Hi Chris!
I don't have any experience with the Android implementation specifically... but
most likely, your two tunnels have overlapping AllowedIPs ranges. When this
happens, bringing up the second interface will override the routing created by
the first interface.
Most commonly, this
me :(
>
> > On Jan 7, 2021, at 7:42 PM, Eric Light wrote:
> >
> > Corey - have you tried unsubscribing at the unsubscribe page?
> > https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.zx2c4.com%2fmailman
Corey - have you tried unsubscribing at the unsubscribe page?
https://lists.zx2c4.com/mailman/options/wireguard
Hope this helps,
E
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Fri, 8 Jan 2021, at 13:34, Corey Costello
ou need to know.
E
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Sun, 30 Aug 2020, at 21:55, Aaron Bolton wrote:
> What would be best way to bring up and down the wireguard interface
> without using wg-quick
>
> -----Original Message-
gt;
> > On 30 Aug 2020, at 00:16, Eric Light wrote:
> >
> > I believe it's both, in a way.
> >
> > As far as wg is concerned, the AllowedIPs is effectively an ACL. Any
> > traffic hitting your wireguard interface from an IP not within the
> > Al
I believe it's both, in a way.
As far as wg is concerned, the AllowedIPs is effectively an ACL. Any traffic
hitting your wireguard interface from an IP not within the AllowedIPs will
either be dropped on decryption, or won't even be decrypted. (It's one of
these, but I can't remember which)
7 Jun 2020, at 20:16, Eric Light wrote:
> As a purely Debian user, the 'service x restart' pattern is far more
> memorable than the syncconf method. I know personal preference isn't a
> great reason to add a knob, but Garrit's method is probably going to be
> much more familiar
As a purely Debian user, the 'service x restart' pattern is far more memorable
than the syncconf method. I know personal preference isn't a great reason to
add a knob, but Garrit's method is probably going to be much more familiar to
many users.
As to _when_ you'd need this... during a config
Oh, Jason, that is outstanding news! Congratulations to you and the whole team
of people who have contributed - be it developing, blog posts, or financially.
Well done, you lot!
E
Q: Why is this email five sentences or less?
A:
Congratulations Jason!! Thanks for all of your amazing work.
This feels like a great moment to visit https://www.wireguard.com/donations/
E
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Wed, 1 Aug 2018, at 07:26, Jason
Hi, Adrian!
The reason you can't have the _same_ AllowedIPs for two different peers is
because that's what's used to set the routes. How can you set two different
routes for the same destination?
So, because you're trying to set 0.0.0.0/0, there can only ever be one peer at
the end of that
Hi Reiner!
I can't figure out how that would work, considering WG is based around
crypto-key routing. How would it know where to route a given packet?
Additionally, two sets of AllowedIPs=0.0.0.0/0 would imply two different
default routes.
I just don't see how that could function, tbh. :)
of "main" that
> selects all traffic with the fwmark from wg and routes that directly to
> your external interface. Something like:
>
> from all fwmark 1234 lookup net
>
> net:
> default via dev
>
> Then add a new rule to main, that routes ip 1.2.3.4 out
Hi Reiner!
I think the problem here is your client's AllowedIPs section. If you only want
to access one address, you only enter that target IP - not the whole internet
space (0.0.0.0/0). That's why everything is being routed out via your wg0.
So you should change that client AllowedIPs to
Hi Vyacheslav,
Yes - Wireguard can handle that easily.
>From one of Jason's posts earlier in the month: "I have a script I run
during development that sets up thousands of interfaces, *each with
**hundreds of thousands of peers* [...]"
So ... you'll be fine :)
E
Hi Riccardo,
Welcome! Not off-topic at all.
Your config looks fine to my eyes; I don't think you _need_ different ports per
endpoint, but I might be wrong.
With your tcpdump, if you can see incoming ICMP requests you should see
outgoing ones too -- make sure they're not coming in on wg0 and
Hi Luis,
Welcome!
I would change your server Interface address to .1/24; .0/24 would be the
network address so would probably behave poorly.
Then I'd change your client Interface address to a /24 as well. I think
because the scope of that interface is /32, the routing table is probably not
Hi Adrián,
Sounds like you're doing something similar to what I've been playing
with. I chatted with Jason about it a bit, and he sorted me out with a
better solution - perhaps it'll work for you too:
Instead of spinning up a Masquerade rule in iptables, have you tried
just making sure that
Hi, awesome WG mailinglist!
My 18 year-old has recently moved out of home, and we're starting to
yearn for one of our traditional Starcraft matches. I thought I should
be able to do this easily with Wireguard.
The idea, generally, is that one of us would start up a game, and
Wireguard - with a
Hi all,
Wearing my 'Wireguard enthusiast who doesn't know *that* much about crypto, and
only uses WG as an end-user' hat:
It sounds to me like additional complexity, additional code, and additional
information leakage, for what seems to be a relatively uncommon scenario, which
by the sounds
For what it's worth, I agree with Lonnie that *something* is necessary.
That said, I don't feel it makes sense in the context of [Peer-
why_would_this_go_here_its_very_strange].
Having it as an attribute of the peer makes sense to me (e.g.
"Description=")... the name really IS an attribute of a
It looks ... really elegant to me. That said, it could end up being
super confusing. I definitely second Kalin's comments about adding a
comment header to /etc/resolv.conf.wg-quick.wg0
I was going to ask about unlinking, but you've addressed that in your
follow-up.
All that's left is for me to
Yeah I'm the same. :)
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Tue, 10 Oct 2017, at 13:51, Ryan Whelan wrote:
> Is there any chance this could be recorded and posted to youtube or
> the like? I personally would be
contribution to that
future!
E
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Tue, 12 Sep 2017, at 21:11, Fredrik Strömberg wrote:
> On Tue, Sep 12, 2017 at 10:08 AM, Eric Light <e...@ericlight.com> wrote:
> > For the
For the record, Mullvad are great. I've purchased a subscription there
as a direct result of their sponsorship of Wireguard. I've also
recommended it to others. :)
E
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Tue, 12
Yep you can make them permanent. Create your config in
/etc/wireguard/wg0.conf. Then run 'systemctl enable wg-quick@wg0' (assuming
you're running systemd).
wg-quick takes care of interface creation, interface and endpoint IP
addressing, routing, and peer keys; so you just create that file
Hi Sahil,
Both of your wg0 interfaces are set to 10.0.0.1/24, but both of your
AllowedIPs are set to 10.0.0.2/32 -- so neither of them are routing to
the other. For me, I'd set AllowedIPs to 10.0.0.1/24 on both laptops,
so they can each talk to 10.0.0.x.
Also, your Endpoints are both set to
27 matches
Mail list logo
