Re: [PATCH] Add japanese translation.

[Samuel Holland]

On 2/14/20 11:27 PM, Eiji Tanioka wrote:
> Hi, Samuel.
> 
> Thank you for your reply!
> I re-created patch.

Thanks, applied:
https://git.zx2c4.com/wireguard-android/commit/?id=822f72df956ecd3aaa6a2b254e059e38ba5122e4
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH] Add japanese translation.

[Samuel Holland]

On 2/13/20 4:31 AM, Eiji Tanioka wrote:
> This patch is Japanese translation for wireguard-android.

Thank you for the patch!

Yes, `git format-patch` and sending to this list is how we're currently
accepting contributions to the Android app.

Next time, please also include your Signed-off-by: line in the commit message.

> ---
>  app/src/main/res/values-ja/strings.xml | 300 -
>  1 file changed, 150 insertions(+), 150 deletions(-)

It looks like you created this file in a previous commit. Please squash your
changes to a single commit that creates the file with its final contents.

Thanks,
Samuel
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: CryptoKey Routing Management for Peers

[Derrick Lyndon Pallas]

You might also want to check out https://pypi.org/project/wgnlpy/ which is a 
Wireguard configuration library for python.

~Derrick • iPhone

> On Feb 14, 2020, at 3:02 AM, Barrett Strausser  wrote:
> 
> 
> I don't doubt that it can handle 1M peers. 
> 
> My question was more concerned with can an Organization perform the 
> configuration management to handle 1M peers if all configuration is through a 
> static IP.
> 
> If I have 1M peers and . have no change per day, that still leaves 100 
> changes or ~4 per hour. I'd argue it is a good practice to have to restart 
> services to pick up those changes.
> 
> I'll have a look at those links. Thank you very much
> 
> -b
> 
> 
> 
>> On Sat, Feb 8, 2020 at 4:29 PM Jason A. Donenfeld  wrote:
>> WireGuard has an API, via Netlink. This might help you:
>> 
>> https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library
>> https://git.zx2c4.com/wireguard-tools/tree/src/uapi/linux/wireguard.h
>> 
>> It can handle 1M peers, yes.
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH] Implement reading keys from stdin.

[Hristo Venev]

On Fri, 2020-02-14 at 12:17 +0100, Jason A. Donenfeld wrote:
> Except the command line arguments have length limits you'll hit
> anyway. Wouldn't the better way to do this be passing a config file
> to
> `wg setconf wg0 /dev/stdin`?

Yes, they would be better. However each command has slight
inefficiencies for my usecase:
 - `wg setconf` removes the endpoints of peers that don't have a static
endpoint address
 - `wg addconf` cannot remove peers
 - `wg syncconf` needs to be given the exact allowed IPs of all peers
it has to keep, not just the ones that have changed. It will also
remove all peers that were added manually by the user (and not by my
daemon).

For now I will either use `wg syncconf`, or maybe `wg addconf` +
multiple `wg set peer remove`.

I've been thinking, how stable is the IPC protocol? It might be nice to
have a tool/daemon/something that makes it possible to use the protocol
to configure devices that natively use netlink or OpenBSD ioctls.


signature.asc
Description: This is a digitally signed message part
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[ANNOUNCE] wireguard-linux-compat v0.0.20200215 released

[Jason A. Donenfeld]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello,

A new version, v0.0.20200215, of the backported WireGuard kernel module for
3.10 <= Linux <= 5.5.y has been tagged in the git repository.

Please note that until Linux 5.6 is released, this snapshot is a
snapshot rather than a secure final release.

== Changes ==

  * send: cleanup skb padding calculation
  * socket: remove useless synchronize_net
  
  Sorry for the back-to-back releases. This fixes a regression spotted by Eric
  Dumazet.

This release contains commits from: Jason A. Donenfeld.

As always, the source is available at 
https://git.zx2c4.com/wireguard-linux-compat/
and information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  
https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200215.tar.xz
  SHA2-256: 0def6f3608ec06f6dfc454aa5281a7c38b06ff27096cb341448d20602da4e923

A PGP signature of that file decompressed is available here:
  
https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200215.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
  Remember to unxz the tarball before verifying the signature.

