnie,
Thanks for sending this to the mailing list. Indeed it got lost in the
fold of disorganized email filters when you sent it to me directly
twice earlier; sorry about that.
I'm not certain this is the right approach -- having wg(8) rely on
fixed filesystem paths, and splitting peer confi
By the way, would you send future patches using git-send-email? It's
impossible to review inline on a mailing list if you do an attachment
like this. Having opened the file after downloading it, the
implementation and configuration syntax you propose are problematic,
but in light of the more broad
Hi Dave,
On Fri, Dec 8, 2017 at 4:38 PM, David Miller wrote:
> Sorry, you cannot force the discussion of a feature which will be submitted
> upstream to occur on a private mailing list.
>
> It is _ABSOLUTELY_ appropriate to discss this on netdev since it is the
> netdev community which must consi
Hi Lonnie,
On Fri, Dec 8, 2017 at 2:42 PM, Lonnie Abelbeck
wrote:
> The latest patch is reworked, disabled by default and requires
> WITH_PEERDATA=yes to be enabled.
Compile time switches for something that doesn't add a dependency?
Sounds like a bad idea, leading to all sorts of coderot and bl
On Dec 8, 2017 14:00, "Lonnie Abelbeck" wrote:
On Dec 8, 2017, at 12:45 PM, Jason A. Donenfeld wrote:
I suggested "no spaces" since currently all spaces are stripped in
config_read_line()
Oh, okay. It's that way mostly out of my own laziness. I wouldn't obj
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20171211`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure
Many people ask about the packet breakdown of WireGuard, and though
this is explained in [1] and [2], many find this ancient mailing list
thread, which now contains out of date information. So this email is
to bring the thread up to date, for folks who stumble upon it.
The overhead of WireGuard b
Hi Manuel,
Thanks for the patch. A few comments on the general idea below:
On Sun, Dec 10, 2017 at 1:43 PM, Manuel Schölling
wrote:
> I am currently working on a NetworkManager plugin for WireGuard in Rust
> [1/2].
> The plugin has to pass the configuration to the wg tool and I am
> wondering if
Hi Daniel,
Thanks for bringing this up. All excellent points. I wasn't totally
confident about doing that, but what went into the decision was the
following:
- emscripten is laborious to build and recent versions are not readily
accessible on many distros.
- I figure web developers generally lack
On Mon, Dec 11, 2017 at 8:49 PM, Daniel Kahn Gillmor
wrote:
> I'm not sure why it's important to avoid closing stdin when you don't
> plan on reading from it any more, though. Isn't it more parsimonious to
> go ahead and explicitly close it so that anything writing additional
> data to stdin will
Alright, here's a stab at it:
+
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Yikes, tapped send by accident. Here's a stab at it:
https://git.zx2c4.com/WireGuard/commit/?id=037c389f2f09f721ecc84105b0d5d0ca8824c070
I changed this to make it more "okay" for the unwitting web developer:
We can all groan at the
Hello Nicholas,
This sounds like it's a bug in your distributions usage of DKMS.
Alternatively, it could be user error: have you added the dkms service
to bootup so that it checks to see if it needs to rebuild modules?
Regards,
Jason
___
WireGuard maili
Hey guys,
I'll be at 34C3. Is there any interest in having some sort of
WireGuard workshop? Are there things to talk about it? Would this be
fun or interesting? How many people would be interested in such a
thing?
Jason
PS: still trying to work out hotel arrangements, if anybody knows any
Leipz
Hi Chris,
Not directly, but you can probably do this via other means, such as
netfilter's TEE target or bonding interfaces.
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hey folks,
Based on the number of positive off-list emails I received, we'll be
having a workshop on WireGuard on the 29th, with location and time
details here:
https://events.ccc.de/congress/2017/wiki/index.php/Session:WireGuard
See you all in a few days!
Talk soon,
Jason
_
Oh, and I should add that if you'd like to prepare a short
presentation for the workshop, let me know, and we can arrange this.
Otherwise it can be free form, insomuch as people actually have
interesting things to discuss. And/or I'll present on a few things.
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20171221`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure
On Thu, Dec 21, 2017 at 2:13 AM, Bruno Wolff III wrote:
> Is this going to get recorded?
Like the code review at my house a month or so ago, probably not, so
people can actually discuss things in an open and relaxed way. I'd
rather people ask dumb questions and get really deep into the mud,
rathe
On Thu, Dec 21, 2017 at 07:15:38AM +, Ben Lebherz wrote:
> awesome! Do we need to register or something to attend?
Nope, just show up.
If you'd like to do a small presentation, let me know though.
