About compression

Hi Jason, is there a way at this time (or do you intend to add it) to compress WG streams on the fly ? (something fast and quite light, such as eg: lz4) Jean-Yves ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: About compression

On Mon, 31 Jul 2017 18:10:39 +0200 "Jason A. Donenfeld" wrote: > especially contentious issue because of the history of complex and > catastrophic interactions between compression and encryption (such as > the CRIME and BREACH attacks against TLS). Hmm, it just made it much

Re: Off the grid

On Thu, 10 Aug 2017 20:44:39 +0200 "Jason A. Donenfeld" wrote: > Hey folks, > > Just FYI, I'll be out of touch for a little while on vacation. > Development should resume at an even faster pace than before when I > return. But, if I'm not responding to posts during the next few

Re: Advising in packages to load new module or reboot

On Wed, 9 Aug 2017 01:30:50 +0200 "Jason A. Donenfeld" wrote: > That might mean printing nice messages if the correct dependency isn't > obvious. > > For (1) and (2), though, what do you think of the warning I've added > to Gentoo? That's what I meant by asking for thoughts on

silly (?) questions

Hi mailinglisters, The goal is to build an android app in python (I just discovered Kivy, which seems very nice) that Tx/Rx a few bytes and secure all data using a WG tunnel. Does WG needs a root access under android to work correctly ? If yes, is it possible to connect to a WG server

Re: silly (?) questions

On Tue, 8 Aug 2017 18:06:00 +0200 "Jason A. Donenfeld" wrote: > Hey Jean-Yves, Hey Jay, > Just FYI, we're working on an Android app already. If you'd like to > make one yourself, the more the merrier, I guess, but it isn't > strictly necessary. As I'm not a developer, please…

Re: Many users

On Mon, 7 Aug 2017 21:05:09 +0200 "Jason A. Donenfeld" wrote: > On Sun, Aug 6, 2017 at 10:22 PM, Jason A. Donenfeld > wrote: > > There's an artificial limitation of 65535 peers per interface. > > I've just increased this to 2^{20}, which is roughly 1 million

Many users

Hi mailing-listers, I wonder if any of you have either made a large test or is using WG with a large number of users, each one having his own key. I'm talking about >> 1,000 keys (closer to 10k is better) ? Or at least with a maximum of individual keys. And are there hard/soft limits to this

Re: Many users

On Sun, 6 Aug 2017 22:57:42 +0200 "Jason A. Donenfeld" <ja...@zx2c4.com> wrote: > On Sun, Aug 06, 2017 at 10:34:12PM +0200, B wrote: > > I guess, when you're talking about "thousands of interfaces", you > > mean virtual ones ? Do you recall how many m

Re: Preshared Key Rework Coming Soon

On Thu, 11 May 2017 22:32:23 +0200 "Jason A. Donenfeld" wrote: > Hey lazylist, > > Since the last discussion of preshared key mode in WireGuard, we've > made some substantial progress. Trevor and I have been working out the > cryptodetails [1], and Kevin and I have been

Re: SSH stuck

On Wed, 10 May 2017 10:13:29 +0200 "Jason A. Donenfeld" wrote: > Lower the MTU of the WireGuard interface. Thanks, Jason, just lowering 2bytes from 1420 to 1418 is enough to get ssh operational :) If you have time for that, please feel free to explain me why. JY

Re: wg-quick can't down my vpn I/F and DNS problem

On Tue, 2 May 2017 19:08:10 +0200 "Jason A. Donenfeld" wrote: > DNS is solved using the PostUp line. See the man page example -- `man > wg-quick`. DNS problem solved: I deactivated openresolv. JY ___ WireGuard mailing list

Re: SSH stuck

On Wed, 10 May 2017 10:13:29 +0200 "Jason A. Donenfeld" wrote: > Lower the MTU of the WireGuard interface. Correction: 4 bytes: from 1420 to 1416; done by a PostUp. I've also seen something that wasn't much expected: manually changing the MTU from 1418 to 1416 on the server,

Re: Text-based IPC for Userspace Implementations

On Wed, 17 May 2017 16:01:16 +0200 "Jason A. Donenfeld" wrote: > > Right. I'd indeed be very amused to see a JSON parser land in the > Linux kernel. Perhaps, this could do the trick: https://github.com/martinh/libconfuse Jean-Yves

SSH stuck

Debian jessie + backports - arch amd64 Kernel 4.9.18-1~bpo8+1 wireguard-dkms 0.0.20170421-wg1~zesty wireguard-tools 0.0.20170421-wg1~zesty == Hi list, Setup: LAN: 192.168.1.0/24 VPN: 10.11.12.0/24 (SRV: …1, CLI: …2) (Client: AllowedIPs=0.0.0.0/0) 1- I solved

Re: SSH stuck

On Wed, 10 May 2017 08:31:12 +0100 Jonathon Fernyhough <jonathon.fernyho...@york.ac.uk> wrote: > Hi Jean-Yves, Hi Jo, > On 09/05/17 23:32, B wrote: > > 1- I solved the LAN being unreachable apart the endpoint and the > > internet being completely unreachab

Re: SSH stuck

On Wed, 10 May 2017 23:55:14 +0200 "Jason A. Donenfeld" <ja...@zx2c4.com> wrote: > On Wed, May 10, 2017 at 9:57 PM, B <lazyvi...@gmx.com> wrote: > > You're right, seems tied to the 4.9 kernel &| the ifconfig program > > as it does the same weird thing

What has changed in the configuration file?

Hi list, I made an update that just upgraded WG to 0.0.20170517-wg2~zesty (on Debian machines), but this time I'm left behind: # ip link add dev wg0 type wireguard # wg setconf wg0 vpnserver0.conf Line unrecognized: `Address=10.11.12.1/24' Configuration parsing error as 'man wg-quick' still

Re: What has changed in the configuration file?

On Wed, 24 May 2017 04:09:52 +0200 "Jason A. Donenfeld" wrote: > As mentioned in the snapshot changelog email, PresharedKey is now a > property of the Peer, not the Interface. Crap, again my bad :/ > If you have lots of random questions like this, feel free to find me > on IRC

Re: What has changed in the configuration file?

On Wed, 24 May 2017 03:56:46 +0200 "Jason A. Donenfeld" wrote: > wg-quick(8) is a wrapper around wg(8) that adds a few more > configuration keys, such as "Address=", "PostUp=", and so forth. Thus, > you should only use these augmented config files with wg-quick(8): > > wg-quick

Re: Repo broken?

On Fri, 26 May 2017 10:26:14 -0700 Steve Pagan wrote: > I cannot download the required packages to my system. I get a 404 See: http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/ Jean-Yves ___ WireGuard mailing list

Re: Repo broken?

On Fri, 26 May 2017 10:52:49 -0700 Steve Pagan wrote: > Yup, in the process of that...a bit slow though. Nooo, new ubuntu policy: they declare it EOL before they release *<;-{p) Jean-Yves ___ WireGuard mailing list

Re: Multiple peers to one wireguard "server"

On Mon, 29 May 2017 20:31:36 + Ibrahim Tachijian wrote: > If I understand correctly if I need to connect 10 different wg > "clients" to one wg "server" I will require one wgX interface > per-client on the "server". > > Is this correct? No, it means you'll have wg0 and 10

Re: Can't seem to split tunnel using tables the way I can in OpenVPN

On Thu, 25 May 2017 19:58:19 +0200 Kalin KOZHUHAROV <me.ka...@gmail.com> wrote: > On Thu, May 25, 2017 at 7:13 PM, B <lazyvi...@gmx.com> wrote: > > And BTW, it is much more dangerous to reveal your keys on the Ternet > > than your endpoint IP address… > > &

Doc enhancement

Hi maillisters, my concern is about the site's doc. I spent a lot of time before getting the configuration files right because of a small lack in the doc: it is missing a few lines explaining that what's appears a "weird" network notation has in fact 2 purposes, setting the VPN interface IP

Re: Doc enhancement

On Tue, 2 May 2017 15:57:49 +0100 Jonathon Fernyhough wrote: No, I mean e.g.: 10.11.12.1/24 at first, I thought it was a typo and added 2 'Address' lines in the configuration file, one for the wg0 IP and one for the segment; but I was wrong as the above notation

wg-quick can't down my vpn I/F and DNS problem

Debian jessie + backports - arch amd64 wireguard-dkms 0.0.20170421-wg1~zesty wireguard-tools 0.0.20170421-wg1~zesty == Hi list, I've a very simple setup: LAN: 192.168.1.0/24 VPN: 10.11.12.0/24 if wg-quick raises the VPN smoothly and although it's working

Re: wg-quick can't down my vpn I/F and DNS problem

On Tue, 2 May 2017 18:31:14 +0200 "Jason A. Donenfeld" wrote: Oops, sorry for the PM, I put my answer back in the loop. > If your wg-quick config file is in /etc/wireguard and ends in ".conf" > then you can use `wg-quick down vpnserver`. Otherwise, please specify > the full

Re: Can't seem to split tunnel using tables the way I can in OpenVPN

On Wed, 24 May 2017 19:04:38 -0400 Text Editor wrote: > Trying to replicate my OpenVPN routing setup, tunnel is split to go > to /24 subnet inside OpenVPN without the default traffic going through > it. Hi Text Editor, … > I can ping the > endpoints inside the

Re: Can't seem to split tunnel using tables the way I can in OpenVPN

On Thu, 25 May 2017 20:32:01 +0100 David Woodhouse wrote: > Why do you think that's strange? Your mail client will have two 'reply' > buttons — one for a private reply, and another for a public/group reply > or "reply-all". I use claws-mail, it has 3 answers possibilities:

Re: Can't seem to split tunnel using tables the way I can in OpenVPN

On Thu, 25 May 2017 20:50:14 +0100 David Woodhouse wrote: > The list doesn't have the RFC2369 List-Post: header which would allow > the 'Reply to List' option to work. > > But that's OK because I just explained to you why it's anti-social and > shouldn't be used anyway. If

Re: openresolv dependency

On Mon, 22 May 2017 01:13:38 +0200 Bert Vermeulen wrote: > That's the convoluted horror > also known as resolvconf, and I really can't have it on my system. +10 … > Can this dependency please be removed? I solved that (temporarily, I hope) with 1 line into /etc/resolvconf:

Re: openresolv dependency

On Mon, 22 May 2017 02:41:13 +0200 "Jason A. Donenfeld" wrote: > https://github.com/EggieCode/wireguard-ppa/issues/19 Following your comment, you could flip the resolvconf dependency from a mandatory one to a a recommand or even a suggest, with a few comment lines into the

Re: openresolv dependency

On Mon, 22 May 2017 03:08:03 +0200 "Jason A. Donenfeld" <ja...@zx2c4.com> wrote: > On Mon, May 22, 2017 at 3:02 AM, B <lazyvi...@gmx.com> wrote: > > > On Mon, 22 May 2017 02:41:13 +0200 > > "Jason A. Donenfeld" <ja...@zx2c4.com> wro

Re: openresolv dependency

On Mon, 22 May 2017 03:40:36 +0200 "Jason A. Donenfeld" wrote: Whoops, back in the loop: > Anyway, here's the solution I'm considering at the moment: > https://github.com/jlund/streisand/pull/702 > My Gentoo system is more click-o-matic than Ubuntu dysfunctionality. Gentoo