If you're a package maintainer, please bump your package version. If you're a
user, the WireGuard team welcomes any and all feedback on this latest version.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl5HJy8QHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrkecEADDiaWXMlsxqEowxnVsZpB3Nl+7gPct4ZMA
KaV6Nj64EFmLLTIpVpLUkttHhWVPlr2Av8lcNO1HE4GeMfQJSgQKhd6ft6a3HYTT
Uq4B8c9+B5Fe++9ROC+NUsJHb1wb1VldKo9x38wAS5U8MKLYP2LTiWwAXbVnDNvk
h+uHpkrGdlXJ9D9d1asjpFQekuemzZ7qdf1W8W5S+6f5rfcH3eAIn0cVghb/iKvW
w9J0lEV8Yny0hq2k24rv6+dzAEHQCALINriZGS0MdNnkwpbcpxvxkQO87jBIVBZz
CNTYWW63JYj/LQagSKBXYMb0jstYMRbdHx37nrmhPFLB27ZwsxtZXDG+ci7MWyqb
hNPHOJQ2HG5OIcjaK+iuXzom+HN/OvwjboTGD3dD0NFuVrjm5zDOaYwjaLW62ijd
/ujys5DxeE0++KBMQ6TMcn+Zakdu5SGmyKcyYrlofTNydY/EsKxdoVdrJrjTUUFg
HN2tjIL6essPLgDyHwJURl2d8y1Jg+unYJb/xKb6CJEVsALpJnbHgJ/CmBjENbGE
GzPWupkuW5ybo4nnMWGzbz3u9sj/sXyTpE2YWRh1UMqMB5BQHqMkXvA0/GUz/EHz
sHdMdSS7+lQgrMQsktxI8E3a9PdxrUCPgZTG+1IyTmR1p4FaClQXvKtQ+eMqHBlT
BGPhnREXpQ==
=RTSb
-END PGP SIGNATURE-
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[ANNOUNCE] wireguard-linux-compat v0.0.20200214 released

[Jason A. Donenfeld]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello,

A new version, v0.0.20200214, of the backported WireGuard kernel module for
3.10 <= Linux <= 5.5.y has been tagged in the git repository.

Please note that until Linux 5.6 is released, this snapshot is a
snapshot rather than a secure final release.

== Changes ==

  * chacha20poly1305: defensively protect against large inputs
  
  Defense-in-depth sort of check.
  
  * netns: ensure that icmp src address is correct with nat
  
  We finally upstreamed the last remaining compat.h hack in this patch series:
  
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=803381f9f117493d6204d82445a530c834040fe6
  That means we can port compat.h to use the new proper API.
  
  * receive: reset last_under_load to zero
  
  Matt found a small optimization while porting the Linux kernel module to
  OpenBSD's kernel.
  
  * send: account for mtu=0 devices
  
  This fixes issues related to setting the MTU of a device to zero.

This release contains commits from: Jason A. Donenfeld.

As always, the source is available at 
https://git.zx2c4.com/wireguard-linux-compat/
and information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  
https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200214.tar.xz
  SHA2-256: 6aaed62beb23803a456b7875a56e9462125a589c9dfb6d0b672c1a8f9f3f45ab

A PGP signature of that file decompressed is available here:
  
https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200214.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
  Remember to unxz the tarball before verifying the signature.

If you're a package maintainer, please bump your package version. If you're a
user, the WireGuard team welcomes any and all feedback on this latest version.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-BEGIN PGP SIGNATURE-

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl5GouAQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrjcREADZ62q40fW86qwDY2c3WglegysWlytKNuy2
fzyg07ZbJpoN4mUWzVxwv96ewkU4q34iwJ/EM5/LGqV+uP4rsLWO8HeaT/TdTsfi
OPSwnx5B89Hc8N+RejDB++eCtVU1nr6BEPIyK/Gi8Ng4biZWea5U7Q85/gAYOLVE
W5HN51XobxRa0W0Y7DYGpMONXXWRXh1YICtROUo51Z/l1SsR9/B8K/uKoXuqGJR7
GKVrjkdSQDJTQIIepkn123xL/2s4QncfSqpDkbxnQKAn1rh3ZlfFDUDsjfJVLFnP
4A+pfF2Z82vURZNgtV70Ur1w0niuIHUC7NMbQJEHaaapMa7CQZ1pkOJR549KGG1r
6PQ28USZf6ZLxY0dkHesuTzkbYlSxM1+Sodi3lqyEmJy/laavVzR62EP/k7d/i9g
UJkDS5yRs8yg4KXLtqUqYJEy62ZTS0CbmbSMFPgPlXYXtymzXec1f4QHE/h2n9Kt
MDH7O4vSxYnKAjj4tHpabIfK8f0Brl7Ha1WOJbYhG7sA9bgylGuMh5ruv8U/SHlY
V4v0/fM4PQxmHJxyzKaQ1BDj14a/zy4LcBogUtGqKJ0X2DQ/HBap154lPM0q5TT8
Ov026Uts4dqIm4lMk2qiC06WaAYhXFHsiunpmBtpOd+dzwHmDc6bMYCdkFRFFZt9
gkjz6SzcOQ==
=leGA
-END PGP SIGNATURE-
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH] Implement reading keys from stdin.

