Hi Jason,
is there a way at this time (or do you intend to add it) to compress WG
streams on the fly ? (something fast and quite light, such as eg: lz4)
Jean-Yves
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
On Mon, 31 Jul 2017 18:10:39 +0200
"Jason A. Donenfeld" wrote:
> especially contentious issue because of the history of complex and
> catastrophic interactions between compression and encryption (such as
> the CRIME and BREACH attacks against TLS).
Hmm, it just made it much
On Thu, 10 Aug 2017 20:44:39 +0200
"Jason A. Donenfeld" wrote:
> Hey folks,
>
> Just FYI, I'll be out of touch for a little while on vacation.
> Development should resume at an even faster pace than before when I
> return. But, if I'm not responding to posts during the next few
On Wed, 9 Aug 2017 01:30:50 +0200
"Jason A. Donenfeld" wrote:
> That might mean printing nice messages if the correct dependency isn't
> obvious.
>
> For (1) and (2), though, what do you think of the warning I've added
> to Gentoo? That's what I meant by asking for thoughts on
Hi mailinglisters,
The goal is to build an android app in python (I just discovered
Kivy, which seems very nice) that Tx/Rx a few bytes and secure all data
using a WG tunnel.
Does WG needs a root access under android to work correctly ?
If yes, is it possible to connect to a WG server
On Tue, 8 Aug 2017 18:06:00 +0200
"Jason A. Donenfeld" wrote:
> Hey Jean-Yves,
Hey Jay,
> Just FYI, we're working on an Android app already. If you'd like to
> make one yourself, the more the merrier, I guess, but it isn't
> strictly necessary.
As I'm not a developer, please…
On Mon, 7 Aug 2017 21:05:09 +0200
"Jason A. Donenfeld" wrote:
> On Sun, Aug 6, 2017 at 10:22 PM, Jason A. Donenfeld
> wrote:
> > There's an artificial limitation of 65535 peers per interface.
>
> I've just increased this to 2^{20}, which is roughly 1 million
Hi mailing-listers,
I wonder if any of you have either made a large test or is using
WG with a large number of users, each one having his own key.
I'm talking about >> 1,000 keys (closer to 10k is better) ?
Or at least with a maximum of individual keys.
And are there hard/soft limits to this
On Sun, 6 Aug 2017 22:57:42 +0200
"Jason A. Donenfeld" <ja...@zx2c4.com> wrote:
> On Sun, Aug 06, 2017 at 10:34:12PM +0200, B wrote:
> > I guess, when you're talking about "thousands of interfaces", you
> > mean virtual ones ? Do you recall how many m
On Thu, 11 May 2017 22:32:23 +0200
"Jason A. Donenfeld" wrote:
> Hey lazylist,
>
> Since the last discussion of preshared key mode in WireGuard, we've
> made some substantial progress. Trevor and I have been working out the
> cryptodetails [1], and Kevin and I have been
On Wed, 10 May 2017 10:13:29 +0200
"Jason A. Donenfeld" wrote:
> Lower the MTU of the WireGuard interface.
Thanks, Jason, just lowering 2bytes from 1420 to 1418 is enough
to get ssh operational :)
If you have time for that, please feel free to explain me why.
JY
On Tue, 2 May 2017 19:08:10 +0200
"Jason A. Donenfeld" wrote:
> DNS is solved using the PostUp line. See the man page example -- `man
> wg-quick`.
DNS problem solved: I deactivated openresolv.
JY
___
WireGuard mailing list
On Wed, 10 May 2017 10:13:29 +0200
"Jason A. Donenfeld" wrote:
> Lower the MTU of the WireGuard interface.
Correction: 4 bytes: from 1420 to 1416; done by a PostUp.
I've also seen something that wasn't much expected:
manually changing the MTU from 1418 to 1416 on the server,
On Wed, 17 May 2017 16:01:16 +0200
"Jason A. Donenfeld" wrote:
>
> Right. I'd indeed be very amused to see a JSON parser land in the
> Linux kernel.
Perhaps, this could do the trick: https://github.com/martinh/libconfuse
Jean-Yves
Debian jessie + backports - arch amd64
Kernel 4.9.18-1~bpo8+1
wireguard-dkms 0.0.20170421-wg1~zesty
wireguard-tools 0.0.20170421-wg1~zesty
==
Hi list,
Setup:
LAN: 192.168.1.0/24
VPN: 10.11.12.0/24 (SRV: …1, CLI: …2)
(Client: AllowedIPs=0.0.0.0/0)
1- I solved
On Wed, 10 May 2017 08:31:12 +0100
Jonathon Fernyhough <jonathon.fernyho...@york.ac.uk> wrote:
> Hi Jean-Yves,
Hi Jo,
> On 09/05/17 23:32, B wrote:
> > 1- I solved the LAN being unreachable apart the endpoint and the
> > internet being completely unreachab
On Wed, 10 May 2017 23:55:14 +0200
"Jason A. Donenfeld" <ja...@zx2c4.com> wrote:
> On Wed, May 10, 2017 at 9:57 PM, B <lazyvi...@gmx.com> wrote:
> > You're right, seems tied to the 4.9 kernel &| the ifconfig program
> > as it does the same weird thing
Hi list,
I made an update that just upgraded WG to 0.0.20170517-wg2~zesty (on
Debian machines), but this time I'm left behind:
# ip link add dev wg0 type wireguard
# wg setconf wg0 vpnserver0.conf
Line unrecognized: `Address=10.11.12.1/24'
Configuration parsing error
as 'man wg-quick' still
On Wed, 24 May 2017 04:09:52 +0200
"Jason A. Donenfeld" wrote:
> As mentioned in the snapshot changelog email, PresharedKey is now a
> property of the Peer, not the Interface.
