Correction
Le 25/08/2021 à 17:25, Daniel a écrit :
Hi list,
I setup wireguard on a server running Debian 11 and get it to work with
2 clients (Debian 11 and Ubuntu 20.04). Clients and server are on
separate networks, one client behind a FW the other direct on Internet,
no FW at all (VPS
ipv6 address of the server is affected _to the
wireguard interface_ (in ipv4 it's another interface who take care of
the public address)
Server version is wireguard-tools v1.0.20210223.
If someone have any hint, thanks to share ;)
--
Daniel
Hi ROman
Le 27/08/2021 à 18:14, Roman Mamedov a écrit :
On Thu, 26 Aug 2021 13:14:00 +0200
Daniel wrote:
Correction
Le 25/08/2021 à 17:25, Daniel a écrit :
Hi list,
I setup wireguard on a server running Debian 11 and get it to work with
2 clients (Debian 11 and Ubuntu 20.04). Clients and
er bar. Or maybe not all of them, but just UDP, for example.
But yeah, 1280 is worth trying as well, maybe Daniel has a similar issue.
As for me I am using MTU 1412 WG over IPv6 on a 1492 MTU underlying link just
fine.
After lot of few testings, I think the problem is elsewhere. Setup of
Le 30/08/2021 à 18:43, Roman Mamedov a écrit :
On Mon, 30 Aug 2021 12:24:01 +0200
Daniel wrote:
Using tcpdump -i any I see the trafic coming to the gre interface and
that's all. But netstat show
udp6 0 0 :::12345 :::*
0 125391 -
and ps aux output is
dh@peech:
Le 30/08/2021 à 19:38, Roman Mamedov a écrit :
On Mon, 30 Aug 2021 19:28:11 +0200
Daniel wrote:
To be sure (and I think it is as I have no problem with ipv4):
. my interfaces are named wig4tootai our wigserver Nothing wrong here ?
. conf file are not named .conf but server.conf or
Hi
Le 30/08/2021 à 19:59, Roman Mamedov a écrit :
On Mon, 30 Aug 2021 19:44:21 +0200
Daniel wrote:
Do you get WG working at all, between some other two hosts (not involving this
particular server for now)?
Yes. Clients are shown on both sides as connected, trafic seems to go
out on each
Again :)
Le 31/08/2021 à 19:50, Daniel a écrit :
Hi
Le 30/08/2021 à 19:59, Roman Mamedov a écrit :
On Mon, 30 Aug 2021 19:44:21 +0200
Daniel wrote:
Do you get WG working at all, between some other two hosts (not
involving this
particular server for now)?
Yes. Clients are shown on both
Hello
Le 30/08/2021 à 19:59, Roman Mamedov a écrit :
On Mon, 30 Aug 2021 19:44:21 +0200
Daniel wrote:
Do you get WG working at all, between some other two hosts (not involving this
particular server for now)?
Yes. Clients are shown on both sides as connected, trafic seems to go
out on each
ernel.
What am I missing here ?
--
Daniel
id 18272, seq 5,
length 64
19:23:50.287509 lo In IP6 fd99:1234:beef:cafe:fade::7fff >
fd99:1234:beef:cafe:fade::7000: ICMP6, echo reply, id 18272, seq 5,
length 64
Any clue on this ?
Thanks for your support
Daniel
--
Daniel
Hi
Le 14/09/2021 à 18:45, Daniel a écrit :
Hi all,
I use wireguard between 2 Debian11 and face a problem: traffic goes in
to wireguard interface/ip address but goes out with lo as interface
with the right ip address
19:23:50.287492 wig0 In IP6 fd99:1234:beef:cafe:fade::7000 >
fd99:1
Hi All,
I installed Asahi/Debian Bookworm from
https://git.zerfleddert.de/cgi-bin/gitweb.cgi/m1-debian/
and face a problem: installing wireguard shipped the Debian arm kernel
and I can't get wg to work.
Is there a solution for this ?
--
Daniel
OK, wg is in the kernel, sorry to have bother you.