[Jason A. Donenfeld]

On Sun, Feb 9, 2020 at 1:15 AM Hristo Venev  wrote:
>
> On Sat, 2020-02-08 at 23:20 +0100, Jason A. Donenfeld wrote:
> > Trying to get a handle on the use case for this.
>
> I am working on a program [1] that configures a WireGuard interface by
> invoking `wg`. Generally there are multiple peers, and some of them may
> have preshared keys.
>
> Currently the most reasonable way to pass keys is to write each one to
> a temporary file. I think passing all of them over stdin is nicer.

Except the command line arguments have length limits you'll hit
anyway. Wouldn't the better way to do this be passing a config file to
`wg setconf wg0 /dev/stdin`?
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH] Implement reading keys from stdin.

[Mantas Mikulėnas]

On Sun, Feb 9, 2020 at 12:23 AM Jason A. Donenfeld  wrote:

> Thank for the patch, and nice hanging with you at FOSDEM.
>
> Trying to get a handle on the use case for this. Is this so that you
> can put the private key and the preshared key in a single file
> together? Is there a situation where the shell redirection trick
> doesn't cut it? For example:
>
> wg set wg0 private-key <(head -n 1 bothkeys) preshared-key <(tail -n 1
> bothkeys)
>

I would guess there are shells which don't have the <(cmd) bashism...

-- 
Mantas Mikulėnas
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Windows Wireguard with Multiple Endpoints in Different Subnets

[Ingo Naumann]

The config file stays the same. The configuration breaks when I define a
default gateway in my network settings (in order to have the Windows
machine connected to the Internet). From that moment on, the packages
destined to the other ethernet port (the one where the default gateway not
is) are showing up on the wrong port (I can see them with Wireshark). But
only the packages from Wireguard, if I do a simple ping, everything works
because the subnets are all still properly defined.


On Tue, Jan 28, 2020 at 11:38 AM Jason A. Donenfeld  wrote:

> On Tue, Jan 28, 2020 at 11:34 AM  wrote:
> > b) The configuration described above breaks when I define a default
> gateway, e.g. 192.168.0.1.
>
> I didn't quite understand what type of change this sentence implies.
> What's the config file after you make the transformation described in
> (b)?
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: After win2019 server reboot, Wireguard tunnel doesn't start

[Peter Selc]

Hello,

bellow is another occurance of the bug. At 17:19 server was rebooted
because of updates.

The process C:\windows\system32\svchost.exe (bserver) has initiated the
restart of computer bserver on behalf of user NT AUTHORITY\SYSTEM for the
following reason: Operating System: Service pack (Planned)
 Reason Code: 0x80020010
 Shutdown Type: restart
 Comment:

