Hello,
I have installed Wireguard on multiple location, servers, on each of this
server I have 1Gbps link, my problem is that I'm not able to get more that
~100-120Mbps for download and ~200Mbps Upload, any idea why?
As a server I use CentOS 7 as for "client" I use Windows 10 with
Am 10.12.2019 um 20:22 schrieb Jason A. Donenfeld:
We'd considered it, but the fear is that it will be used to spread
malware and RCE. Linux command line users can generally be trusted to
check the config files they're writing into /etc/wireguard, but I
don't have that same feeling about
On 11.12.2019 1:09, Jason A. Donenfeld wrote:
On Tue, Dec 10, 2019 at 11:03 PM Vasili Pupkin wrote:
As far as I know both of them are maintained in the same repository and
both use the same userspace library to interact with the kernel and down
there all the rules are translated into BPF code
On Tue, Dec 10, 2019 at 11:03 PM Vasili Pupkin wrote:
> As far as I know both of them are maintained in the same repository and
> both use the same userspace library to interact with the kernel and down
> there all the rules are translated into BPF code which in turn is
> compiled into machine
On 10.12.2019 20:12, Roman Mamedov wrote:
On Tue, 10 Dec 2019 17:54:49 +0100
"Jason A. Donenfeld" wrote:
iptables rules and nftables rules can co-exist just fine, without any
translation needed. Indeed if your iptables is symlinked to
iptables-nft, then you'll insert nftables rules when you
On Tue, Dec 10, 2019 at 9:30 PM Jordan Glover
wrote:
>
> On Tuesday, December 10, 2019 7:15 PM, Jason A. Donenfeld
> wrote:
>
> > On Tue, Dec 10, 2019 at 7:58 PM Jordan Glover
> > golden_mille...@protonmail.ch wrote:
> >
> > > On Tuesday, December 10, 2019 5:36 PM, Jason A. Donenfeld
On Tuesday, December 10, 2019 7:15 PM, Jason A. Donenfeld
wrote:
> On Tue, Dec 10, 2019 at 7:58 PM Jordan Glover
> golden_mille...@protonmail.ch wrote:
>
> > On Tuesday, December 10, 2019 5:36 PM, Jason A. Donenfeld ja...@zx2c4.com
> > wrote:
> >
> > > On the other hand, if what you say is
We'd considered it, but the fear is that it will be used to spread
malware and RCE. Linux command line users can generally be trusted to
check the config files they're writing into /etc/wireguard, but I
don't have that same feeling about plug-and-chug Windows users
pointing and clicking their way
On Tue, Dec 10, 2019 at 7:58 PM Jordan Glover
wrote:
>
> On Tuesday, December 10, 2019 5:36 PM, Jason A. Donenfeld
> wrote:
>
> >
> > On the other hand, if what you say is actually true in our case, and
> > nftables is utter crap, then perhaps we should scrap this nft(8) patch
> > all together
On Tue, 10 Dec 2019 18:36:06 +0100
"Jason A. Donenfeld" wrote:
> That bachelors thesis says in the abstract, "Latency was measured
> through the round-trip time of ICMP packets while throughput was
> measured by generating UDP traffic using iPerf3. The results showed
> that, when using linear
On Tue, Dec 10, 2019 at 6:30 PM Vasili Pupkin wrote:
>
> On 10.12.2019 18:48, Jason A. Donenfeld wrote:
>
> > restore '%s-I PREROUTING ! -i %s -d %s -m addrtype ! --src-type LOCAL -j
> > DROP
> > nftcmd '%sadd rule %s %s preraw iifname != %s %s daddr %s fib saddr type !=
> > local drop
>
>
> I
Hi Roman,
On Tue, Dec 10, 2019 at 6:12 PM Roman Mamedov wrote:
>
> On Tue, 10 Dec 2019 17:54:49 +0100
> "Jason A. Donenfeld" wrote:
>
> > iptables rules and nftables rules can co-exist just fine, without any
> > translation needed. Indeed if your iptables is symlinked to
> > iptables-nft, then
On 10.12.19 18:12, Roman Mamedov wrote:
> It's the systemd and
> pulseaudio story all over again
By that metric I can only assume that nft is a huge improvement over
iptables.
