nyone confirm that this is the case?
If so, is there some limitation or other issue that is preventing the
functionality from being implemented? Or is it simply a matter of the
code not being written yet? Would patches be welcomed in this case?
Best,
John
I have a lots of multihomed routers setup for vpn site to site and
running bgp over the vpn mesh.
First, make sure these are all 0 as are multihomed.
cat $( find /proc/sys/net/ipv4 -name rp_filter )
The other thing I do is I run a different wireguard interface and peer
on a different port and int
I think the ip route with src would work, but only as a short lived
work around. The problem with it is if dealing with dynamic routes is
it could go a way when a link is down and then come back and the src
setting would be lost. You would need the bgp software to add the
src.
UDP is connectionl
profile fails
- Only true with this specific WiFi, ondemand activation works everywhere else
--- Original Message ---
On Sunday, January 1st, 2023 at 3:11 PM, John wrote:
> I am experiencing hit-or-miss connectivity through wireguard when connected
> to a specific, unsecured,
I am experiencing hit-or-miss connectivity through wireguard when connected to
a specific, unsecured, public WiFi from iOS devices. Meaning, I first connect
to the public WiFi at which point, wireless works fine, websites load, etc. but
when I subsequently initiate a wireguard connection, most o
On Thu, Jun 30, 2022 at 3:06 AM Jason A. Donenfeld wrote:
> On Wed, Jun 29, 2022 at 09:25:32PM -0700, Kalesh Singh wrote:
> > Two concerns John raised:
> > 1) Adding new ABI we need to maintain
> > 2) Having unclear config options
> >
> > Another idea, I think
specific than _ANDROID) kernel config is
that it's not exactly clear what the flag really means (which is the
same issue CONFIG_ANDROID has). And more problematic, with this it
would be an ABI.
So for this we probably need to have a very clear description of what
userland is telling the kernel. Because I'm sure userlands behavior
will drift and shift and we'll end up litigating what kind of behavior
is really userspace_autosleeping vs userspace_sortof_autosleeping. :)
Alternatively, maybe we should switch it to describe what behavior
change we are wanting the kernel take (instead of it hinting to the
kernel what to expect from userland's behavior)? That way it might be
more specific.
Again, really appreciate your efforts here!
thanks
-john
itable API for Blake2 that matches WireGuard's needs, but does
provide suitable APIs for the other crypto algorithms used by
WireGuard in 14.0-current.
--
John Baldwin
From: John Sahhar
Signed-off-by: John Sahhar
---
tun/netstack/tun.go | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tun/netstack/tun.go b/tun/netstack/tun.go
index 8b1bb7f..94b59f8 100644
--- a/tun/netstack/tun.go
+++ b/tun/netstack/tun.go
@@ -71,8 +71,11 @@ func
I'll roll it as well. If you see a news item about a murdered IT admin you'll
know the change didn't work this time and my users have sought retribution.
John-Paul
IMPORTANT/CONFIDENTIAL: This e-mail and any attachments may contain
confidential information protected by the
Hi,
Looking for the proper place to get help with DNS in the macOS client.
If this is not it, please point me in the right direction.
I have macOS clients using wireguard to remote into the office. It
works great except the DNS server configured in the wg config (DNS =
X.X.X.X) is not always hono
Kyle, you (and others) have been put in a position you never should have been
put in. You have earned respect from someone who could not be any more outside
the community of core FreeBSD developers for behaving like an adult and
publicly sharing your introspection. I’m sorry if this is seen as a
The posted script works for me, Xubuntu 20.04 kernel 5.4.0-38-generic
x86_64. The first time I ran it, it deleted both [wg-crypt-wg0] instances
but left one kworker process: [kworker/0:0-wg-crypt-wg0]. I then ran it
again and no wg kernel processes were left.
regards,
John
On 30/12/2020 08
Look at the routing table on A, B and the host with two tunnel connections
as well.
On 04/12/2020 08:34, Shulhan wrote:
On 3 Dec 2020, at 23.25, Esteban wrote:
Hello, I take the liberty to contact you, I have a huge bug, and it's not me
who is at fault, I prefer to specify it, some frien
There doesn't appear to be a wg command to flush the config (leave the
wg interface alone)
If this is incorrect please let me know. Otherwise this is a feature request.
For now I'm resorting to having a 'dummy' flush.conf with a random
privkey and no peers and setconf'ing it to devices I want flu
Ps to the network B range.
4) Mirror (3) at the B end.
HTH John
On 26/07/2020 11:57, Gunnar Niels wrote:
Hello, I'm new to wireguard and have been experimenting with it in my home lab.
I'm interesting in using it to join two home networks (192.168.2.0/24 and
192.168.4.0/24). They&#x
, you have up to 5 minutes to update
both sides, or else the session keys are exhausted. Is this correct?