2020-02-11 14:13:29.084361: [TUN] [Server] peer(SuXT…9iko) - Sending
keepalive packet
2020-02-11 14:13:39.080286: [TUN] [Server] peer(SuXT…9iko) - Receiving
keepalive packet
2020-02-11 14:13:39.085654: [TUN] [Server] peer(SuXT…9iko) - Sending
keepalive packet
2020-02-11 14:22:18.562874: [TUN] [Server] peer(SuXT…9iko) - Removing all
keys, since we haven't received a new one in 540 seconds
2020-02-12 17:19:00.295842: [MGR] Exited UI process for user
'admin_user@bserver' for session 2 with status 40010004
2020-02-12 17:19:01.351433: [MGR] Starting UI process for user
‘admin_user@bserver’ for session 2
2020-02-12 17:19:02.508881: [MGR] Exited UI process for user
'admin_user@bserver' for session 2 with status c26b
2020-02-12 17:20:46.494769: [TUN] [Server] Device closing
2020-02-12 17:20:46.532011: [TUN] [Server] Routine: TUN reader - stopped
2020-02-12 17:20:46.574511: [TUN] [Server] Routine: event worker - stopped
2020-02-12 17:20:46.579359: [TUN] [Server] Routine: receive incoming IPv4 -
stopped
2020-02-12 17:20:46.626363: [TUN] [Server] Routine: receive incoming IPv6 -
stopped
2020-02-12 17:20:46.627376: [TUN] [Server] peer(SuXT…9iko) - Stopping...
2020-02-12 17:20:46.627376: [TUN] [Server] peer(SuXT…9iko) - Routine:
sequential sender - stopped
2020-02-12 17:20:46.628361: [TUN] [Server] peer(SuXT…9iko) - Routine: nonce
worker - stopped
2020-02-12 17:20:46.629361: [TUN] [Server] Routine: encryption worker -
stopped
2020-02-12 17:20:46.630362: [TUN] [Server] Routine: decryption worker -
stopped
2020-02-12 17:20:46.630362: [TUN] [Server] Routine: decryption worker -
stopped
2020-02-12 17:20:46.630362: [TUN] [Server] Routine: handshake worker -
stopped
2020-02-12 17:20:46.631382: [TUN] [Server] Routine: handshake worker -
stopped
2020-02-12 17:20:46.631382: [TUN] [Server] Routine: encryption worker -
stopped
2020-02-12 17:20:46.631382: [TUN] [Server] peer(SuXT…9iko) - Routine:
sequential receiver - stopped
2020-02-12 17:20:46.631382: [TUN] [Server] peer(CbnY…MhkI) - Stopping...
2020-02-12 17:20:46.632362: [TUN] [Server] peer(CbnY…MhkI) - Routine:
sequential receiver - stopped
2020-02-12 17:20:46.633361: [TUN] [Server] peer(CbnY…MhkI) - Routine:
sequential sender - stopped
2020-02-12 17:20:46.633361: [TUN] [Server] peer(CbnY…MhkI) - Routine: nonce
worker - stopped
2020-02-12 17:20:46.633361: [TUN] [Server] peer(JRsL…401s) - Stopping...
2020-02-12 17:20:46.633361: [TUN] [Server] peer(JRsL…401s) - Routine:
sequential receiver - stopped
2020-02-12 17:20:46.634362: [TUN] [Server] peer(JRsL…401s) - Routine: nonce
worker - stopped
2020-02-12 17:20:46.634362: [TUN] [Server] peer(JRsL…401s) - Routine:
sequential sender - stopped
2020-02-12 17:20:46.635445: [TUN] [Server] peer(nLK/…f3mE) - Stopping...
2020-02-12 17:20:46.635445: [TUN] [Server] peer(nLK/…f3mE) - Routine:
sequential receiver - stopped
2020-02-12 17:20:46.635445: [TUN] [Server] peer(nLK/…f3mE) - Routine: nonce
worker - stopped
2020-02-12 17:20:46.636367: [TUN] [Server] peer(nLK/…f3mE) - Routine:
sequential sender - stopped
2020-02-12 17:20:46.636367: [TUN] [Server] peer(1WB6…G/xk) - Stopping...
2020-02-12 17:20:46.636367: [TUN] [Server] peer(1WB6…G/xk) - Routine:
sequential receiver - stopped
2020-02-12 17:20:46.637416: [TUN] [Server] peer(1WB6…G/xk) - Routine: nonce
worker - stopped
2020-02-12 17:20:46.638361: [TUN] [Server] peer(1WB6…G/xk) - Routine:
sequential sender - stopped
2020-02-12 17:20:46.638361: [TUN] [Server] peer(akUl…uaHM) - Stopping...
2020-02-12 17:20:46.639378: [TUN] [Server] peer(akUl…uaHM) - Routine:
sequential receiver - stopped
2020-02-12 17:20:46.639378: [TUN] [Server] peer(akUl…uaHM) - Routine: nonce
worker - stopped
2020-02-12 17:20:46.640362: [TUN] [Server] peer(akUl…uaHM) - Routine:
sequential sender - stopped
2020-02-12 17:20:46.640362: [TUN] [Server] peer(UUvS…DwEo) - Stopping...
2020-02-12 17:20:46.641361: [TUN] [Server] peer(UUvS…DwEo) - Routine:
sequential receiver - stopped
2020-02-12 17:20:46.641361: [TUN] [Server] peer(UUvS…DwEo) - Routine:
sequential sender - stopped
2020-02-12 17:20:46.641361: [TUN] [Server] peer(UUvS…DwEo) - Routine: nonce
worker - stopped
2020-02-12 17:20:46.641361: [TUN] [Server] Interface closed
2020-02-12 17:20:46.642361: [TUN] [Server] Shutting down
2020-02-12 17:21:56.974077: [TUN] [Server] Starting WireGuard/0.0.38
(Windows Server 10.0.17763; amd64)
2020-02-12 17:21:56.974077: [MGR] Starting WireGuard/0.0.38 (Windows Server
10.0.17763; amd64)
2020-02-12 17:21:57.199444: [TUN] [Server] SCM locked for 24s by .\NT
Service Control Manager, marking service as started
2020-02-12 17:21:57.203451: [TUN] [Server] Watching network interfaces

Re: [PATCH] Fix formatting in wg-quick(8)

[Ingo Schwarze]

Hi Jason,

Jason A. Donenfeld wrote on Thu, Feb 13, 2020 at 05:31:41PM +0100:
> On Thu, Feb 13, 2020 at 5:50 AM Stephen Gregoratto  
> wrote:

>> +.TH WG-QUICK 8 "2019-02-13" ZX2C4 "WireGuard"

> It's 2020 now, but what would you think of retaining the original
> date? Or do you usually bump it on every change? I'm not sure what the
> convention is.

The .TH macro is supposed to contain the date of the last change.

If you want to explain when something was first implemented,
you can do that below ".SH HISTORY".

>> +.PP
>> +The following might be used for connecting as a client to a VPN gateway for
>> +tunneling all traffic:
>> +.nf
>> +.sp
>> +.RS 6n

> Never seen these three modifiers. They set spacing somehow?

Not sure what you mean by "modifiers".
.nf and .sp are roff(7) requests, .RS is a man(7) macro,
and 6n is a scaling width.

  https://man.openbsd.org/roff.7#nf
  https://man.openbsd.org/roff.7#sp
  https://man.openbsd.org/man.7#RS_2
  https://man.openbsd.org/roff.7#Scaling_Widths

>>  .SH SEE ALSO
>> -.BR wg (8),
>> +.BR pass (1),
>>  .BR ip (8),
>> -.BR ip-link (8),
>>  .BR ip-address (8),
>> +.BR ip-link (8),
>>  .BR ip-route (8),
>>  .BR ip-rule (8),
>> -.BR resolvconf (8).
>> -
>> +.BR iptables (8),
>> +.BR resolvconf (8),
>> +.BR wg (8)
>>  .SH AUTHOR
>>  .B wg-quick

> You've ordered these alphabetically, but the original ordering was
> chosen deliberately.

Sorting first by section, then alphabetically is done by convention.
For example, see this style guide:

  https://mandoc.bsd.lv/mdoc/style/see_also.html

The reason is that the number of references ought to be small,
so deliberate ordering adds little value, and a fixed ordering
results in a more predictable experience for the reader.

Yours,
  Ingo
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH] Change "Deselect All" to "Toggle All" in Excluded apps settings

[Jason A. Donenfeld]

Seems reasonable, but please resubmit with your Signed-off-by: line.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: CryptoKey Routing Management for Peers

[Barrett Strausser]

I don't doubt that it can handle 1M peers.

My question was more concerned with can an *Organization *perform the
configuration management to handle 1M peers if all configuration is through
a static IP.

If I have 1M peers and . have no change per day, that still leaves 100
changes or ~4 per hour. I'd argue it is a good practice to have to restart
services to pick up those changes.

I'll have a look at those links. Thank you very much

-b



On Sat, Feb 8, 2020 at 4:29 PM Jason A. Donenfeld  wrote:

> WireGuard has an API, via Netlink. This might help you:
>
> https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library
> https://git.zx2c4.com/wireguard-tools/tree/src/uapi/linux/wireguard.h
>
> It can handle 1M peers, yes.
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard looses internet connection intermittently.

[Kunal Shah]

I think I found the problem, there is a typo in my iptable command. While
editing with vi, I may have added additional i in the end of MASQUERADE. I
removed it and restarted it. Now I am monitoring for issues.

On Sun, 9 Feb 2020 at 10:55, Kunal Shah  wrote:

> Hi Jason,
>
> Thanks for your response. After the changes you suggested, It still gives
> me the same problem. Now my GCP server wireguard configuration looks like
> this.
>
> [Interface]
> Address = 192.168.1.1
> SaveConfig = true
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
> ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t
> mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
> -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
> ListenPort = 51840
> PrivateKey = 
> MTU=1380
>
> [Peer]
> PublicKey = 
> AllowedIPs = 192.168.1.2/32
>
> On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld  wrote:
>
>> GCP uses an MTU of 1460 because Google's network does weird things.
>> That means the MTU for WireGuard should be 1380. On the GCP box, try
>> adding `MTU=1380` to your config and add this line to PostUp: `
>> ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j
>> TCPMSS --clamp-mss-to-pmtu`
>>
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard looses internet connection intermittently.

[Kunal Shah]

Hi Jason,

Thanks for your response. After the changes you suggested, It still gives
me the same problem. Now my GCP server wireguard configuration looks like
this.

[Interface]
Address = 192.168.1.1
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t
mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
-j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
ListenPort = 51840
PrivateKey = 
MTU=1380

[Peer]
PublicKey = 
AllowedIPs = 192.168.1.2/32

On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld  wrote:

> GCP uses an MTU of 1460 because Google's network does weird things.
> That means the MTU for WireGuard should be 1380. On the GCP box, try
> adding `MTU=1380` to your config and add this line to PostUp: `
> ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j
> TCPMSS --clamp-mss-to-pmtu`
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[PATCH] Add japanese translation.

