Re: Netlink Protocol

2019-02-17 Thread Jason A. Donenfeld 
https://git.zx2c4.com/WireGuard/tree/src/uapi/wireguard.h
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Netlink Protocol

2019-02-17 Thread Ryan Whelan 
I'm assuming the in-kernel version of wiregaurd on Linux configured via
Netlink- if so, is the protocol documented?

thanks
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Current version of iOS client in App Store and github tags seems mismatched

2019-02-17 Thread John 
I am seeing version 1.0.2 of the WireGuard app in the App Store (date
from 1 mo ago) but I see at least 3 newer tagged versions on github.
I'm wondering if something is wrong pushing newer code to the App
Store.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Logical cores / SMT with WireGuard

2019-02-17 Thread Tom Li 
On Sun, Feb 17, 2019 at 04:01:36PM +0500, Roman Mamedov wrote:
> On Thu, 14 Feb 2019 18:02:26 +
> Lee Yates  wrote:
> 
> Sorry, hit "send" before reading the rest of your message.
> 
> > the router runs headless and is awkward to get a monitor to so I can access
> > the BIOS.
> 
> You can toggle it without needing the BIOS.
> It is possible to disable SMT from grub, with Linux kernel boot arguments.
> It even seems possible to disable/enable it without a reboot.
> See https://www.golinuxhub.com/2018/01/how-to-disable-or-enable-hyper.html

Hi all.

The information provided by the original link is out-of-date, it works, but
it's tedious and easy to make a mistake and disable the wrong logical CPU. The
new Linux kernel with L1TF fixes has introduced a SMT kill switch, which is the
standard interface to control SMT.

It's located at

/sys/devices/system/cpu/smt/control

You can disable SMT by,

echo "off" > /sys/devices/system/cpu/smt/control

enable it by,

echo "on" > /sys/devices/system/cpu/smt/control

Or permanently disable it until reboot,

echo "forceoff" > /sys/devices/system/cpu/smt/control.

More information is available at,


https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/l1tf.rst

I hope it helps.

Cheers,
Tom Li
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: BUG: unable to handle kernel NULL pointer dereference at .. (linux 3.13)

2019-02-17 Thread Anatoli 

Jason,

Thanks for a quick fix! If you plan to release a new snapshot in the 
near future, I guess I'll wait for it.


Regards,
Anatoli

*From:* Jason A. Donenfeld 
*Sent:* Sunday, February 17, 2019 00:57
*To:* Anatoli 
*Cc:* Wireguard Mailing List 
*Subject:* Re: BUG: unable to handle kernel NULL pointer dereference at 
.. (linux 3.13)


Hi Anatoli,

Thanks for the .ko. I've fixed the compat backport here:

https://git.zx2c4.com/WireGuard/commit/?id=e7348a19a45f4f1311df6266b654c7fc8d50f976

You can either apply that yourself, wait for a new snapshot, or reenable IPv6.

Jason



___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: WireGuard for macOS

2019-02-17 Thread Le Sandie 
Awesome work guys

On Sat, Feb 16, 2019 at 2:27 AM Jason A. Donenfeld  wrote:

> Hey everyone,
>
> After many months of hard work, Roopesh, Eric, and I are pleased to
> announce an initial version of WireGuard for macOS:
>
> https://itunes.apple.com/us/app/wireguard/id1451685025?ls=1&mt=12
>
> This is built from the same code base as our existing iOS app and
> makes use of Apple's Network Extension API to provide native
> integration into the operating system's networking stack. The
> application lives in the status bar, and after importing a
> configuration, the ordinary System Preferences networking item may
> also be used to control each tunnel. Because it uses these deep
> integration APIs, we're only allowed to distribute the application
> using the macOS App Store (whose rejections, appeals, and eventual
> acceptance made for quite the stressful saga over the last week and a
> half). Compared to the current CLI integration, we expect the
> WireGuard experience using this app to be excellent.
>
> For curious folks without a Mac (or without the patience to cajole KVM
> into booting macOS), I've assembled a few screenshots:
> https://data.zx2c4.com/wireguard-for-macos-screenshots-february-2019/
>
> This is new software, and there will certainly be problems. Don't
> hesitate to email t...@wireguard.com directly with bugs as you
> encounter them.
>
> Enjoy!
>
> Regards,
> Jason
>
> PS: Because people will inevitably ask: yes, a Windows client is on
> its way, and it will have a very similar interface to this macOS one.
> We're taking the long and careful route, writing a new TUN driver for
> Windows 7+ called "Wintun" that we expect to be safer and faster than
> the current popular OpenVPN TUN driver, and also suitable for all
> projects, not just for WireGuard. We already have packets flowing and
> things generally work well, but polish will require a bit of patience.
> If you'd like to help and have an appetite for NDIS drivers, Win32 GUI
> programming, or Go, please do get in touch.
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>


-- 
Lt. Col. Sandie
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Current version of iOS client in App Store and github tags seems mismatched

2019-02-17 Thread Jason A. Donenfeld 
App Store version 1.0.3, corresponding with the latest repo tag, is
currently awaiting App Store review, which can take a while, can be a bit
cantankerous, is totally opaque, and is generally out of our control. It is
now on Test Flight, though, if you're feeling impatient.