Jason
___
WireGuard mailing list
WireGuard@lists.zx
wg(8) doesn't require bash. wg-quick(8), which does use bash, probably
shouldn't be necessary in embedded environments, where you likely
should be writing simpler scripts around wg(8) and ip(8) instead.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
tl;dw: In the last 45 seconds, Dave Miller asks me to get the thing
upstream sooner rather than later! Before then I talk a bit about the
content of https://www.wireguard.com/papers/wireguard-netdev22.pdf and
https://www.wireguard.com/talks/netdev2017-slides.pdf . The first part
of the presentation
Hi folks,
We've finally secured a room and set the time in stone. Come to
"Lecture Room 11" on the top floor of the CCL on December 29th at
15:00 - 17:00 (3pm - 5pm).
The event information may be found here
https://events.ccc.de/congress/2017/wiki/index.php/Session:WireGuard
Come if your a newbi
Hi,
Why does your build output look so strange in general? In which
environment are you compiling this? Is this some script? If so, do you
have a link to the sources? What compiler version do you have?
Thanks,
Jason
___
WireGuard mailing list
WireGuard@
Hi Stoyan,
Ensure that the time is set correctly on your lede box after reboots. If
the time rolls backwards, handshakes will be rejected rightfully by the
server.
Jason
--
Sent from my telephone.
On Jan 4, 2018 22:51, "Stoyan Mihov" wrote:
> Greetings dear wireguards!
>
> First of all - happ
Hi folks,
Thanks to the wonderful work of Jörg Thalheim, WireGuard is now
supported inside systemd-netword's .netdev files. The syntax should be
pretty similar to wg(8). Expect for this to be released as part of the
next release of systemd, where you'll then be able to read the man
pages for using
Hey Dan,
On Tue, Jan 9, 2018 at 4:20 PM, Daniel Kahn Gillmor
wrote:
> very cool! systemd-networkd end up invoking wg(8)? or does it interact
> with the kernel directly?
We taught systemd to talk the generic netlink protocol --useful for
all sorts of new things cropping up in the kernel -- and
Hey Piotr,
Thanks a lot for the python test vector. It's been added to the repo as:
https://git.zx2c4.com/WireGuard/commit/?id=09bf49bbddeb86f88654bb39e64268420b8fc5e4
And here's a video of it in action:
https://data.zx2c4.com/wireguard-python-test-vector-works.ogv
Regards,
Jason
_
Hey Daniel,
On Wed, Jan 10, 2018 at 8:09 AM, Daniel Kahn Gillmor
wrote:
> cool. this sounds very much like you've decided that the netlink
> interface is now stable, which is good to hear
Yep!
> 0) Recommends: wireguard-tools
> 4) Recommends: wireguard-tools
> Suggests: systemd
>
>
On Thu, Jan 11, 2018 at 2:43 PM, Daniel Kahn Gillmor
wrote:
> Matthias was suggesting a simply-named meta-package: just "wireguard",
> which would ensure that both wireguard-dkms and wireguard-tools are
> installed. The advantage there is that you can tell people to do:
>
>apt install wiregua
t 18:38 -0500, Daniel Kahn Gillmor wrote:
> > On Thu 2018-01-11 16:02:30 +0100, Jason A. Donenfeld wrote:
> > > On Thu, Jan 11, 2018 at 2:43 PM, Daniel Kahn Gillmor
> > > wrote:
> > > > Matthias was suggesting a simply-named meta-package: just
> > > >
On Sat, Jan 13, 2018 at 5:30 PM, M. Dietrich wrote:
> at the 34C3 i was concentrated with some coding at my notebook
> when a guy throw me a sticker directly onto my keyboard. i was
> upset and flicked it off but when i needed a break i grabed
> it and took a look. it was weird, some names, a logo
Take a look at what wg-quick does to solve this:
https://git.zx2c4.com/WireGuard/tree/src/tools/wg-quick.bash#n162
It uses policy routing, which is much nicer than overriding the default route.
If, however, you do with to do it the old 0/1, 128/1 way, here's a
script to automate that: https://א
On Thu, Jan 18, 2018 at 3:11 PM, M. Dietrich wrote:
> [#] resolvconf -a tun.wg0 -m 0 -x
>
> which seems to be wrong, the manpage resolvconf(8) states that the
> this parameter is
>
> interface[.protocol]
>
> why is "tun." prepended?
To hack around incompetence on the part of Debia
Hi folks,
Writing crypto code is hard and sometimes scary. Especially on things
like elliptic curves and big number arithmetic, subtle but critical
bugs often sit around undetected for years. For this reason, I've been
working with some researchers at INRIA on using a formally verified
Curve25519
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20180118`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure
Not sure the infoleak is worth it.
List: thoughts?
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Thanks for the feedback. Indeed I'll have to go through this and
un-inline a few functions, and retest for performance.
If you wind up doing this iteratively and testing, please let me know
what you find.
Jason
___
WireGuard mailing list
WireGuard@lists
On Thu, Jan 18, 2018 at 6:39 PM, Sebastian Gottschall
wrote:
> i will do some benchmarks later. i already did this
https://git.zx2c4.com/WireGuard/commit/?id=91aedc06052856e4ac54dd48b1f6cb5ea4b3ba2e
This works well. But would you spend some time trying to get a more
optimal result and produce so
Hey Egbert, Daniel,
Someone in #wireguard is getting weird errors about version
dependencies between packages. I started looking into it and noticed
the strong coupling between the metapackage version and the other two
packages' versions.
The users' issue seems mostly like an Ubuntu problem: they
On Fri, Jan 19, 2018 at 9:29 AM, Greg KH wrote:
> No questions, just a general, "Wow, this is great work!"
>
> It's wonderful to see this happen, thanks so much for pushing this
> forward.
Glad you like it. The real work, of course, will be parlaying this
work into kernel crypto api 2.0...
Jason
Hi Alen,
Thanks for the report. That's very strange indeed. Do you have
/system/bin/ip? What's the output of `echo $PATH` in your terminal?
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hey Daniel,
> as explained earlier, this isn't a launchpad bug, it's a function of
> running with a rolling distribution (debian unstable and ubuntu PPAs
> both have this characteristic), where there is no coordinated
> cross-platform release schedule.
Ahh, interesting. I'm surprised there isn't
Strange. I'm getting Solus installed in a VM now, so I should have an
answer for you not before too long.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
wireguard: poly1305 self-tests: pass
[ 31.556129] wireguard: blake2s self-tests: pass
[ 31.755518] wireguard: ratelimiter self-tests: pass
[ 31.755531] wireguard: WireGuard 0.0.20180118-2-gc80cbfa loaded.
See www.wireguard.com for information.
[ 31.755532] wireguard: Copyright (C) 2015-2018
Ahh, small update. When building this, I noticed:
Makefile:944: "Cannot use CONFIG_STACK_VALIDATION=y, please install
libelf-dev, libelf-devel or elfutils-libelf-devel"
After installing libelf-devel, the exact problem you reported
appeared. I then tried this hack:
$ sudo ln -s /bin/true /lib/mod
Hey folks,
Two researchers -- Ben Dowling and Kenny Paterson, who you might know
from their work on Signal and TLS 1.3, among other research areas --
have written up a by-hand game hopping proof in the computational
model of the WireGuard protocol. The paper is worth a read:
https://eprint.iacr.o
On Wed, Jan 24, 2018 at 7:49 PM, Daniel Kahn Gillmor
wrote:
>
> On Mon 2018-01-22 17:07:38 +0100, Jason A. Donenfeld wrote:
> > Ahh, small update. When building this, I noticed:
> >
> > Makefile:944: "Cannot use CONFIG_STACK_VALIDATION=y, please install
> > l
WireGuard is layer 3, not layer 2, so bridging is not what you want.
Instead, do ordinary IP routing between different subnets. As you
appear to already have different subnets, this shouldn't be a problem.
If you'd like to overlap within the same subnet, there's always proxy
arp, but I'd caution
Hi Tim,
Thanks for the patch, much appreciated. Could you resubmit this with
your Signed-off-by line and the body text wrapped?
Thanks,
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hi Igor,
It's certainly possible to backport. At the moment I'm focused on
moving the project forward with other tasks, so it's not a good use of
my time, but if you'd like to give this a stab, I'd happily take
non-invasive patches that only touch the compat/ directory. Just keep
in mind that you'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20180202`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure
Hey guys,
I'll be at Fosdem tomorrow from around noon onward, if any of you will
also be there and want to meet up to discuss the project.
Regards,
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireg
Hi Nick,
Thanks for the bug report. Fixed here:
https://git.zx2c4.com/WireGuard/commit/?id=dd85f27b6ec98de1527a935a7f0930c2111d7930
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hey Baptiste,
Thanks for the detailed report. Graphs like that are quite helpful.
I'm just back from a long weekend, so sorry for not having a chance to
look at this sooner.
I'm first curious about the basic "control group" issue Daniel
mentioned -- it's probably important to isolate if it's the
Hey Baptiste,
On Mon, Feb 12, 2018 at 8:42 AM, Baptiste Jonglez
wrote:
> Actually, now that I talk about it, it's not 100% true: on this system,
> there is a second wireguard interface that is not currently used (it's
> provisionned to connect a future router that is not yet deployed).