[Eiji Tanioka]

This patch is Japanese translation for wireguard-android.

---
 app/src/main/res/values-ja/strings.xml | 300 -
 1 file changed, 150 insertions(+), 150 deletions(-)

diff --git a/app/src/main/res/values-ja/strings.xml 
b/app/src/main/res/values-ja/strings.xml
index 336cd4e..2044f4b 100644
--- a/app/src/main/res/values-ja/strings.xml
+++ b/app/src/main/res/values-ja/strings.xml
@@ -1,180 +1,180 @@
 
 
 
-Unable to delete %d tunnel: %s
-Unable to delete %d tunnels: %s
+%d トンネルを削除できません: %s
+%d トンネルを削除できません: %s
 
 
-Successfully deleted %d tunnel
-Successfully deleted %d tunnels
+%d トンネルを削除しました
+%d トンネルを削除しました
 
 
-%d tunnel selected
-%d tunnels selected
+%d トンネルを選択
+%d トンネルを選択
 
 
-Imported %d of %d tunnels
-Imported %d of %d tunnels
+%d 個（全 %d 個）のトンネル設定をインポート
+%d 個（全 %d 個）のトンネル設定をインポート
 
 
-Imported %d tunnel
-Imported %d tunnels
+%d 個のトンネル設定をインポート済
+%d 個のトンネル設定をインポート済
 
 
-%d Excluded Application
-%d Excluded Applications
+除外アプリ %d 個
+除外アプリ %d 個
 
-Add peer
+ピアを追加する
 Addresses
 Allowed IPs
 WireGuard
 %1$s\'s %2$s
 %s
 %1$s in %2$s
-: Must be positive and no more 
than 65535
-: Must be 
positive
-: Must be a valid UDP port 
number
-Invalid key
-Invalid number
-Invalid value
-Missing 
attribute
-Missing section
-Missing value
-Syntax error
-Unknown 
attribute
-Unknown section
-Value out of 
range
-File must be .conf or .zip
-Cancel
-Cannot delete configuration file 
%s
-Configuration for “%s” already 
exists
-Configuration file “%s” already 
exists
-Configuration file “%s” not 
found
-Cannot rename configuration file 
“%s”
-Cannot save configuration for “%1$s”: 
%2$s
-Successfully saved configuration for 
“%s”
-Create WireGuard Tunnel
-Cannot create local binary 
directory
-Create from scratch
-Create from file or archive
-Create from QR code
-Cannot create output 
directory
-Cannot create file in downloads 
directory
-Cannot create local temporary 
directory
-Create Tunnel
-Currently using light (day) 
theme
-Currently using dark (night) 
theme
-Use dark theme
-Delete
-Deselect All
-DNS servers
-Edit
-Endpoint
-Error bringing down tunnel: %s
-Error fetching apps list: %s
-Please obtain root access and try again
-Error bringing up tunnel: %s
-Exclude private IPs
-Excluded Applications
-Generate
-Unknown “%s” error
-(auto)
-(generated)
-(optional)
-(random)
-Illegal file name “%s”
-Unable to import tunnel: %s
-Import Tunnel from QR Code
-Imported “%s”
-Interface
-: WireGuard base64 keys must 
be 44 characters (32 bytes)
-: WireGuard keys must be 32 
bytes
-: WireGuard hex keys must be 64 
characters (32 bytes)
-Listen port
-Unable to export log: %s
-Saved to “%s”
-Log file will be saved to downloads 
folder
-Export log file
-Unable to run logcat: 
-Unable to determine kernel module 
version
-No modules are available for 
your device
-The experimental kernel module can 
improve performance
-Success. The application will 
restart in 5 seconds
-Download and install kernel 
module
-Downloading and 
installing…
-Something went wrong. Please try 
again
+: 65535未満の正の整数を指定してください
+: 正の整数を指定
+: 有効な UDP 
ポート番号を指定してください
+無効な鍵
+無効な数字
+無効な値
+属性が不足しています
+セクションが不足しています
+値が不足しています
+構文エラー
+未知の属性
+未知のセクション
+範囲外の値
+ファイルの拡張子は .conf か .zip です
+キャンセル
+%s の定義を削除できません
+"%s" の定義はすでに存在します
+設定ファイル "%s" はすでに存在します
+設定ファイル "%s" が見つかりません
+設定ファイル "%s" の名前を変更できません
+“%1$s” の設定を保存できません: %2$s
+"%s" の設定を保存しました
+WireGuard トンネルの作成
+ローカルバイナリディレクトリを作成できません
+空の状態から作成
+ファイル、アーカイブから作成
+QRコードから作成
+出力ディレクトリを作成できません
+ダウンロードディレクトリにファイルを作成できません
+ローカルに一時ディレクトリを作成できません
+トンネルを作成
+ライト（日中）テーマを使用中
+ダーク（夜間）テーマを使用中
+ダークテーマを使用する
+削除
+すべての選択を解除
+DNS サーバ
+編集
+エンドポイント
+トンネル停止時エラー: %s
+アプリ一覧取得エラー: %s
+root 権限を取得して再試行してください
+トンネル起動時エラー: %s
+プライベート IP アドレスの除外
+除外されたアプリケーション
+生成
+未知のエラー “%s”
+(自動)
+(生成済み)
+(任意)
+(ランダム)
+不正なファイル名 “%s”
+トンネル設定をインポートできません: %s
+QR コードからトンネル設定をインポートできません
+インポートしました “%s”
+インターフェース
+: WireGuard base64 
鍵は44文字（32バイト）でなければなりません
+: WireGuard 
鍵は32バイトでなければなりません
+: WireGuard hex 
鍵は64文字（32バイト）でなければなりません
+Listen ポート
+ログをエクスポートできません: %s
+“%s” に保存しました
+ログはダウンロードフォルダに保存されます
+ログのエクスポート
+logcat を実行できません: 
+カーネルモジュールバージョンを特定できません
+このデバイス用のモジュールは利用できません
+実験的カーネルモジュールはパフォーマンスが向上する場合があります
+成功. アプリは5秒後以内に再起動します
+