We have to deal with iptables vs. nfstables, just like we have to deal
with various vendor kernels. Complaining on-list
On 10.12.2019 18:48, Jason A. Donenfeld wrote:
restore '%s-I PREROUTING ! -i %s -d %s -m addrtype ! --src-type LOCAL -j DROP
nftcmd '%sadd rule %s %s preraw iifname != %s %s daddr %s fib saddr type !=
local drop
I am trying to understand the rulesets. When you check the type of the
source
On Tue, Dec 10, 2019 at 6:13 PM Roman Mamedov wrote:
> nftables is slower than iptables across pretty much every metric[1][2]. It
> only wins where a pathological case is used for the iptables counterpart
> (e.g.
> tons of single IPs as individual rules and without ipset). It is a disaster
>
On Tue, Dec 10, 2019 at 6:05 PM Jordan Glover
wrote:
>
> On Tuesday, December 10, 2019 4:54 PM, Jason A. Donenfeld
> wrote:
>
> > On Tue, Dec 10, 2019 at 5:52 PM Jordan Glover
> > golden_mille...@protonmail.ch wrote:
> >
> > > On Tuesday, December 10, 2019 3:48 PM, Jason A. Donenfeld
On Tue, 10 Dec 2019 17:54:49 +0100
"Jason A. Donenfeld" wrote:
> iptables rules and nftables rules can co-exist just fine, without any
> translation needed. Indeed if your iptables is symlinked to
> iptables-nft, then you'll insert nftables rules when you try to insert
> iptables rules, but it
On Tuesday, December 10, 2019 4:54 PM, Jason A. Donenfeld
wrote:
> On Tue, Dec 10, 2019 at 5:52 PM Jordan Glover
> golden_mille...@protonmail.ch wrote:
>
> > On Tuesday, December 10, 2019 3:48 PM, Jason A. Donenfeld ja...@zx2c4.com
> > wrote:
> >
> > > If nft(8) is installed, use it. These
On Tue, Dec 10, 2019 at 5:52 PM Jordan Glover
wrote:
>
> On Tuesday, December 10, 2019 3:48 PM, Jason A. Donenfeld
> wrote:
>
> > If nft(8) is installed, use it. These rules should be identical to the
> > iptables-restore(8) ones, with the advantage that cleanup is easy
> > because we use
On Tuesday, December 10, 2019 3:48 PM, Jason A. Donenfeld
wrote:
> If nft(8) is installed, use it. These rules should be identical to the
> iptables-restore(8) ones, with the advantage that cleanup is easy
> because we use custom table names.
>
I wonder if nft should be used only if iptables
Le 9 décembre 2019 à 12:15:45, Mark Schmidt
(knu...@gmx.de(mailto:knu...@gmx.de)) a écrit:
> Hello!
>
> I hope I'm in the right place to ask this.
>
> I'm trying to familiarise myself with Wireguard, and I like it so far.
> One issue though: The Linux version has PostUp and PreDown options in
>
Can I have your signed-off-by line, please?
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
https://github.com/WireGuard/WireGuard/compare/77da189d3399ca4e6c8f016726b6fc3b5dfe91cd...d312da9b8f2834b0d1f4f91cee1b26b3bcc0674c.patch
The change for `out_length` is for consistency with `array_data`, the
general corpus uses `outlen`.
___
WireGuard
On 12/9/19 5:49 AM, Jason A. Donenfeld wrote:
> I'd definitely be interested in this. Back in 2015, that was the plan.
> Then it took a long time to get to where we are now, and since then
> wg(8) has really evolved into its own useful thing. The easiest thing
> would be to move wg(8) wholesale
If nft(8) is installed, use it. These rules should be identical to the
iptables-restore(8) ones, with the advantage that cleanup is easy
because we use custom table names.
---
Hey folks,
I'd appreciate a review from some of the nftables experts on this list
who requested this.
Thanks,
Jason
On Monday, December 9, 2019 3:53 PM, Fredrik Strömberg
wrote:
> On Mon, Dec 9, 2019 at 4:46 PM Daniel Kahn Gillmor
> d...@fifthhorseman.net wrote:
>
> > On Mon 2019-12-09 11:12:23 +0100, Jason A. Donenfeld wrote:
> >
> > > I'm happy to announce that WireGuard has been merged into Dave
> > >
26 matches
Mail list logo