On Sat, Apr 14, 2018 at 03:38:46AM +0200, Jason A. Donenfeld wrote:
> 2) When we pad the packet payload. In this case, we pad it to the
> nearest multiple of 16, but we don't let it exceed the device MTU.
> This is skb_padding in send.c. This behavior seems like the bug in
> your particular case,
Hi Bruno,
You can't set multiple peers to use 0.0.0.0/0 at the same time on the
same interface. How would it be able to choose which peer to send
traffic to then? Instead, if you want some kind of redundancy or
bonding, you can try using multiple interfaces, and then use whatever
traditional
If you can have SIDE_A connect to SIDE_B and enable
persistent-keepalive, that should take care of things mostly. If you
can't do that for whatever reason, there are hole punching tricks like
[1] and [2].
[1] https://git.zx2c4.com/WireGuard/tree/contrib/examples/nat-hole-punching
[2]
On Fri, Mar 16, 2018 at 3:38 AM, Samuel Holland wrote:
> I've looked into this, and it is unfortunately quite difficult to do. The app
> can register to receive notification about network changes, but unfortunately
> there's no* way for the app to tell the Android
You may need to run as root:
sysctl net.ipv4.ip_forward=1
You also may want a -o wg0 rule on the FORWARD table, if you don't
also have an established/related rule there.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
Hi Roman,
This also came up in another thread I was replying to earlier tonight.
While one way indeed is to have an 'include' directive, it seems
simple enough to just do something like:
$ wg setconf wg0 <(cat /etc/wireguard/mysite.conf.d/*.conf)
And then you can have various fragments in there
Hi Roman,
I think that your idea of setting a route-based MTU _should_ work, and
it seems like a bug if it isn't working. There are two places in
WireGuard which directly touch the MTU:
1) When we split GSO superpackets up into normal sized packets. This
code is supposed to be aware of the
Hi Riccardo,
Based on those tcpdump timestamps, it looks like the handshake
response happens nearly immediately after the handshake initiation.
Yet from your description, it appears only after many moments. In my
experience, tcpdump blocks like this when it has to do too many DNS
resolutions and
Hi Saeid,
Your email got sent to my spam folder. Sorry about that. Thanks for
following up on this, Luis.
Based on Luis' analysis and first patch, I've written a fix here:
https://git.zx2c4.com/WireGuard/commit/?id=406709a6cfee08139daf6f6a58088c45e125e291
Let me know if this works as you
I didn't think about using tcpdump by checking the default interface,
thanks for the suggestion!
I updated to the April 2018 snapshot on every peer.
I removed the server endpoints and since I was there, switched the
server port to 51820, the protocol "default" one. It still works for the
Hello vtol,
OpenWRT has its own robust configuration system, which can do nice
things like avoid circular routing. For that reason, the set of tricks
that wg-quick uses are best avoided on those types of fully-managed
systems. That's why it's not included in the package. Perhaps it
should be,
Hi ST,
On Mon, Mar 26, 2018 at 7:17 PM, ST wrote:
> 1. Labels.
>
> Is it possible to add an optional label to a peer to make it a bit more
> usable for humans (who tend not to remember IPs or keys). A label
> associated with a peer is just a string (could be a first/last name,
Hi Chirstophe,
Thanks for writing this. Very cool work. As part of GSoC this summer,
Martin (CC'd) is going to be working on a dynamic provisioning
protocol over IPv6. One of the things we'll be investigating is
whether it's best to derive a v6 address from a public key or whether
it's best to
For your use case, I'd suggest you use multiple peers on a single
interface with a single listen port.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hi Jun,
Fascinating. I really don't know and I'll need to spend some time
looking into what on earth Broadcom has done with this kernel. There
appears to be some kind of data structure added to the skb that isn't
an skb anymore, under CONFIG_BCM_KF_NBUFF. "KuffinBuff"? I imagine the
correct
When you type "wg", does it show you a "latest handshake"? If not,
perhaps they're not even communicating at all. For this, you could
look for udp packets on port 21 and see what's up.
Also, you might simplify things a bit by:
- Removing all mentions of Endpoint on the server, since the server
Hello,
as mentioned earlier I'm looking for ways to automate IPs assignment and
more general - addition of new peers into a VPN through a central WG
server.
It was suggested to use DHCP server/client. Are there tutorials
somewhere on how to do that?
Maybe you are aware of other
I wasn't clear in the previous email, I'm only seeing ICMP requests and
not answers so no traffic through the tunnel.
Also, I have not setup forwarding to another interface, maybe that's the
next step for a road-warrior OpenVPN-like setup, but at the moment I'm
keeping things simple and I'm
18 matches
Mail list logo