[PATCH] Change "Deselect All" to "Toggle All" in Excluded apps settings

[sebcbi1]

From: sebcbi1 

Android : Change functionality in excluded apps dialog for better user 
experience when user wants only one or few apps to use wireguard
Please review italian and russian translation

---
 .../com/wireguard/android/fragment/AppListDialogFragment.java | 4 ++--
 app/src/main/res/values-it/strings.xml| 2 +-
 app/src/main/res/values-ru/strings.xml| 2 +-
 app/src/main/res/values/strings.xml   | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git 
a/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java 
b/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java
index 67059c7..c513d47 100644
--- 
a/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java
+++ 
b/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java
@@ -98,7 +98,7 @@ public class AppListDialogFragment extends DialogFragment {
 
 alertDialogBuilder.setPositiveButton(R.string.set_exclusions, (dialog, 
which) -> setExclusionsAndDismiss());
 alertDialogBuilder.setNegativeButton(R.string.cancel, (dialog, which) 
-> dialog.dismiss());
-alertDialogBuilder.setNeutralButton(R.string.deselect_all, (dialog, 
which) -> {
+alertDialogBuilder.setNeutralButton(R.string.toggle_all, (dialog, 
which) -> {
 });
 
 binding.setFragment(this);
@@ -109,7 +109,7 @@ public class AppListDialogFragment extends DialogFragment {
 final AlertDialog dialog = alertDialogBuilder.create();
 dialog.setOnShowListener(d -> 
dialog.getButton(DialogInterface.BUTTON_NEUTRAL).setOnClickListener(view -> {
 for (final ApplicationData app : appData)
-app.setExcludedFromTunnel(false);
+app.setExcludedFromTunnel(!app.isExcludedFromTunnel());
 }));
 return dialog;
 }
diff --git a/app/src/main/res/values-it/strings.xml 
b/app/src/main/res/values-it/strings.xml
index 2aba5f8..b37d792 100644
--- a/app/src/main/res/values-it/strings.xml
+++ b/app/src/main/res/values-it/strings.xml
@@ -66,7 +66,7 @@
 Stai usando il tema scuro 
(notte)
 Usa tema scuro
 Elimina
-Deseleziona tutto
+Inverti tutto
 Server DNS
 Modifica
 Endpoint
diff --git a/app/src/main/res/values-ru/strings.xml 
b/app/src/main/res/values-ru/strings.xml
index 2f2c03b..00b96fb 100644
--- a/app/src/main/res/values-ru/strings.xml
+++ b/app/src/main/res/values-ru/strings.xml
@@ -66,7 +66,7 @@
 В данный момент используется темная 
(ночная) тема
 Использовать темную тему
 Удалить
-Снять выделенное
+Инвертировать все
 DNS-серверы
 Редактировать
 Конечная точка
diff --git a/app/src/main/res/values/strings.xml 
b/app/src/main/res/values/strings.xml
index 336cd4e..89a32c0 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -66,7 +66,7 @@
 Currently using dark (night) 
theme
 Use dark theme
 Delete
-Deselect All
+Toggle All
 DNS servers
 Edit
 Endpoint
-- 
2.25.0

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH] Implement reading keys from stdin.

