Re: Python Wrapper for wireguard-tools

At this point, it's very old and not in use, but I once worked on a project that would wrap the `wg` command in python. If helpful, I posted it here: https://gist.github.com/rwhelan/f46d1f6f07df71f1bd1786eda447b97f I don't think its feature complete as it was only used internally for a project

Wireguard Bug?

I am building a system which coordinates the meshing of wireguard devices. Currently, all the devices are running on an embedded platform (AMD Geode LX500) and works as expected. However, when introducing a 64bit KVM host for testing, all the 32bit hosts running on the Geode platform, report the

Re: Use of __kernel_timespec in userspace genetlink API

Sorry to be dense, but given commit c870c7a; the timespec struct will be 16 bytes in size, regardless of the arch? 32/64bit x86 and 32/64bit ARM? On Mon, Apr 22, 2019 at 2:15 PM Tharre wrote: > On 04/18, Matt Layher wrote: > > My C experience is very limited, and I have no experience working

Netlink Protocol

I'm assuming the in-kernel version of wiregaurd on Linux configured via Netlink- if so, is the protocol documented? thanks ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Routing only to latest peer in the config list seems to work

You're using the same AllowedIPs for multiple peers. On Thu, Sep 6, 2018 at 12:15 PM wrote: > Hi, > > I have the problem with my wireguard server, that only the latest user > "peer" from the server config can route/ping to the internal wireguard > server IP or the clients in the network behind

Re: peer key in file

if using bash - wg set tun0 peer $(cat peerfile) allowed-ips 0.0.0.0/0 endpoint 192.168.0.1:7394 On Sat, Jun 2, 2018 at 4:12 PM Jungle Boogie wrote: > Hi All, > > I know the private key can be specified via file, but what about the peer > key? > > wg set tun0 peer ./peerfile allowed-ips

Re: Where to download old snapshots

On Tue, May 29, 2018 at 8:06 PM Jason A. Donenfeld wrote: > On Wed, May 30, 2018 at 1:48 AM, Tharre wrote: > > On 05/29, Eddie wrote: > >> Where can I download a copy of those, as the repository only appears to > hold > >> the latest and minus one. > > > > The repo[0] shows snapshots till

Re: Recommended Mini-VM image?

I use buildroot (buildroot.org) to build linux for my WG devices. The x86 version ends up being ~20Mb in size and when bundling the userspace into the init in the kernel, it runs completely from memory. On Tue, May 29, 2018 at 1:36 AM John Huttley wrote: > Hi team, > I want to run WG in a VM

Dead peer detection

I thought this conversation had been had in the past, but I can not find it so forgive me if I'm rehashing something thats been discussed already. How do you guys detect dead peers? Actively via a ping or passively via the 'latest handshake' (once it gets past a certain age, you assume the peer

Re: PMTU Discovery Security Concerns

I don't have an actual fix; but is something that could have a switch that could be configured per interface? I know knobs and controls aren't really desirable, but if Off by default, it would encourage those turning it on to understand what they're exposing. $0.02 On Sun, Apr 15, 2018 at 10:08

Re: Babel over wireguard

If you're gauging interest, I would be very interested in using unicast atop Wireguard for routing selection Thank you for the explanation; very helpful. On Wed, Dec 6, 2017 at 8:11 AM, Toke Høiland-Jørgensen <t...@toke.dk> wrote: > Ryan Whelan <rcwhe...@gmail.com> writes: >

Re: Babel over wireguard

, 2017 at 7:33 AM, Toke Høiland-Jørgensen <t...@toke.dk> wrote: > > > On 6 December 2017 13:07:56 CET, Ryan Whelan <rcwhe...@gmail.com> wrote: > >I'm looking to run babel over wireguard links and running into issues. > >I > >seem to be unable to get Bird o

Babel over wireguard

I'm looking to run babel over wireguard links and running into issues. I seem to be unable to get Bird or the reference implementation of Babel to bind to any wireguard interfaces. Is this a known issue? or has anyone found a config that works? thanks!

Re: Another allowed-ips question

On Wed, Nov 22, 2017 at 6:51 PM, Jason A. Donenfeld wrote: > Hi Ryan, > > Sorry for the delayed response. The high volume and churn of > development recently has gotten me a bit behind on the mail queue and > rather confused. > > You wrote: > > what i'm struggling with is if

Another allowed-ips question

I'm working on a system where Wireguard machines can connect directly to one another as well as communicate with one another via an intermediary router (or 'server'). When 2 machines directly connect to one another, the allowed-ips setting is obviously a non-issue; what i'm struggling with is if

Re: October, Paris, France - Meticulous In-person WireGuard Codebase Study Session

Is there any chance this could be recorded and posted to youtube or the like? I personally would be very interested in this knowledge, but will not be able to attend. On Mon, Oct 9, 2017 at 7:19 PM, Jason A. Donenfeld wrote: > Hey folks, > > A few friends asked if I'd do a

Re: Specifying the source port

o control the source port. > If you don't believe me, try running tcpdump and you'll see. > > On May 4, 2017 20:41, "Ryan Whelan" <rcwhe...@gmail.com> wrote: > >> If i'm not mistaken that sets the listing port on one end (Peer 'A') of >> the connection. Peer