Le 01/12/2022 à 13:24, Daniel a écrit :
Hi All,
I installed Asahi/Debian Bookworm from
https://git.zerfleddert.de/cgi-bin/gitweb.cgi/m1-debian/
and face a problem: installing wireguard shipped the Debian arm kernel
and I can't get
Hello. Would it be possible to add the PostUp and PostDown commands in
peer section ?
Ex. of use case: dynamically add route when a peer connect
Have a nice day
--
Daniel
get failover working
properly with wireguard ?
Thanks for any hint
--
Daniel
Hi Daniel
Le 01/08/2023 à 00:27, Daniel Gröber a écrit :
Hi Daniel,
On Mon, Jul 31, 2023 at 11:39:35PM +0200, Daniel wrote:
I create a hostname with few IPs v4 & v6 for my wireguard server. I faced
today a problem that after a failure with the ip a customer wg was
registered, it continu
s and that didn't work. I also
tired similar app called vpn/wireguard policy routing and it didnt work
aswell. I'm using PPPoE on the WAN. I hope you can help me
I know that "notoif" is in the works. That will make things easier in the
fu
Giving another stab at this, after my (quite's) initial though on IRC
Daniel Lublin (1):
wg(8): rephrase wording on AllowedIPs
src/tools/wg.8 | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
--
2.16.1
___
WireGuard mailing
---
src/tools/wg.8 | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/tools/wg.8 b/src/tools/wg.8
index 49dc15b..b49fb7a 100644
--- a/src/tools/wg.8
+++ b/src/tools/wg.8
@@ -143,12 +143,12 @@ and may be omitted. This option adds an additional layer
of symmetric-k
dule build on kernel: 4.15.0-102-generic
(x86_64)
Consult /var/lib/dkms/wireguard/1.0.20200520/build/make.log for more
information.
Crash file attached.
Would be grateful if anyone could advise.
All the best
Daniel
ProblemType: Package
DKMSBuildLog:
DKMS make.log for wireguard-1.0.20200520
g-quick working as expected or did I miss
something? If my config is correct, wouldn't it be a good idea to let
wg-quick check if the endpoint is inside the allowed IPs and add the
route I am creating in the PostUp line automatically?
--
Daniel
Hi,
I would like to get some stickers to our hackerspace in Graz/Austria
realraum.at
Looking forward to hear from you,
Daniel
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hi Folks,
On 25/11, Jason A. Donenfeld wrote:
So, if any of you on this list are into building your own Android ROMs
and would like to give this a try, don't hesitate to see what happens
when you link to that repo via the manifest xml. Let me know how it
goes.
Jason asked me to chime in with m
require either operating system tunnel/network interface support
or Linux in particular.
Daniel
Hi,
My ios version is outdated with TestFlight.
Thanks
On Tue, Apr 6, 2021 at 5:17 PM Jason A. Donenfeld wrote:
> It's pretty typical behavior on Windows for IP addresses to be
> exclusive per interface. WireGuard for Windows does something similar:
> https://git.zx2c4.com/wireguard-windows/tree/tunnel/addressconfig.go#n22
Thank you! That's very inte
On Wed, Apr 7, 2021 at 1:18 AM David Woodhouse wrote:
>
> On Tue, 2021-04-06 at 18:17 -0600, Jason A. Donenfeld wrote:
> > With regards to permissions, you must be Local System, which is
> > already the case if you're running inside a service. If you'd like to
> > run as a mere Administrator proce
On Wed, Apr 7, 2021 at 4:49 AM David Woodhouse wrote:
> If WintunSendPacket took an additional 'offset' argument to disregard a
> certain number of bytes at the beginning of the buffer, that would
> probably suffice. Or is it possible to simply add to the pointer
> returned by WintunAllocateSendPa
On Thu, Apr 8, 2021 at 1:46 AM David Woodhouse wrote:
> Unless netsh will do it for us when we ask *it* to set the IP address?
> OpenConnect doesn't normally bother itself with administrivia like setting IP
> addresses; its job is to pass packets.