[Hristo Venev]

On Sat, 2020-02-08 at 23:20 +0100, Jason A. Donenfeld wrote:
> Trying to get a handle on the use case for this.

I am working on a program [1] that configures a WireGuard interface by
invoking `wg`. Generally there are multiple peers, and some of them may
have preshared keys.

Currently the most reasonable way to pass keys is to write each one to
a temporary file. I think passing all of them over stdin is nicer.

[1] https://git.venev.name/hristo/wgconfd/


signature.asc
Description: This is a digitally signed message part
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Japanese Translation for Android app

[Eiji Tanioka]

Hello,

I recently started to use WireGuard, this is great product.
I have Galaxy S9, iPad Pro, MacbookAir, and all of they can use WireGuard
Tunnel.
It is useful for me.

I want to contribute this product, but I can't write code, I don't have
build environment, so what can I do?
I can translate to Japanese, so start translate wireguard-android and
wireguard-apple.

Today, I made translation patch for Android App. How do I send patch?
"git format-patch" and "git send-email" directly to this ML?

Thanks,
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH net] wireguard: device: provide sane limits for mtu setting

[Quan Zhou]

Hi Samir,

I didn't realize this. You convinced me on this one. Thanks!

On 2/14/20 15:11, Samir Nassar wrote:

Hello,

from https://github.com/google/syzkaller/blob/master/docs/syzbot.md

"syzbot system continuously fuzzes main Linux kernel branches and automatically 
reports found bugs to kernel mailing lists."

As I understand it, fuzzing is applying changes to inputs to see what breaks 
and, in this case, fix it.

It doesn't make sense to set an MTU to 0 so why allow the program to crash on 
setting the MTU to zero instead of giving back a useful error or preventing the 
crash in other ways.

Providing dev->min_mtu and dev->max_mtu bounds is a nice thing to do.

Samir

On February 14, 2020 7:40:23 AM GMT+01:00, Quan Zhou  wrote:

I'm just curious, under what circumstances would people set mtu to
zero?

On 2/14/20 14:38, Eric Dumazet wrote:

If wireguard device mtu is set to zero, a divide by zero
crash happens in calculate_skb_padding().

This patch provides dev->min_mtu and dev->max_mtu bounds.

Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Eric Dumazet 
Reported-by: syzbot 
Cc: Jason A. Donenfeld 
Cc: wireguard@lists.zx2c4.com
---
   drivers/net/wireguard/device.c | 5 +
   1 file changed, 5 insertions(+)

diff --git a/drivers/net/wireguard/device.c

b/drivers/net/wireguard/device.c

index

43db442b1373073eaf5e805cfe6cfee15875437a..c02b84cca122d92ee8a81c5efdcf67aada2554d6
100644

--- a/drivers/net/wireguard/device.c
+++ b/drivers/net/wireguard/device.c
@@ -271,9 +271,14 @@ static void wg_setup(struct net_device *dev)
dev->features |= WG_NETDEV_FEATURES;
dev->hw_features |= WG_NETDEV_FEATURES;
dev->hw_enc_features |= WG_NETDEV_FEATURES;
+
dev->mtu = ETH_DATA_LEN - MESSAGE_MINIMUM_LENGTH -
   sizeof(struct udphdr) -
   max(sizeof(struct ipv6hdr), sizeof(struct iphdr));
+   dev->min_mtu = MESSAGE_PADDING_MULTIPLE;
+   dev->max_mtu = ETH_MAX_MTU - MESSAGE_MINIMUM_LENGTH -
+  sizeof(struct udphdr) -
+  max(sizeof(struct ipv6hdr), sizeof(struct iphdr));
   
   	SET_NETDEV_DEVTYPE(dev, _type);
   

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [PATCH net] wireguard: device: provide sane limits for mtu setting

[Jason A. Donenfeld]

Hi Eric,

On 2/14/20, Eric Dumazet  wrote:
> If wireguard device mtu is set to zero, a divide by zero
> crash happens in calculate_skb_padding().
>
> This patch provides dev->min_mtu and dev->max_mtu bounds.

Thanks for the patch. However, I solved this slightly differently
yesterday afternoon already:
https://git.zx2c4.com/wireguard-linux/commit/?h=stable=06e79ab0d545a20dec1b179fa26841eb0afb1f07
. I've got some additional testing of this to do this afternoon, and
then I'll submit it to the list.

Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard