On Sat, Oct 06, 2018 at 11:21:01AM +0100, Brian Candler wrote:
> My even more stupid question is "why use wireguard if the only thing it's
> carrying is ssh?" - but I guess it's a convenient way to tunnel to a network
> which doesn't have public-routed addresses.
Right -- and I also don't want to
On 06/10/2018 11:27, Roman Mamedov wrote:
(Aside: I wish ssh had a feature like SNI, so that you could build an
ssh proxy that forwards incoming connections to the right host. I have
done this before using an inbound SOCKS proxy, but it's messy to use)
What insane things people invent only not
On Sat, 6 Oct 2018 11:21:01 +0100
Brian Candler wrote:
> (Aside: I wish ssh had a feature like SNI, so that you could build an
> ssh proxy that forwards incoming connections to the right host. I have
> done this before using an inbound SOCKS proxy, but it's messy to use)
What insane things pe
On 06/10/2018 11:00, wireguard-requ...@lists.zx2c4.com wrote:
This may be a stupid question, but why do you need OpenVPN any more, if
you have Wireguard?
Because it's already there?:)
Furthermore, some members of our IT team use macs (gasp!) and for them
it would be much easier to continue to u
On Fri, Oct 05, 2018 at 06:32:44PM +0200, Matthias Urlichs wrote:
On 05.10.18 17:53, Konstantin Ryabitsev wrote:
But should the admin need to bring up the OpenVPN link
This may be a stupid question, but why do you need OpenVPN any more, if
you have Wireguard?
Because it's already there? :)
Hey Konstantin,
On Fri, Oct 5, 2018 at 5:53 PM Konstantin Ryabitsev
wrote:
> > Any reason why you can't just do
> >
> > ip rule add dport 22 lookup 2468
>
> Yeah, this works, too, and is quite a bit simpler. Jason, any reason why
> I wouldn't use this?
Definitely use that. A reason for preferrin
On 05.10.18 17:53, Konstantin Ryabitsev wrote:
> But should the admin need to bring up the OpenVPN link
This may be a stupid question, but why do you need OpenVPN any more, if
you have Wireguard?
I'd set up a simple server-side login page that allows people to use
their user+pass+TOTP to enable n
On Fri, Oct 05, 2018 at 12:03:04PM +0200, Toke Høiland-Jørgensen wrote:
> > When you're doing policy routing with packets that are being forwarded
> > by the system -- a router, for example -- then the prerouting table is
> > sufficient. But for locally generated packets, you have to use the
> > OU
On Fri, Oct 5, 2018, 12:03 Toke Høiland-Jørgensen wrote:
> "Jason A. Donenfeld" writes:
>
> > Hey Konstantin,
> >
> > When you're doing policy routing with packets that are being forwarded
> > by the system -- a router, for example -- then the prerouting table is
> > sufficient. But for locally
"Jason A. Donenfeld" writes:
> Hey Konstantin,
>
> When you're doing policy routing with packets that are being forwarded
> by the system -- a router, for example -- then the prerouting table is
> sufficient. But for locally generated packets, you have to use the
> OUTPUT table and also probably
Hey Konstantin,
When you're doing policy routing with packets that are being forwarded
by the system -- a router, for example -- then the prerouting table is
sufficient. But for locally generated packets, you have to use the
OUTPUT table and also probably MASQUERADE. I just reproduced
everything h
Hi, all:
I'm trying to figure out the right PostUP/PostDown incantations to send
just ssh traffic (on port tcp/22) via the wg tunnel, but I'm having a
bit of a hard time. I should be able to do this with --set-mark for
iptables/PREROUTING and a fwmark ip route rule, but it doesn't appear to
be wor
12 matches
Mail list logo