>
> The in
Hey Max,
This is wonderful news. I'm happy to work with you to make sure this
comes out perfectly, and maybe when it's finished we can submit it
upstream to NetworkManager, similar to how systemd-networkd now has
WireGuard support built-in.
The biggest hurdle I currently see is entirely removing
Hi Max,
On Thu, Feb 15, 2018 at 1:34 AM, Maximilian Moser
wrote:
> I actually just wanted to get this thesis over with and thought, why not
> post the result to the mailing list
> I'll probably focus more on the written part of the
> thesis, so fixing the issues will probably have to wait a while
Hi Toke & List,
There's been some interest in integrating WireGuard configuration into
various utilities, such as bird, babel, networkmanager, and more.
Indeed shelling out to wg(8) is sub-par for core networking utilities,
such as routing daemons. Unfortunately, Netlink is horrible in so many
way
On Thu, Feb 15, 2018 at 3:35 PM, Maximilian Moser
wrote:
> However, this does not seem to be the case and I'll be glad to continue
> development on it. :)
Wonderful!
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/li
Hi folks,
WireGuard will be having a Google Summer of Code this summer via the
Linux Foundation, following an extraordinarily successful one last
summer. We'll hopefully be bringing on a few more students this
summer. It's a great opportunity for students to learn some
interesting aspects of engin
Hi Benni,
You're probably looking for this document:
https://www.wireguard.com/netns/
Basically you do this:
# ip link add wg0 type wireguard
# ip link set wg0 netns PID
Where "PID" is the PID of any process running in that Docker
container. After that, you'll be able to see wg0 inside the Dock
On Thu, Feb 15, 2018 at 9:15 PM, Maykel Moya wrote:
> Wondering about the pic in slide 8 of
> https://fosdem.org/2018/schedule/event/bulletinboard_dht/attachments/slides/2204/export/events/attachments/bulletinboard_dht/slides/2204/presentation.pdf
I think he's working on some wilder plugin that i
Hi Jonathan,
Currently it's quite coupled to Linux, but it doesn't have to be that
way for ever. Our cross platform implementations are coming along.
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wir
Hi Jacob,
Technically this could be done; there are other ways of hooking into
the networking stack other than the udp tunnel API. However, in
practice, my time is probably spent working for the future rather than
the past. Supporting 26 (!!) versions of Linux, back to 3.10, was
already quite the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20180218`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure
> Nice, thanks! I'm looking forward to testing the next release then.
Let me know if the problem goes away with the snapshot I just released.
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hey folks,
Just another reminder about Google Summer of Code:
- If you are a student (bachelor's, master's, PhD, part time, full
time, anything else),
- and you like WireGuard,
- and you want to get paid for hacking on it,
- this summer,
- from wherever you want,
- with mentoring from experts,
t
You can either try to set persistent-keepalive on the server, so it
notifies the clients about its change in address, or you can use
something like reresolve-dns.sh to reresolve your dynamic dns at
intervals: https://git.zx2c4.com/WireGuard/tree/contrib/examples/reresolve-dns
__
Super sketchy, stay away. I'll look into it.
On Feb 24, 2018 06:19, "Thomas Munn" wrote:
> has anyone here heart of blatu which claims to be an IOS wireguard client?
> 12:08 hard
> 12:08 heard
> 12:09 https://appadvice.com/app/blatu/1317522797
> 12:09 https://itunes.apple.com/US/app/id1317522797
Sketchy, stay away from it.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
On Sun, Feb 25, 2018 at 7:43 PM, Henrique Carrega wrote:
> I’d love to see a iOS version in future
As would we all. Working on it. Let me know if you'd like to help out.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailma
We're actively working on all the things you just mentioned,
especially getting things running on macOS.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hi list,
WireGuard does not provide a userspace interface for getting transport
data session keys, or ephemeral handshake keys. This is by design. No
backdoors!
However, Peter (CC'd) wants to write a Wireshark dissector, so we've
made a little kprobe-based utility to extract just the minimal amou
On Wed, Feb 28, 2018 at 9:11 PM, Jason A. Donenfeld wrote:
> For a few days, I'll run a simple netcat server on demo.wireguard.com.
> Try typing `nc demo.wireguard.com 58812` and then connecting to the
> demo box like usual. Basically, it's every cryptographer's girlfriend
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20180304`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure
Hi Henrique,
Thanks for posting this.
