I was updating @world and wireguard unexpectedly failed...
Unfortunately I only saved the build log, attached here. A second
attempt merged it without issues, which is kind of bothering.
I'll keep an eye and gather more info, if it fails again.
Portage 2.3.0 (python 2.7.10-final-0,
Hi Jason,
On Mon, Nov 14, 2016 at 11:28 AM, John Huttley wrote:
> RFE: when the module loads and prints its test at startup, please print its
> version and compile flags as well.
>
I second that! There is not (yet) a notion of VERSION in the code,
better not wait till
Just a note to the ML, current luci integration needs a bit more
polishing (or I don't understand wireguard)
I filed an issue at https://github.com/openwrt/luci/issues/854
Cheers,
Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
On Wed, Nov 16, 2016 at 5:15 PM, Baptiste Jonglez
wrote:
> On Tue, Nov 15, 2016 at 05:01:14PM +0100, Dan Lüdtke wrote:
>> thanks for the various feedback, guys! Here is the next round:
>>
>> https://github.com/openwrt/packages/pull/3514
>
> This one is now merged,
Hello Jason,
Thanks for the answer!
On Sat, Nov 19, 2016 at 10:14 AM, Jason A. Donenfeld wrote:
> Funny enough, I can't remember the exact interworkings of that script,
> because I didn't write it. A guy named zhasha in #wireguard did. I'll
> ask him to document it; that could
Hmm...
Really good high level theory ...
On Sun, Dec 4, 2016 at 3:07 AM, John Huttley wrote:
> So lets consider a simplified case
> A <-> B <-> C
>
> A is sending a lot of data to C.
>
> Policy triggers starting a direct A <-> C tunnel.
>
> We need public key and
On Thu, Dec 8, 2016 at 7:04 AM, Daniel Kahn Gillmor
wrote:
> I think scrubbing the ephemeral keys prior to suspend is the right thing
> to do. It's simpler to reason about, sounds straightforward to
> implement, the usability cost isn't that great, and it's likely to be
>
On Thu, Jun 29, 2017 at 6:42 PM, Jason A. Donenfeld wrote:
> He said already: 20170613
Ooops!
Sorry about the noise, time for evening coffee it seems ;-/
Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
Hello Reuben,
And what was the last good version that was working in this same setup?
Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
I finally read through all the thread :-D
(and very good write-up, Mathias!)
Obeying the KISS principle, while erring on security should lead to
"per-client PSK", the proposed method.
I see some scenarios where the current method (per-iface) works
better, mainly in small private VPNs, usually
On Tue, Aug 1, 2017 at 8:42 AM, Sahil Gupta wrote:
> Is there any tool which helps to study the effect on using WireGuard VPN on
> different OS(including embedded)?
>
https://github.com/esnet/iperf/ and related.
Kalin.
___
WireGuard
On Thu, May 25, 2017 at 7:13 PM, B wrote:
> And BTW, it is much more dangerous to reveal your keys on the Ternet
> than your endpoint IP address…
>
That just made my day, LoL! I could not help posting it on twitter:
https://twitter.com/thinrope/status/867801802724569088
Hello Jean-Yves,
I apologize for the misunderstanding, I completely agree with your advice!
I guess the adding of "LoL" at the end didn't make that clearer, I
just re-read my tweet.
Thinking about it, I was re-editing it quite a few times to make it
fit the length restriction and the end result
Great!
On Tue, Sep 12, 2017 at 12:14 AM, Jason A. Donenfeld wrote:
> Many people have asked me which companies have commercial for-profit
> WireGuard offerings. Offhand I can think of 3 at the moment:
>
> https://www.mullvad.net/guides/wireguard-and-mullvad-vpn/
>
On Tue, Nov 14, 2017 at 2:53 PM, Lonnie Abelbeck
<li...@lonnie.abelbeck.com> wrote:
>
> On Nov 14, 2017, at 4:30 AM, Kalin KOZHUHAROV <me.ka...@gmail.com> wrote:
>> As for the syntax, and I hate to suggest that, adding a new option
>> (breaking compatibility) like &qu
On Thu, Oct 26, 2017 at 12:43 AM, Jason A. Donenfeld wrote:
> The hatchet works as follows. On interface addition:
>
> # echo nameserver 1.2.3.4 > /etc/resolv.conf.wg-quick.wg0
> # [ -f /etc/resolv.conf ] || touch /etc/resolv.conf
> # mount -o ro --bind
Just nitpicking on your spellchecker...
On Thu, Oct 26, 2017 at 3:32 AM, Jason A. Donenfeld wrote:
> + echo "# poses problems, run \`unmount /etc/resolv.conf\`."
should be
+ echo "# poses problems, run \`umount /etc/resolv.conf\`."
Kalin.
I've written that yesterday, but forgot to post it, it was left in the Drafts...
While some of the content was touched upon already, so I tried to edit
it to reflect the current state of this thread...
On Sun, May 6, 2018 at 3:21 AM, Jason A. Donenfeld wrote:
> On Sat, May 5,
On Sat, May 5, 2018 at 10:18 AM, ѽ҉ᶬḳ℠ wrote:
> I like to keep things neat/controlled and any necessary open socket is only
> sticking out like a sore (wondering why it is opened when not wanted for).
> It would certainly instill more confidence in network security/control if it
>
On Sat, May 12, 2018 at 12:07 AM, Axel Neumann wrote:
> We have the following chicken-egg problem:
> We are using WG on openwrt devices which do not have a hardware clock so
> that time is resetted after each reboot.