I'm afraid not. I tried playing around with var
On Thu, Apr 8, 2021 at 7:37 AM David Woodhouse wrote:
> =
> PPP over DTLS
> =
>
> We just added support for the PPP-based protocols (Fortinet, F5) and
> I'm not sure we even know what the DTLS-based version looks like on the
> wire, do we? If the header is 4 bytes or few
On Thu, Apr 8, 2021 at 10:10 AM David Woodhouse wrote:
> On Thu, 2021-04-08 at 09:42 -0700, Daniel Lenski wrote:
> > On Thu, Apr 8, 2021 at 7:37 AM David Woodhouse wrote:
> > > If we do need a header larger than 4 bytes, then we are forced to do
> > > things proper
On Thu, Apr 8, 2021 at 9:59 AM David Woodhouse wrote:
> Hm, your description doesn't match the code I see at that link.
>
> You're using GetAdaptersAddresses() which gives you the UP/DOWN status
> as well as the addresses, and you iterate over those. The loop is
>
> ∀ adapter, ∀ Unicast address o
On Sat, Apr 10, 2021 at 7:35 AM David Woodhouse wrote:
> On Sat, 2021-04-10 at 13:38 +, Simon Rozman wrote:
> > Hi David,This is my proposal:
> > https://git.zx2c4.com/wintun/commit/?id=eebd6aea4f75551f6e847a1d4fff857450bac6e9
> > Awaiting review and zx2c4 approval.
> > Regards, Simon
>
>
> Lo
assume this is true by default, but I haven't found any
information about it, and as VoIP performance under load isn't as great
as I was expecting, I'm now writing to you here, hoping for a meaningful
answer which will preserve me from having to read the actual code...
Thank you for all the great work!
Best regards
Daniel
sumption may not always
be true
* patch wireguard kernel code to allow preserving inner DSCP bits.
=> even only having 2 differentl classes of traffic (critical vs.
bulk) would already help a lot...
What do you think? Any other ideas?
Cheers
Daniel
Hi Florent,
On Thu, Jun 17, 2021 at 07:55:09AM +, Florent Daigniere wrote:
> On Thu, 2021-06-17 at 01:33 +0200, Toke Høiland-Jørgensen wrote:
> > Daniel Golle writes:
> >
> > > Hi Jason,
> > >
> > > On Wed, Jun 16, 2021 at 06:28:12PM +0200, Jason
gt; (by parsing the UDP header and checking the source port) before writing
> > anything to the packet.
> >
> > -Toke
>
> That is a super cool approach. Thanks for writing that! Sounds like a
> good approach, and one pretty easy to deploy, without the need to
> patch kernels a
Hi Toke,
On Mon, Jun 21, 2021 at 04:27:08PM +0200, Toke Høiland-Jørgensen wrote:
> Daniel Golle writes:
>
> > On Fri, Jun 18, 2021 at 02:24:29PM +0200, Jason A. Donenfeld wrote:
> >> Hey Toke,
> >>
> >> On Fri, Jun 18, 2021 at 1:05 AM Toke Høiland-Jørge
Hi Toke,
thank you for the ongoing efforts and support on this issue.
On Wed, Jun 30, 2021 at 10:55:09PM +0200, Toke Høiland-Jørgensen wrote:
> Daniel Golle writes:
> > ...
> >> >
> >> > In terms of toolchain: LLVM/Clang is a very bulky beast, I gave up on
&
On Mon, Jul 05, 2021 at 05:21:25PM +0200, Toke Høiland-Jørgensen wrote:
> Daniel Golle writes:
> ...
> > I have managed to test your solution and it seems to do the job.
> > Remaining issues:
> > * What to do if there are many tunnels all sharing the same upstream
> &
Hi Toke,
On Mon, Jul 05, 2021 at 06:59:10PM +0200, Toke Høiland-Jørgensen wrote:
> Daniel Golle writes:
> > ...
> >> The only potential operational issue with using it on multiple wg
> >> interfaces is if they share IP space; because in that case you might
>
transfered?
Daniel
'''
root@lenovo# wg
interface: wg1
public key: zr0q0pxcOfSoiKWjXEfuHqM58GMjE4HBLr8FzQIHYxM=
private key: (hidden)
listening port: 40360
fwmark: 0xcbdf
peer: C2TUHPoZlT08iceLM2coBDTbcfg9tTKrUt7tRBWP0nk=
endpoint: 45.8.223.195:51820
allowed ips: 0.0.0.0/
ith
# multiversion(kernel).
mkdir -p %buildroot/etc/modprobe.d
cat >%buildroot/etc/modprobe.d/20-kernel-%{build_flavor}-extra.conf <> %my_builddir/kernel-extra.files
echo '%%config(noreplace)
/etc/modprobe.d/20-kernel-%{build_flavor}-extra.conf' >>
%my_builddir/kernel-extra.files
%endif
HTH,
Daniel
sta...@vger.kernel.org
CC: wireguard@lists.zx2c4.com
CC: Jason A. Donenfeld
CC: Daniel Borkmann
CC: Martynas Pumputis
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Reported-by: Martynas Pumputis
Signed-off-by: Nikolay Aleksandrov
Looks good to me, thanks Nik!
Acked-by: Daniel Borkmann
On IPv4-only hosts it can happen that the v6 default route pointed at a
wireguard interface blackholes wireguard peer traffic intended for the v4
network when the Endpoint hostname resolves to both v6 and v4 records as
most hosts will prefer the v6 address by default. This makes using
dual-stack dy
When using wireguard tunnels for providing IPv6 connectivity to machines it
can be important to pin which IP address family should be used.
Consider a peer using a DNS name with both A/ records, wg will
currently blindly follow system policy and use the first address returned
by getaddrinfo().
option into account.
We would like to note that the not_oif patch[1] would also alleviate this
problem but since this never got merged it's not a workable solution.
[1]: http://marc.info/?t=145452167200014&r=1&w=2
Signed-off-by: Daniel Gröber
---
contrib/reresolve-dns/reresolv
This adds a new config key PrivateKeyFile= that simply hooks up the
existing code for the `wg set ... private-key /file` codepath.
Using this new option the interface configs can be much easier to deploy in
an automated fashion as they don't contain secrets anymore. The private key
can easily be p
I have reproduced the issue on iPhone 13. Also occurred on iOS 16.0
-D
> On 5 Nov 2022, at 22:20, Omkhar Arasaratnam wrote:
>
> Wireguard 1.0.15 (26)
> Wireguard Go backend 2ef39d47
>
> I am unable to view logs. Clicking on the view log button momentarily
> renders text, then it goes blank.
42.42/24
$ ip addr add dev wg-test fe80::/64
$ ip -br addr show wg-test
wg-test DOWN 192.168.42.42/24 fe80::/64
$ ip link set dev wg-test master vrf-test
$ ip -br addr show wg-test
wg-test DOWN 192.168.42.42/32
Signed-off-by: Daniel G
option into account.
We would like to note that the not_oif patch[1] would also alleviate this
problem but since this never got merged it's not a workable solution.
[1]: http://marc.info/?t=145452167200014&r=1&w=2
Signed-off-by: Daniel Gröber
---
contrib/reresolve-dns/reresolve-dns.sh
wg set %i private-key /some/file`.
However this breaks when we try to use setconf or synconf as they
will (rightly) unset the private key when it's missing in the underlying
config file breaking connectivity.
Reviewed-By: Michael Tokarev
Signed-off-by: Daniel Gröber
---
src/config.c | 8 +++
ing if the (sometimes cached) src_if4
interface index is still what the route we're about to use points to.
If neither of those seem likely we can keep reading :)
--Daniel
rrently: I need one
wg tunnel per-peer to do routing but I digress.
Let me know what y'all think, I'd like to start hacking/designing this
ASAP. These things have been the only pain point in an otherwise stellar
user experience with wireguard!
Thanks,
--Daniel
PS: I have found one via
ow and I'll send those along if there's
any doubt about whether what I describe is the actual issue I'm having. I'm
pretty convinced but the first rule of the internet it that the problem is
always the X-Y problem~.
Thanks,
--Daniel
Hi Daniel,
On Mon, Jul 31, 2023 at 11:39:35PM +0200, Daniel wrote:
> I create a hostname with few IPs v4 & v6 for my wireguard server. I faced
> today a problem that after a failure with the ip a customer wg was
> registered, it continue to try to register with this ip insteed to
On Tue, Aug 01, 2023 at 10:33:03AM +0200, Daniel wrote:
> > On Mon, Jul 31, 2023 at 11:39:35PM +0200, Daniel wrote:
> > > I create a hostname with few IPs v4 & v6 for my wireguard server. I faced
> > > today a problem that after a failure with the ip a customer wg was
&
---
drivers/net/wireguard/socket.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c
index 0414d7a6ce74..c35163f503e7 100644
--- a/drivers/net/wireguard/socket.c
+++ b/drivers/net/wireguard/socket.c
@@ -387,
Multihomed hosts may want to run distinct wg tunnels across all their
uplinks for redundant connectivity. Currently this entails picking
different ports for each wg tunnel since we allow only binding to the
wildcard address. Sharing a single port-number for all uplink
connections (but bound to a pa
option into account.
We would like to note that the not_oif patch[1] would also alleviate this
problem but since this never got merged it's not a workable solution.
[1]: http://marc.info/?t=145452167200014&r=1&w=2
Signed-off-by: Daniel Gröber
---
contrib/reresolve-dns/reresolve-dns.sh
Signed-off-by: Daniel Gröber
---
src/uapi/linux/linux/wireguard.h | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/uapi/linux/linux/wireguard.h b/src/uapi/linux/linux/wireguard.h
index 0efd52c..36afb66 100644
--- a/src/uapi/linux/linux/wireguard.h
+++ b/src/uapi/linux/linux
Signed-off-by: Daniel Gröber
---
src/config.c | 116 +++---
src/containers.h | 33 +++--
src/ipc-freebsd.h | 4 ++
src/ipc-linux.h | 38 ++-
src/ipc-openbsd.h | 4 ++
src/ipc-uapi.h| 2 +
src/ipc-windows.h | 4
ot; prefix. Instead print the
error to stderr and just don't print anything on stdout in this case. Empty
string is easier to detect than an arbitrary set of (possibly localised!)
error messages.
Signed-off-by: Daniel Gröber
---
src/show.c | 29 +++--
1 file changed,
This will allow more codesharing with code dealing with the peer endpoints.
Signed-off-by: Daniel Gröber
---
src/config.c | 2 --
src/ipc-freebsd.h | 2 +-
src/ipc-linux.h | 6 +++---
src/ipc-openbsd.h | 4 ++--
src/ipc-uapi.h| 2 +-
src/ipc-windows.h | 4 ++--
src/show.c
wg set %i private-key /some/file`.
However this breaks when we try to use setconf or synconf as they
will (rightly) unset the private key when it's missing in the underlying
config file breaking connectivity.
Reviewed-By: Michael Tokarev
Signed-off-by: Daniel Gröber
---
src/config.c | 8 +++
d dropping the v6only flag for the new bind-to-address code path
I introduced but couldn't convince myself that there really is a good
reason to deviate from established wg behaviour here.
--Daniel
device, but if it proves to work well I don't see why we
couldn't adapt the netlink code to maintain AllowedIPs using this RTA (but
invisible to userspace) to re-use the same code and get rid of allowedips.c
altogether. That's assuming this ends up being less code overall or perhaps
more performant.
Happy to hear your thoughts,
--Daniel
one example but my understanding from previous
discussions is the performance is probably not ideal either.
--Daniel
ur side if they get returned anyway and emitting
a warning so this is less of a stumbling block for the next poor soul.
I do wonder what the behavoir of the other wg implementations is on this
point, if it's inconsistent with the kernel impl. that's even more reason
to warn about it.
--Daniel
plan, I'll have a look at it.
> [1] Others planned features are:
> - IP-autoconfiguration by deriving link-local addresses from peers public keys
That's been discussed so many times before on the ML and someone always
realises Jason is right and there's no point to this in the end. Key
distribution is the crux of the problem.
--Daniel
Some systems may have the sockaddr fields in a different arrangement and
need #ifdef'ing this makes this obvious to any future porters.
Signed-off-by: Daniel Gröber
---
src/containers.h | 21 +
1 file changed, 21 insertions(+)
diff --git a/src/containers.h
t to MTU, and `-M do` disables local
fragmentation so you can see when PMTU is doing it's job. You'll get
something like "ping: local error: message too long, mtu: " showing the
PMTU value if ICMP-PTB error generation is working along the path.
--Daniel
load
-40 IPv6 header
-8 UDP header
-32 Wg header
-8 PPPoE
=======
1412 wg tunnel MTU
--Daniel
Hi Kyle,
On Mon, Aug 28, 2023 at 11:40:48AM -0400, Kyle Rose wrote:
> On Sat, Aug 19, 2023 at 5:25 PM Daniel Gröber wrote:
> > Having read Kyle's use-case I'm thinking my original plan to extend the wg
> > internal source-address filtering to use a rt lookup with our ne
get wrong as it's still manual in my setup.
All of that could be solved, but I would also like to get my wg+babel VPN
setup deployed more widely at some point and all that friction isn't going
to help with that so I'd rather have this supported properly.
--Daniel
signature.asc
Description: PGP signature
faces and layers.
The entire idea with the new route attribute is to put this functionality
into the right (pre-existing) layer and not invent a new way of expressing
this. We even get scalability for free. Win-Win.
--Daniel
PS: Your mail didn't reach my inbox for some reason, I randoml
This doesn't seem to be reachable normally, but while working on a patch
for the address binding code I ended up triggering this leak and had to
reboot to get rid of the leaking wg sockets.
---
drivers/net/wireguard/socket.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --gi
or wg tunnel traffic by configuring
fwmark ip-rules and setting sysctl udp_l3mdev_accept=1 (with or without
additional nft filtering) this is at best a cludge. When VRF membership
changes it becomes a major hassle to keep ip-rules up to date.
Signed-off-by: Daniel Gröber
---
drivers/net/wire
2023 at 03:06:09PM +0200, Daniel Gröber wrote:
> > This doesn't seem to be reachable normally, but while working on a patch
>
> "Normally" as in what? At all? Or?
I committed this while working on my address/ifindex binding patch[1]
(which I will also resend shortly), at t
Some systems may have the sockaddr fields in a different arrangement and
need #ifdef'ing this makes this obvious to any future porters.
Signed-off-by: Daniel Gröber
---
src/containers.h | 21 +
1 file changed, 21 insertions(+)
diff --git a/src/containers.h
Signed-off-by: Daniel Gröber
---
src/uapi/linux/linux/wireguard.h | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/uapi/linux/linux/wireguard.h b/src/uapi/linux/linux/wireguard.h
index 0efd52c..36afb66 100644
--- a/src/uapi/linux/linux/wireguard.h
+++ b/src/uapi/linux/linux
Signed-off-by: Daniel Gröber
---
src/config.c | 116 +++---
src/containers.h | 33 +++--
src/ipc-freebsd.h | 4 ++
src/ipc-linux.h | 38 ++-
src/ipc-openbsd.h | 4 ++
src/ipc-uapi.h| 2 +
src/ipc-windows.h | 4
This will allow more codesharing with code dealing with the peer endpoints.
Signed-off-by: Daniel Gröber
---
src/config.c | 2 --
src/ipc-freebsd.h | 2 +-
src/ipc-linux.h | 6 +++---
src/ipc-openbsd.h | 4 ++--
src/ipc-uapi.h| 2 +-
src/ipc-windows.h | 4 ++--
src/show.c
Signed-off-by: Daniel Gröber
---
src/showconf.c | 17 ++---
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/src/showconf.c b/src/showconf.c
index c99a6a0..f2c6a68 100644
--- a/src/showconf.c
+++ b/src/showconf.c
@@ -23,8 +23,6 @@ int showconf_main(int argc, const char
wg set %i private-key /some/file`.
However this breaks when we try to use setconf or synconf as they
will (rightly) unset the private key when it's missing in the underlying
config file breaking connectivity.
Reviewed-By: Michael Tokarev
Signed-off-by: Daniel Gröber
---
src/config.c | 8 +++
ot; prefix. Instead print the
error to stderr and just don't print anything on stdout in this case. Empty
string is easier to detect than an arbitrary set of (possibly localised!)
error messages.
Signed-off-by: Daniel Gröber
---
Changes in v2:
- Remove now redundant print_endpoi
option into account.
We would like to note that the not_oif patch[1] would also alleviate this
problem but since this never got merged it's not a workable solution.
[1]: http://marc.info/?t=145452167200014&r=1&w=2
Signed-off-by: Daniel Gröber
---
contrib/reresolve-dns/reresolve-dns.sh
On Thu 2017-12-07 07:37:59 -0600, Bruno Wolff III wrote:
> On Thu, Dec 07, 2017 at 11:22:04 +0100,
> Stefan Tatschner wrote:
>>
>>Assuming I am right according the crypto agility, what's the upgrade
>>path if any of the involved cryptographic algorithms will be declared
>>insecure/broken? From m
On Fri 2017-12-08 10:44:41 -0600, Joe Doss wrote:
> * Large FOSS projects like Fedora have every support channel avail. IRC
> (https://fedoraproject.org/wiki/IRC), Mailing Lists
> (https://lists.fedoraproject.org/archives/), GitHub Clone
> (https://pagure.io/), Forums (https://fedoraforum.org/),
Hi Jason, all--
On Mon 2017-12-11 01:32:53 +0100, Jason A. Donenfeld wrote:
> A new snapshot, `0.0.20171211`, has been tagged in the git repository.
thanks for this!
> * contrib: keygen-html for generating keys in the browser
This includes:
contrib/examples/keygen-html/curve25519_generate.
On Sun 2017-12-10 14:48:05 +0100, Manuel Schölling wrote:
> ---
> src/tools/config.c | 15 ++-
> src/tools/setconf.c | 17 +++--
> src/tools/wg.8 | 6 --
> 3 files changed, 25 insertions(+), 13 deletions(-)
>
> diff --git a/src/tools/config.c b/src/tools/config.c
Hi Jason--
On Mon 2017-12-11 21:15:16 +0100, Jason A. Donenfeld wrote:
> - emscripten is laborious to build and recent versions are not readily
> accessible on many distros.
> - I figure web developers generally lack build system competence and
> would be more inclined to use this if it was as eas
On Tue 2017-12-12 01:18:49 +0100, Jason A. Donenfeld wrote:
> Alright, here's a stab at it:
>
> +
That looks fine to me.
--dkg
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
On Wed 2017-12-27 12:57:47 -0500, Outback Dingo wrote:
> seems that wireguard is not capabl;e of building for 32bit arm?
here's a list of successful 32-bit little-endian arm builds for debian:
https://buildd.debian.org/status/logs.php?pkg=wireguard&arch=armel&suite=sid
if you click on the "Ma
On Tue 2018-01-09 14:49:13 +0100, Jason A. Donenfeld wrote:
> Thanks to the wonderful work of Jörg Thalheim, WireGuard is now
> supported inside systemd-netword's .netdev files. The syntax should be
> pretty similar to wg(8). Expect for this to be released as part of the
> next release of systemd,
On Tue 2018-01-09 18:38:59 +0100, Jason A. Donenfeld wrote:
> On Tue, Jan 9, 2018 at 4:20 PM, Daniel Kahn Gillmor
> wrote:
>> very cool! systemd-networkd end up invoking wg(8)? or does it interact
>> with the kernel directly?
>
> We taught systemd to talk the generic n
On Wed 2018-01-10 09:50:39 +0100, Matthias Urlichs wrote:
> I would also create a virtual "wireguard" package that directly depends
> on wireguard-dkms and wireguard-tools (and Recommends:
> networkmanager-wireguard, as soon as that exists). Then, simply instruct
> the user to install that.
This i
Hi Stefan--
On Thu 2018-01-11 07:37:49 +0100, Stefan Tatschner wrote:
> Is it really neccessary to recommend an additional tool in the
> package? Wireguard can already be integrated in debian's native
> network configuration via /etc/network/interfaces:
> https://wiki.debian.org/Wireguard
these i
On Thu 2018-01-11 16:02:30 +0100, Jason A. Donenfeld wrote:
> On Thu, Jan 11, 2018 at 2:43 PM, Daniel Kahn Gillmor
> wrote:
>> Matthias was suggesting a simply-named meta-package: just "wireguard",
>> which would ensure that both wireguard-dkms and wireguard-tools are
1 - 100 of 158 matches
Mail list logo