On Sun, Feb 17, 2019, 15:48 John  I am seeing version 1.0.2 of the WireGuard app in the App Store (date
> from 1 mo ago) but I see at least 3 newer tagged versions on github.
> I'm wondering if something is wrong pushing newer code to the App
> Store.
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: dynamic reload of configuration file

2019-02-17 Thread M. Dietrich 
Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21:
> I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic
> and can come and go at any time. Is there a way to reconfigure a wireguard
> device without restarting it or losing the current connections?

yes.

> If yes, how can it be done?

other way around: configure wireguard with the `wg` command
and  that is persisted to the configuration file.

on restart the file is read and your config applied.

M. Dietrich


pgp2XkNUvUpot.pgp
Description: PGP signature
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: dynamic reload of configuration file

2019-02-17 Thread Samuel Holland 
On 02/17/19 09:21, Raffaele Spazzoli wrote:
> I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic 
> and can come and go at any time. Is there a way to reconfigure a wireguard 
> device without restarting it or losing the current connections?
> 
> If yes, how can it be done?

Yes, please read the wg(8) manual page, specifically the `set`, `setconf`, and
`addconf` sections.

Cheers,
Samuel
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

dynamic reload of configuration file

2019-02-17 Thread Raffaele Spazzoli 
Hi,

I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic
and can come and go at any time. Is there a way to reconfigure a wireguard
device without restarting it or losing the current connections?

If yes, how can it be done?


Thanks,
Raffaele

Raffaele Spazzoli
Senior Architect - OpenShift , Containers
and PaaS Practice 
Tel: +1 216-258-7717
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Logical cores / SMT with WireGuard

2019-02-17 Thread Roman Mamedov 
On Thu, 14 Feb 2019 18:02:26 +
Lee Yates  wrote:

Sorry, hit "send" before reading the rest of your message.

> the router runs headless and is awkward to get a monitor to so I can access
> the BIOS.

You can toggle it without needing the BIOS.
It is possible to disable SMT from grub, with Linux kernel boot arguments.
It even seems possible to disable/enable it without a reboot.
See https://www.golinuxhub.com/2018/01/how-to-disable-or-enable-hyper.html

> My WAN is 'only' 400Mbps anyway so
> hardly a taxing test. Because of this, I can't really learn about how
> much WireGuard benefits from the extra threads, if it does at all, as
> either way I have headroom to spare for my current WAN provision.

Set up a separate WG network with a peer on your Gbit LAN. Or even run a
virtual machine on the same host, and run WG between host and VM, which should
get you multi-Gbit raw throughput and likely make WG encryption the
bottleneck. That way you can observe not only the CPU load, but also the
transfer speed reached changing with HT on/off.

-- 
With respect,
Roman
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Logical cores / SMT with WireGuard

2019-02-17 Thread Roman Mamedov 
On Thu, 14 Feb 2019 18:02:26 +
Lee Yates  wrote:

> recommendations to disable HT, I got to wondering how much - if at all -
> disabling HT would impact on WireGuard's real world performance. I mean,
> it obviously can utilise logical cores/threads, but is there a real
> world throughput benefit vs just using the real cores?

This sounds like something YOU are in a great position to test, and then write
an interesting blog post or mailing list message summarising the results. :)

-- 
With respect,
Roman
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Load Balancing and policy routing with Wireguard

2019-02-17 Thread Lucian Cristian 

On 09.02.2019 11:20, Alexago wrote:

Hi,

actually I use on my router (OpenWRT) two OpenVPN connections and one 
Wireguard connection (all VPN connections are client) over my WAN 
connection (1Gbps/500Mbps) with 2 different VPN providers (Mullvad and 
IVPN): for policy routing and load balancing, with these connections, 
I use MWAN3 package.


MWAN3 is useful to choose

  * VPN connection based on source or destination address, port, for
example
  * load balancing two or more VPN connections, based on source,
destination and port, for example

Now I would like to switch my two OpenVPN connections to Wireguard, so 
I would like to have three simultaneous Wireguard connections 
(obviously with 3 different Wireguard servers).


My problem is how to use simultaneous Wireguard connections (with 
allowed ips =0.0.0.0/0) and to leave to external package (like MWAN3) 
to choose routing policy and also load balancing.


I tried to configure two Wireguard connections but only one of these 
goes online, the other one is always offline: I think problem is 
multiple "0.0.0.0/0" allowed IPs.


Can you help me?

Thanks






___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard


use another "server" port for the second vpn

Regards

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard