On Fri, Aug 10, 2018, 3:16 PM em12345 wrote:
> Hi,
>
> > From my point of view, the only thing which makes me uncomfortable about
> > wireguard is the lack of any second authentication factor. Your private
> > key is embedded in a plaintext file in your device (e.g. laptop), not
> > even protecte
Hello together,
> In the absence of that, it would be nice if the private key which is
> stored on the laptop were encrypted with a passphrase. Simplest option
> may be to extend wg-quick so that the entire config file can be
> pgp-encrypted.
one can already do that via the wg-quick PostUp hook,
I am sure I am using Fedora Server 28 (not rawhide).
I installed a same version (Fedora Server 28 x64, with the default software
selection) on VirtualBox just now, updated all dependencies (sudo dnf
update), and then installed Wireguard. Same problem occurred.
On Fri, Aug 10, 2018 at 10:17 AM Jaso
Hi,
> From my point of view, the only thing which makes me uncomfortable about
> wireguard is the lack of any second authentication factor. Your private
> key is embedded in a plaintext file in your device (e.g. laptop), not
> even protected with a passphrase.
Most VPN authentications are just au
>
> On 10/08/18 16:40, jungle Boogie wrote:
>> If someone already has my ssh key, I'd revoke it - regardless if
>> they had the password or not. Same with the WG key - shutdown the
>> tunnel, remove the affected peer and start it back up.
>
> No need to interrupt the tunnel.
>
> # wg set peer rem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 10/08/18 16:40, jungle Boogie wrote:
> If someone already has my ssh key, I'd revoke it - regardless if
> they had the password or not. Same with the WG key - shutdown the
> tunnel, remove the affected peer and start it back up.
No need to interr
On 10 August 2018 at 09:03, Brian Candler wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say, a
On Fri, 10 Aug 2018, 19:04 Brian Candler, wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say,
On 10/08/2018 16:03, Roman Mamedov wrote:
But I'd feel a lot happier if a second level of authentication were
required to establish a wireguard connection, if no packets had been
flowing for more than a configurable amount of time - say, an hour. It
would give some comfort around lost/stolen devi
hello,
just to say you, as a simple end user
we are using wireguard since one year for our product,
we have 10K tunnels deployed ,
wireguard is perfect for us, very simple, we can develop our specific
code on top of if ( key management , )
so +1 for jason vision
thanks for this piece of code
Re
On Fri, 10 Aug 2018 14:35:14 +0100
Brian Candler wrote:
> From my point of view, the only thing which makes me uncomfortable
> about wireguard is the lack of any second authentication factor. Your
> private key is embedded in a plaintext file in your device (e.g.
> laptop), not even protected
On Fri, Aug 10, 2018 at 02:35:14PM +0100, Brian Candler wrote:
From my point of view, the only thing which makes me uncomfortable
about wireguard is the lack of any second authentication factor. Your
private key is embedded in a plaintext file in your device (e.g.
laptop), not even protected w
On 10.08.2018 15:35, Brian Candler wrote:
> Whilst I appreciate that wireguard is symmetrical, a common use case
> is to have remote "clients" with a central "office". I'm thinking
> about a hook whereby the "office" side could request extra
> authentication when required - e.g. if it sees a conne
Please excuse my brevity, phone typing here...
On Fri, 10 Aug 2018, 16:36 Brian Candler, wrote:
> Thanks for explaining the project background, and your very sensible
> goals of simplicity and robustness. And thanks for releasing this
> excellent piece of software.
>
> From my point of view, t
For whatever reason, in the last several weeks, WireGuard been receiving a
considerable amount of attention, and with that comes various parties
interested in the project moving in this direction or in that direction. And
more generally, over the last year or so, we've seen a decent amount of
inte
- skb_checksum_setup can only handle TCP/UDP protocols under top level
IP header, packets with other protocols (like GRE) are sent out by
Wireguard with unfinished partial checksums which causes problems on
receiving side (bad checksums).
- skb_encrypt gets skb prepared by network stack, so there
Hi,
I'm using GRE tunnel (transparent Ethernet bridging flavor) over Wireguard
interface to be able to bridge L2 network segments. The typical protocol chain
looks like this IP->GRE->EthernetHeader->IP->UDP. UDP here is the packet sent
from the L2 network segment which is tunneled using GRE ove
17 matches
Mail list logo
