Re: WG interface to ipv4

On May 6, 2018 6:33 PM, ѽ҉ᶬḳ℠ wrote: > Depends perhaps a bit of what the (long term) aim/goal of the WG is - > > whether to be a niche product for enthusiasts (only guessing here that > > this is the current state) or to make it into the > > mainstream/corporate/commercial

Re: WG interface to ipv4

On May 7, 2018 10:24 AM, ѽ҉ᶬḳ℠ wrote: > > SSH is different for two reasons: It runs over TCP, and it runs in > > > > userspace. > > > > Secondly, because SSH runs in userspace, a lot of the processing (such > > > > as the TCP handshake) is done by the kernel on the application's

Re: WG interface to ipv4

On May 6, 2018 10:58 AM, ѽ҉ᶬḳ℠ wrote: > > Why? Can you outline the threat model? > > > > As I mentioned earlier, to disable v6 socket creation, pass > > > > ipv6.disable=1 on the kernel command line, or just unload the v6 > > > > module. If you're worried about the Linux v6

Re: PostUp/PreUp/PostDown/PreDown Dangerous?

On June 22, 2018 9:26 PM, Lonnie Abelbeck wrote: > How about not supporting direct execution of commands in the config > [Interface] section but rather support an optional path to where a fixed > command (ex. wireguard.script) is found... > > >

Wireguard doesn't work with Linux 4.18-rc1

Hi, I can't make wireguard work with linux 4.18-rc1 and mainline from 06.22.2018. sudo wg-quick up abc [#] ip link add abc type wireguard [#] wg setconf abc /dev/fd/xx [#] ip address add xx.xx.xx.xxx/xx dev abc [#] ip link set mtu 1420 dev abc [#] ip link set abc up [#] resolvconf -a abc -m 0 -x

Re: Wireguard doesn't work with Linux 4.18-rc1

On June 23, 2018 3:35 PM, Bruno Wolff III wrote: > On Sat, Jun 23, 2018 at 08:23:08 -0400, > > Jordan Glover golden_mille...@protonmail.ch wrote: > > > Hi, > > > > I can't make wireguard work with linux 4.18-rc1 and mainline from > > > > 06.22.20

Re: Wireguard doesn't work with Linux 4.18-rc1

On June 23, 2018 6:01 PM, Jason A. Donenfeld wrote: > Working on it: > > https://marc.info/?l=linux-netdev=152976958325076=2 I can confirm that your patch fixes this issue. Thank you for help. Jordan ___ WireGuard mailing list

Re: PostUp/PreUp/PostDown/PreDown Dangerous?

On June 22, 2018 3:56 AM, Antonio Quartulli wrote: > > In case this might be useful: in OpenVPN there is an additional > > parameter called "--script-security" that requires to be set to a > > certain level before allowing configured scripts to be executed. > > Unfortunately there is no real

Re: [PATCH 1012/1012] Support for unicode interface names: only '%', ':' and '/' must be avoided

‐‐‐ Original Message ‐‐‐ On August 25, 2018 5:50 PM, Jorge AC wrote: > Thank you for checking my regex with the kernel code lines :-) > > Definetly is insanity what drives me, I enjoy naming interfaces with > unicodes like ☢. > > Nevertheless, thinking about a legit use, it could be a

Re: wireguard dkms systemd

‐‐‐ Original Message ‐‐‐ On Saturday, October 20, 2018 10:59 PM, Lucian Cristian wrote: > updating the wireguard module on systemd based linux gives > > Warning: The unit file, source configuration file or drop-ins of > wg-quick@wg0.service changed on disk. Run 'systemctl daemon-reload'

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20181007` Available

‐‐‐ Original Message ‐‐‐ On Sunday, October 7, 2018 5:20 PM, Jason A. Donenfeld wrote: > Hello, > > A new snapshot, `0.0.20181007`, has been tagged in the git repository. > > Please note that this snapshot is, like the rest of the project at this point > in time, experimental, and does

Re: binary module for arch?

On Monday, December 31, 2018 5:11 PM, John wrote: > My recommendation is to change the wording under the command on your > install page to something like: "Users of the distro provided kernels > (linux and linux-lts) may download the requisite corresponding > precompiled wireguard module. Users

Re: Cannot compile Noise.c on Kernel 5.0?

On Wednesday, January 16, 2019 5:37 PM, Sam Cater wrote: > Hi Wireguard Mailing List, > > Probably going to be showing a lot of ignorance here! > > Wireguard has run fine on this system in the past, but today I tried to > build 20181218 on self-built 5.0 kernel (which in and of itself seems >

Re: Build fails on Debian, kernel 4.20.0-rc4

On Sunday, December 2, 2018 12:38 AM, Laszlo KERTESZ wrote: > On Sun, Dec 2, 2018 at 1:26 AM Tushar Pankaj > wrote: > >> Does it have to do with macros.S having a capital S extension? >> >> Thanks, >> Tushar Pankaj > > Probably not. I don't have any "arch/x86/kernel/macros.s" file (actually

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20181119` Available

On Monday, November 19, 2018 6:27 PM, Jason A. Donenfeld wrote: > Hello, > > A new snapshot, `0.0.20181119`, has been tagged in the git repository. > > Please note that this snapshot is, like the rest of the project at this point > in time, experimental, and does not consitute a real release

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20181119` Available

On Monday, November 19, 2018 8:02 PM, Jason A. Donenfeld wrote: > Hi Jordan, > On Mon, Nov 19, 2018 at 7:04 PM Jordan Glover > golden_mille...@protonmail.ch wrote: > > > It fails to build for me (doing in-kernel build with Linux 4.20rc3 and > > WireGuard/contrib/ker

Re: bypassing wireguard using firejail

On Friday, May 10, 2019 11:54 AM, Sitaram Chamarty wrote: > I am able to bypass the VPN by using firejail (which is a > sandbox program to run untrusted applications). > > Below, the IP addresses and domain names are fake but that > should not matter: > > # wg > interface: wg0 > public key:

Re: [PATCH] treewide: more portable bash shebangs

On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim wrote: > While /usr/bin/env is more or less available on all POSIX systems > /bin/bash might not be. This is particular the case on NixOS and the BSD > family (/usr/local/bin/bash). Downstream packagers would often rewrite > those shebangs back

Re: [PATCH] treewide: more portable bash shebangs

On Tuesday, July 16, 2019 10:08 PM, Jörg Thalheim wrote: > On 16/07/2019 18.32, Jordan Glover wrote: > > > On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim jo...@higgsboson.tk wrote: > > > > > While /usr/bin/env is more or less available on all POSIX sy

Re: [PATCH] treewide: more portable bash shebangs

On Wednesday, July 17, 2019 6:39 PM, Jörg Thalheim wrote: > > It does not make anything worse. Your threat model is unreasonable and out of > scope > of what the scripts are intended to guarantee. > There are tones of other environment variables like LD_PRELOAD or > LD_LIBRARY_PATH And how

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20191205` Available

On Friday, December 6, 2019 5:35 PM, Jason A. Donenfeld wrote: > Looks like an arch problem or a libnftnl problem. I've made a minimal > reproducer: > > printf 'filter\nCOMMIT\nraw\nCOMMIT\n*mangle\nCOMMIT\n' | sudo > iptables-nft-restore -n > > I filed a bug report on Arch:

Re: Regarding "Inferring and hijacking VPN-tunneled TCP connections"

On Thursday, December 5, 2019 8:24 PM, Jason A. Donenfeld wrote: > > If we can make nft coexistance work reliably, perhaps we can run the > nft rule on systems where the nft binary simply exists. > Will this work correctly on systems where nft binary exist but only iptables rules are used?

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20191205` Available

On Thursday, December 5, 2019 10:55 AM, Jason A. Donenfeld wrote: > Hello, > > A new snapshot, `0.0.20191205`, has been tagged in the git repository. > > Please note that this snapshot is a snapshot rather than a final > release that is considered secure and bug-free. WireGuard is generally >

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20191205` Available

On Friday, December 6, 2019 3:20 PM, Jason A. Donenfeld wrote: > On Fri, Dec 6, 2019 at 4:11 PM Jordan Glover > golden_mille...@protonmail.ch wrote: > > > Hi, this release cause coredump on wg-quick down action: > > systemd[1]: Stopping WireGuard via wg-quick(8) for wg0

Re: Regarding "Inferring and hijacking VPN-tunneled TCP connections"

On Friday, December 6, 2019 4:03 PM, Vasili Pupkin wrote: > On 06.12.2019 18:08, Jason A. Donenfeld wrote: > > > On Fri, Dec 6, 2019 at 4:06 PM Jordan Glover > > golden_mille...@protonmail.ch wrote: > > > > > On Thursday, December 5, 2019 8:24 PM, Jason A. Donen

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20191205` Available

On Friday, December 6, 2019 3:52 PM, Jason A. Donenfeld wrote: > On Fri, Dec 6, 2019 at 4:36 PM Jordan Glover > golden_mille...@protonmail.ch wrote: > > > iptables is from Arch Linux iptables-nft package: > > $ iptables --version > > iptables v1.8.3 (nf_tables) &

Re: [PATCH] wg-quick: linux: add support for nft and prefer it

On Tuesday, December 10, 2019 3:48 PM, Jason A. Donenfeld wrote: > If nft(8) is installed, use it. These rules should be identical to the > iptables-restore(8) ones, with the advantage that cleanup is easy > because we use custom table names. > I wonder if nft should be used only if iptables

Re: [PATCH] wg-quick: linux: add support for nft and prefer it

On Tuesday, December 10, 2019 4:54 PM, Jason A. Donenfeld wrote: > On Tue, Dec 10, 2019 at 5:52 PM Jordan Glover > golden_mille...@protonmail.ch wrote: > > > On Tuesday, December 10, 2019 3:48 PM, Jason A. Donenfeld ja...@zx2c4.com > > wrote: > > > &

Re: [PATCH] wg-quick: linux: add support for nft and prefer it

On Tuesday, December 10, 2019 7:15 PM, Jason A. Donenfeld wrote: > On Tue, Dec 10, 2019 at 7:58 PM Jordan Glover > golden_mille...@protonmail.ch wrote: > > > On Tuesday, December 10, 2019 5:36 PM, Jason A. Donenfeld ja...@zx2c4.com > > wrote: > > > > >