Thanks,
John
Wireguard is defaulting to 1420 MTU, the ethernet adapter is 1500 MTU,
and I have IPv6 completely disabled.
Can/should the MTU of wireguard be bumped to 1440?
On Wed, May 6, 2020 at 6:26 PM Jason A. Donenfeld wrote:
>
> On Wed, May 6, 2020 at 4:24 PM Justin Kilpatrick wrote:
> >
> > > 1340 or 1
There are some applications where you do not want a listener to know that a
channel is being kept alive and no information is being transmitted.
Perhaps the ideal solution would be to add an option to the wg tool to send
a keepalive packet, preferably of arbitrary size within some range. A
script
Your issue sounds similar to mine linked below. Do you find this
endless failed handshakes to be when you're connected to any network
or just a specific one? I routinely connect to 4 networks in my
travels and only 1 of them causes the problem.
Link to my post:
https://lists.zx2c4.com/pipermail/
I have been using the iOS app on several late model iPhones without
issue with the exception of one WiFi network. The problem I
experience (iPhone 7 and iPhone X) is a functional flow of encrypted
data via WireGuard upon an initial connection, but eventually, data
stops flowing/no apps on the phon
Hi,
Port 4500 is the IPSec UDP nat port and 500 is IKE.
Anyconnect uses ISPEC so I think those ports are simply in use.
--John
On 24/09/19 9:36 PM, wiregu...@p-np.de wrote:
Hello,
in place upgrades from iOS 12 -> iOS 13 (release) seem to work well in
general. But there is a bizarre is
Does the iOS settings>battery show a consistent output for WG using
the CPU cycles?
On Sat, Mar 2, 2019 at 2:55 PM kolargol wrote:
>
>
> > Possibly, is PersistentKeepalive defined at the "server" endpoint for your
> > iOS peer ?
> >
> > I would expect a measurable additional battery usage if eit
I am seeing version 1.0.2 of the WireGuard app in the App Store (date
from 1 mo ago) but I see at least 3 newer tagged versions on github.
I'm wondering if something is wrong pushing newer code to the App
Store.
___
WireGuard mailing list
WireGuard@lists.
I reported this a few releases ago[1] and it unfortunately it still
seems to be affecting the latest iOS app.
I found a new wrinkle: if I intentionally add a duplicate profile in
the app to my home VPN, the bug is only present when I connect to the
first profile. When the bug is triggered (ie the
anything else without the error (linux kernel,
ffmpeg, owncloud, nginx, etc.)
> Am 24.01.2019 um 09:57 schrieb John:
> > Thank you for the reply. What is odd is that I can build just fine on
> > Arch x86_64 which uses the identical LDFLAGS. In any case, is your
> > recommendatio
flags which is used for compiling the kernel. so setting
> custom flags should be avoided
>
> Am 23.01.2019 um 22:07 schrieb John:
> > I am running Arch ARM (aarch64) on an ODROID-C2 using gcc v8.2.1.
> > Arch ARM which ships with the following LDFLAGS as defaults,
> > &
I am running Arch ARM (aarch64) on an ODROID-C2 using gcc v8.2.1.
Arch ARM which ships with the following LDFLAGS as defaults,
"-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
When I build wireguard on this device as shown below, I get this error
but am unsure why:
ld: unrecognized option '-Wl
If you are using an F5 LTM load balancer,
Set a keepalive timeout on wireguard.
Assign a UDP profile with a timeout greater than the wireguard keepalive
Assign the Profile to the UDP VIP
--John
On 16/01/2019 4:45 AM, pdub wrote:
> Greetings,
>
> WireGuard is a really cool projec
Enable the debug option when building should print to dmesg.
On Wednesday, January 16, 2019, Konstantin Ryabitsev <
konstan...@linuxfoundation.org> wrote:
> Hello:
>
> For auditing purposes, I would like to be able to log the remote
> endpoint IP for each wg connection on the server side. What's
on (e.g. puppet et al)? The capability is
> already there, unless you need a GUI.
>
> Cheers,
> Steve
>
> On Fri, 11 Jan 2019, 21:09 John Accoun, wrote:
>
>> I need to provision a large number of linux devices on multiple locations
>> and put them all on a VPN.
>
I need to provision a large number of linux devices on multiple locations
and put them all on a VPN.
Configuring each device manually is too tedious. I was thinking of spinning
up a server with a small HTTP api to exchange keys and configure wireguard
on both sides. Then each device would call this
Our package manager, pacman, will display optional dependencies to
users/most known to inspect the output.
My recommendation is to change the wording under the command on your
install page to something like: "Users of the distro provided kernels
(linux and linux-lts) may download the requisite cor
I see that 0.0.20181104-7 was tagged a few days ago, but the only
0.0.20181104-6 is offered by Test Flight. Is there something that
needs to be done or is this expected? Thanks!
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.co
GBytes 872 Mbits/sec receiver
iperf Done.
On Tue, Dec 18, 2018 at 4:49 PM Kalin KOZHUHAROV wrote:
>
>
>
> On Tue, 18 Dec 2018, 20:50 John >
>> On bar:
>> % iperf3 -c 10.0.9.15 -B 10.0.9.16
>> iperf3: error - unable to connect to server: Connection
On Tue, Dec 18, 2018 at 4:49 PM Kalin KOZHUHAROV wrote:
> On Tue, 18 Dec 2018, 20:50 John >
>> On bar:
>> % iperf3 -c 10.0.9.15 -B 10.0.9.16
>> iperf3: error - unable to connect to server: Connection timed outa
>
> iperf -c 10.0.9.15
>
> Also for the se
I want to get iperf3 to benchmark a simple wireguard setup on my LAN.
I have two machines, foo is 192.168.1.228 and bar is 192.168.1.112.
These IP addresses are fully functional on their respective eth0
interfaces. Each one also has a wg0 interface configured as shown
below. I can get iperf3 to
I spoke too soon. After several days without the bug appearing, it
did this afternoon. The only fix was a reboot. I have 2 profiles in
the app. What I found was that as soon as I connected to the first
profile, the wifi icon would immediately disappear with a concurrent
appearance of the LTE ic
I have been banging away on the iOS app v20181104 (5) and it seems to
have corrected the two issues I reported:
1) Wifi dropping
2) Ability to select WG from settings>vpn
Great job and thank you for the attention and quick response.
Merry Christmas to you and your loved ones!
On Thu, Dec 6, 2018
Recommend you run the code through shellcheck and take the
suggestions: https://www.shellcheck.net/
On Thu, Dec 6, 2018 at 6:13 PM Markus Grundmann wrote:
>
> Hi!
>
> I'm new to WireGuard and a formerly user with some experiences on
> OpenVPN with complex setups but sometimes (I believe) a tools m
I think the issue isn't with the WireGuard code but with something
unique to Debian or to dkms. I am able to build the module on Arch
Linux using 4.20-rc4 (linux-mainline package from the AUR) with issue.
I haven't tried dkms (not a fan).
Here is a PKGBUILD for wireguard tools and module without
Summary: Running on an iPhone 7 (iPhone9,1) on iOS 12.1, I sometimes
experience a loss of WiFi connectivity when I connect to my WG
profile. It is not happen 100% of the time. When it does happen, a
reboot of the phone fixes it. Is this a known bug/have others
experienced this?
iOS client versi
3:53 PM Lonnie Abelbeck
wrote:
>
>
> > On Nov 19, 2018, at 2:33 PM, John wrote:
> >
> > Should I stick with the "standard" udp service ports for my
> > trial-and-error based approach? Wikipedia has an article that lists
> > many of these (List_of_T
And also 4433 which is used by DTLS
https://wiki.wireshark.org/DTLS
--dad
On 20/11/18 9:53 AM, Lonnie Abelbeck wrote:
On Nov 19, 2018, at 2:33 PM, John wrote:
Should I stick with the "standard" udp service ports for my
trial-and-error based approach? Wikipedia has an article
Use case: WG VPN server (linux) and iOS clients (I mention that
because the solution need to just-work with the iOS WG client without
extra steps for ease).
Goal: identify a port on which to run WG that has a good chance of
being open to clients on both LTE and public WiFi networks.
I currently r
t was in the wild Verizon
> started DPIing port 53 and now nothing gets through.
>
>
>
> On 11/19/18, John wrote:
> > I have a simple WireGuard VPN setup I use running WG on a home Linux
> > box and connecting to it with several iOS clients. The server peer is
> >
Hello,
If I were to set up a WireGuard server and have multiple clients
connecting to it, is there anything I need to be aware of? Specifically,
I am looking to understand if this is recommended as I already see
commercial offering of WireGuard - but not by all providers - so I was
wondering if th
before I post the entire dump file.
Is the little info I did post diagnostic?
On Mon, Nov 19, 2018 at 2:32 AM M. Dietrich wrote:
>
> Hi John,
>
> Quotation from John at November 18, 2018 19:55:
> > ... on port 53 ... do _not_ work when I connect via LTE
> > (Verizon supp
Are you certain that the dkms rebuild was triggered? Seems like like it
was not. Perhaps manually trigger it and reboot.