Please stay away from this software, and generally be wary of
closed-source WireGuard implementations trying to fill the void. This
one was written by a community-unfriendly proprietary author, and
we've got little way of ensuring protocol compliance or basic
On Mon, Mar 5, 2018 at 12:29 PM, Sebastian Gottschall
wrote:
> it isnt closed source. the sourcecode is provided as far as i have seen and
> licensed under GPL
> but correct me if i'm wrong
> https://tunsafe.com/downloads/TunSafe-TAP-9.21.2-sources.zip
This isn't the source code of tunsafe. This
On Mon, Mar 5, 2018 at 12:19 PM, David Woodhouse wrote:
> I wasn't sure whether to suggest this before, but adding Wireguard
> support to OpenConnect ought to be fairly easy. We already support
> three VPN protocols, so we have a *relatively* sane distinction between
> the protocol-specific parts,
Use the ipset= feature of dnsmasq, and then use policy routing on that ipset.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
On Tue, Mar 6, 2018 at 2:44 AM, Ludvig Strigeus wrote:
> The driver files are not modified at all. They still
> carry OpenVPN's codesigning signature.
Both good and bad to hear. That's a really really flaky driver, and it
_does_ need to be hacked to pieces, removing tons of things, in order
for i
Hi Linus,
On Tue, Feb 13, 2018 at 6:25 PM, Linus Torvalds
wrote:
> So let's try to fix the iscsi and ipsec issues. Not that anybody sane
> should use that overly complex ipsec thing, and I think we should
> strive to merge WireGuard and get people moved over to that instead,
> but I haven't heard
Hey Toke,
For incoming packets, this would be strange behavior, since it's
listening on v4 and v6. For outgoing packets, if wireguard thinks it
should be sending to a v6 address, then that's what it will do. One
way to fix this would be to re-resolve DNS from userspace, which is a
bit ugly. Anothe
On Tue, Mar 6, 2018 at 11:08 PM, Toke Høiland-Jørgensen wrote:
> I think the idea of configuring both v4 and v6 on startup and caching
> them is a reasonable idea. Maybe even configure all available addresses
> when doing the initial DNS lookup? Or is that awkward to do?
You mean taking one v4 an
Hi Toke,
On Thu, Mar 8, 2018 at 3:29 PM, Toke Høiland-Jørgensen wrote:
> So is there a way to either tell the client not to change its idea of
> the endpoint, or to tell the server to always use a certain source
> address for outgoing packets?
There have been some discussions on adding another [
On Thu, Mar 8, 2018 at 5:59 PM, Toke Høiland-Jørgensen wrote:
>> and so I wonder if a simpler solution would also
>>involve NAT -- namely, configuring "hair pin" NAT?
>
> What's that?
It's the terrible vendor term for hitting the gateway through one of
its IPs (say, the public one) and having it
Hi Toke,
On Thu, Mar 8, 2018 at 6:23 PM, Toke Høiland-Jørgensen wrote:
>
> I have a gateway device with two interfaces, one public and one private.
> This device performs NAT, and is also the one running wireguard (as the
> 'server'). The client roams. So I have two cases:
>
>
> C (public IP) ---
On Thu, Mar 8, 2018 at 6:50 PM, Toke Høiland-Jørgensen wrote:
> Well, I do generally setup routing in a somewhat unusual manner.
>
> I can try to capture some packet dumps tomorrow to poke into it a bit more.
> Anything in particular I should look for?
One thing to examine is when WireGuard call
Hi Toke,
That all makes sense. I'm going out of town extremely soon, but I'll
fix this when I've returned. I have a pretty good idea of what's
required. If you're curious to try it yourself, just try removing
invocations of socket_clear_peer_endpoint_src inside timers.c.
Jason
___
On Fri, Mar 9, 2018 at 3:39 PM, Toke Høiland-Jørgensen wrote:
> And leaving it running a bit more, there is also a call from
> expired_retransmit_handshake:
Yep! These are the two calls in timers.c.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
h
Neat script, looks pretty easy to use. The wg repo has a kprobes
script too for extracting ephemeral keys from the kernel:
https://git.zx2c4.com/WireGuard/tree/contrib/examples/extract-handshakes
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https
Hi Ximin,
On Thu, Apr 5, 2018 at 5:22 AM, Ximin Luo wrote:
> Our usage would indeed involve setting up and tearing down interfaces ~30
> times
> a week in an automated fashion, which might be "strange" going by the above.
No certainly not strange. Actually, there's no amount of setting up
and te
The max is 1048576 per interface, but if this becomes a problem, I can
increase this significantly.
[PS: I'm back from holidays now and I'll be working through the
mailing list backlog over the next few days.]
___
WireGuard mailing list
WireGuard@lists.z
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
A new snapshot, `0.0.20180413`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure
1 - 100 of 2026 matches
Mail list logo