Crap, again my bad :/
> If you have lots of random questions like this, feel free to find me
> on IRC
On Wed, 24 May 2017 03:56:46 +0200
"Jason A. Donenfeld" wrote:
> wg-quick(8) is a wrapper around wg(8) that adds a few more
> configuration keys, such as "Address=", "PostUp=", and so forth. Thus,
> you should only use these augmented config files with wg-quick(8):
>
> wg-quick
On Fri, 26 May 2017 10:26:14 -0700
Steve Pagan wrote:
> I cannot download the required packages to my system. I get a 404
See: http://ppa.launchpad.net/wireguard/wireguard/ubuntu/dists/
Jean-Yves
___
WireGuard mailing list
On Fri, 26 May 2017 10:52:49 -0700
Steve Pagan wrote:
> Yup, in the process of that...a bit slow though.
Nooo, new ubuntu policy: they declare it EOL before they release *<;-{p)
Jean-Yves
___
WireGuard mailing list
On Mon, 29 May 2017 20:31:36 +
Ibrahim Tachijian wrote:
> If I understand correctly if I need to connect 10 different wg
> "clients" to one wg "server" I will require one wgX interface
> per-client on the "server".
>
> Is this correct?
No, it means you'll have wg0 and 10
On Thu, 25 May 2017 19:58:19 +0200
Kalin KOZHUHAROV <me.ka...@gmail.com> wrote:
> On Thu, May 25, 2017 at 7:13 PM, B <lazyvi...@gmx.com> wrote:
> > And BTW, it is much more dangerous to reveal your keys on the Ternet
> > than your endpoint IP address…
> >
&
Hi maillisters,
my concern is about the site's doc.
I spent a lot of time before getting the configuration files right
because of a small lack in the doc:
it is missing a few lines explaining that what's appears a "weird"
network notation has in fact 2 purposes, setting the VPN interface IP
On Tue, 2 May 2017 15:57:49 +0100
Jonathon Fernyhough wrote:
No, I mean e.g.: 10.11.12.1/24
at first, I thought it was a typo and added 2 'Address' lines in the
configuration file, one for the wg0 IP and one for the segment; but I
was wrong as the above notation
Debian jessie + backports - arch amd64
wireguard-dkms 0.0.20170421-wg1~zesty
wireguard-tools 0.0.20170421-wg1~zesty
==
Hi list,
I've a very simple setup:
LAN: 192.168.1.0/24
VPN: 10.11.12.0/24
if wg-quick raises the VPN smoothly and although it's working
On Tue, 2 May 2017 18:31:14 +0200
"Jason A. Donenfeld" wrote:
Oops, sorry for the PM, I put my answer back in the loop.
> If your wg-quick config file is in /etc/wireguard and ends in ".conf"
> then you can use `wg-quick down vpnserver`. Otherwise, please specify
> the full
On Wed, 24 May 2017 19:04:38 -0400
Text Editor wrote:
> Trying to replicate my OpenVPN routing setup, tunnel is split to go
> to /24 subnet inside OpenVPN without the default traffic going through
> it.
Hi Text Editor,
…
> I can ping the
> endpoints inside the
On Thu, 25 May 2017 20:32:01 +0100
David Woodhouse wrote:
> Why do you think that's strange? Your mail client will have two 'reply'
> buttons — one for a private reply, and another for a public/group reply
> or "reply-all".
I use claws-mail, it has 3 answers possibilities:
On Thu, 25 May 2017 20:50:14 +0100
David Woodhouse wrote:
> The list doesn't have the RFC2369 List-Post: header which would allow
> the 'Reply to List' option to work.
>
> But that's OK because I just explained to you why it's anti-social and
> shouldn't be used anyway.
If
On Mon, 22 May 2017 01:13:38 +0200
Bert Vermeulen wrote:
> That's the convoluted horror
> also known as resolvconf, and I really can't have it on my system.
+10
…
> Can this dependency please be removed?
I solved that (temporarily, I hope) with 1 line into /etc/resolvconf:
On Mon, 22 May 2017 02:41:13 +0200
"Jason A. Donenfeld" wrote:
> https://github.com/EggieCode/wireguard-ppa/issues/19
Following your comment, you could flip the resolvconf dependency from
a mandatory one to a a recommand or even a suggest, with a few comment
lines into the
On Mon, 22 May 2017 03:08:03 +0200
"Jason A. Donenfeld" <ja...@zx2c4.com> wrote:
> On Mon, May 22, 2017 at 3:02 AM, B <lazyvi...@gmx.com> wrote:
>
> > On Mon, 22 May 2017 02:41:13 +0200
> > "Jason A. Donenfeld" <ja...@zx2c4.com> wro
On Mon, 22 May 2017 03:40:36 +0200
"Jason A. Donenfeld" wrote:
Whoops, back in the loop:
> Anyway, here's the solution I'm considering at the moment:
> https://github.com/jlund/streisand/pull/702
> My Gentoo system is more click-o-matic than Ubuntu dysfunctionality.
Gentoo
35 matches
Mail list logo