On Monday, November 19, 2018, Tosh wrote:
> Hello,
>
> I'm using Wireguard on ArchLinux since a long time, and today I have
> some troubles to start my VPN. Here is the log
I have a simple WireGuard VPN setup I use running WG on a home Linux
box and connecting to it with several iOS clients. The server peer is
setup on port 53 since a the networkadmins of some remote WiFi
networks my mobile devices seems to block udp traffic on higher ports.
Encrypted connections wor
Hi Saeid,
Did you manage to get any further with this idea, cause I was planning on doing
something similar
Thanks,
John
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
should be in the next release (v6.2) due out before the end of the year.
Currently I am integrating the 0.0.20180809 release of Wireguard.
regards,
John Sager
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
I'm running default stable netifrc-0.5.1. I guess this is in the 0.6.X
series.. (~amd64)
I'll keep running stable thanks and copy the script as required.
Thanks,
john
On 05/08/18 10:08, Jason A. Donenfeld wrote:
On Sun, Aug 5, 2018 at 12:07 AM John Huttley wrote:
Gentoo need
Gentoo needs a script in /lib/netifrc/net for network integration with
openrc.
This exists in wireguard-0.0.20180625 not in wireguard-0.0.20180802 or git.
The package is built with "module tools".
What happened?
--john
___
WireGua
I just updated. It wanted Camera Access.
Odd..
--John
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hi team,
I want to run WG in a VM under windows with Virtual box or such.
I could use my Gentoo image, buts its 25Gb. Does anyone have an
"appliance" image?
Regards,
-Dad
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/ma
Awesome, works perfectly!
--dad
On 07/05/18 10:10, Jason A. Donenfeld wrote:
Hey John,
Sorry about that. I actually fixed this a few days ago, but we haven't
yet put out a new alpha release apk.
https://git.zx2c4.com/wireguard-android/commit/?id=8ef4a2f2f0216d5bd716d990dbf89b80868b9103
I'm just trying to set up the app to talk to my server.
Its unclear what a "configuration file" is. I've presumed it was
wg-quick compatible.
wg1.conf
[Interface]
Address = 192.168.94.13/32
PrivateKey = SNIP
[Peer]
PublicKey = SNIP
Endpoint = gatekeeper.hisdad.org:6678
Hi
we can can put comments into configuration files but on
wg show
these are lost
Request:
Add name or Description or comment field to the [peer] stanza
[Peer]
PublicKey = OYmTNf2RpiIBW4=
Endpoint = gatekeeper.hisdad.org:999
AllowedIPs = 192.168.94.0/24, 192.168.95.0/24
Hi,
I am working on a project that involves some old MIPS and ARM based
custom boards.
Current SDKs for these boards are pretty messy and there is no
documentation about the
patches that were applied to the 2.6.3x kernels in order make them
work on these boards.
So my question is how painfully wi
Does anyone have any experience with this?
Regards,
John
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hi,
Did we have to configure our interfaces with a reduced MTU (1417) after
this last update?
I've getting results reminiscent of the need for MSS clamping.
Connects ok, timeouts on transfer etc.
--John
___
WireGuard mailing list
Wire
I think an extra byte would be a great idea.
We can use that in the future to implement a user space
IUnknown/O_PONIES end to end negotiation
--John
On 8/12/2016 7:11 a.m., Jason A. Donenfeld wrote:
> Hey guys,
>
> Wireguard data packets have a 1 byte type, a 4 byte index, an 8 byt
Hmm...
Really good high level theory ...
> Don't forget we need two more things:
> * A --> C (over UDP)
> * C --> A (over UDP)
>Throw a few weird NAT/PAT and other ACLs in between and try again.
In one direction there is no need, because that's how we established the
tunnel. See below, we could
When Wireguard was first announced, there were several comments like
"Can you do DMVPM?"
So
What is DMVPN?
Do we care?
Can we do it better?
DMVPN
http://www.cisco.com/c/en/us/products/security/dynamic-multipoint-vpn-dmvpn/index.html
Is a Cisco product to lets spokes create spoke-to-spoke links i
Aha,
Yes the dmesg command has the debug output.
and the solution was to put the explicit /32 for the client on the host
not the /24
and 0.0.0.0/0 on the client.
Thanks,
John
On 14/11/16 15:59, Jason A. Donenfeld wrote:
On Mon, Nov 14, 2016 at 3:28 AM, John Huttley wrote:
I&#
some debug messages, but there is nothing.
The server has been rebooted after updating wireguard.
RFE: when the module loads and prints its test at startup, please print
its version and compile flags as well.
Regards,
John
___
WireGuard mailing
Hi Team,
I've had success with AllowedIPs = 0.0.0.0/0
but not otherwise.
Is there a way of get some debug output on this?
Regards,
John
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/wireguard
68 matches
Mail list logo