> Because internet access shall be routed via WG tunnels the
On Tue, May 15, 2018 at 10:21 PM, Devan Carpenter wrote:
> Aaron Jones transcribed 3.1K bytes:
>> On 12/05/18 19:29, Axel Neumann wrote:
>> > You want WG to secure your network. So the suggestion can not be to open
>> > your network for a pretty insecure deamon in order to get WG
Hello Axel,
I may have not been clear in my last response, it was to be taken in
the context of the whole thread...
On Wed, May 16, 2018 at 9:32 PM, Axel Neumann <neum...@cgws.de> wrote:
>
>
> Am 15. Mai 2018 22:49:15 MESZ schrieb Kalin KOZHUHAROV <me.ka...@gmail.com>:
&
On Thu, Apr 26, 2018 at 1:06 AM, Eddie wrote:
> They are pingable from the server and all other machines on the network.
> There are no routing of firewall rules anywhere that call out these 2
> machines either by IP or name.
>
Are you sure they are pingable? By default
On Fri, 10 Aug 2018, 19:04 Brian Candler, wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say,
Probanly a routing problem, check `ip route show` on (one) client and
server.
Also you might need to enable ip forwarding on server (usually enabled on
firewalls and routers). No iptables are not necessary if everything is one
subnet.
Cheers,
Kalin.
Please excuse my brevity, phone typing here...
On Fri, 10 Aug 2018, 16:36 Brian Candler, wrote:
> Thanks for explaining the project background, and your very sensible
> goals of simplicity and robustness. And thanks for releasing this
> excellent piece of software.
>
> From my point of view,
On Thu, Jan 18, 2018 at 12:30 PM, Vadim Zotov wrote:
> in some circumstances it is important to set the TOS field in tunnel packet
> equivalent to payload packet TOS.
> for example, our provider supports three different SLAs, depending on packet
> TOS field, with different
On Tue, Mar 6, 2018 at 11:14 PM, Jason A. Donenfeld wrote:
> On Tue, Mar 6, 2018 at 11:08 PM, Toke Høiland-Jørgensen wrote:
>> I think the idea of configuring both v4 and v6 on startup and caching
>> them is a reasonable idea. Maybe even configure all available
On Fri, Mar 16, 2018 at 10:25 AM, Roman Mamedov wrote:
> Hello,
>
> I have a host which is on PPPoE and has 1492 as underlying MTU.
>
> When WireGuard starts by default, it sets MTU of its interface to 1420. All
> TCP connections trying to send a stream of data over the WG
Hello Ximin,
On Thu, Apr 5, 2018 at 5:22 AM, Ximin Luo wrote:
> Our network churn is not expected to be very heavy, perhaps on the order of
> ~30 new connections per node per week or so. So any extra latency in the
> initial
> connection caused by this separation of layers,
I am really not sure, but let me have a stab:
On Sun, Mar 25, 2018 at 11:19 AM, Adrián Mihálko wrote:
> auto wg0
> iface wg0 inet static
> pre-up ip link add dev wg0 type wireguard
> post-up wg setconf wg0 /etc/wireguard/wireguard.conf
> post-up ip link set dev wg0
On Sun, Mar 25, 2018 at 8:10 PM, ST wrote:
> PS: if you have over 100 peers it is a bit a headache to find a free IP
> when adding a new peer. There is no reason WG could not scan through IPs
> it already knows and choose a free one, assign it in its own config file
> and print
On Wed, Mar 21, 2018, 22:41 al so wrote:
> How does Wireguard compare to Tinc and ZeroTier in terms of ease of use
>> and security.
>>
>> I looked at Tinc. Seems pretty easy to setup being Decentralized Mesh
>> architecture. Security doesn't seem good. No exploits reported
On Mon, Mar 5, 2018 at 7:59 PM, Nicholas Joll wrote:
> I've tried all sorts of things to answer my own question (the question I
> asked the list a little while ago; my initial e-mail is appended below) but
> to no avail. However, I've found something, on the Wireguard
On Sun, Nov 4, 2018 at 10:10 AM Adrian Sevcenco wrote:
>
> Hi! Is there a way to use iptables to match wireguard packets incoming
> on 443 and the redirect them to the actual port?
>
> In many hotels/hostels and other free wifi it seems that only 80+443 is
> allowed but amazingly both tcp and
On Fri, Nov 2, 2018 at 8:26 AM Laszlo KERTESZ wrote:
> The current FDroid build (version 0.0.20181031) is broken. The Gui starts but
> it states "Unknown userspace Go version" and the tunnel activation action
> results in an error.
>
Hmm... just installed (1st time) and started it, seems fine
On Tue, 18 Dec 2018, 20:50 John On bar:
> % iperf3 -c 10.0.9.15 -B 10.0.9.16
> iperf3: error - unable to connect to server: Connection timed outa
iperf -c 10.0.9.15
Also for the server, omit ipaddr, it listens to all interfaces by default.
Kalin.
___
On Tue, Jan 8, 2019 at 11:27 AM Christophe-Marie Duquesne wrote:
>
> Hi there,
>
> I tried to run Wireguard on the FireTV stick. The only other relevant
> reference I found for doing this was on reddit [1], where people recommended
> to use TunSafe. TunSafe is unfortunately still closed-souce
On Tue, Jan 8, 2019 at 3:25 AM Mario García wrote:
> Is it possible to tunnel DNS requests only from the client to the
> wireguard server?
>
Yes... easy, if you want the responses to those requests going through
the tunnel as well.
It is just a tunnel, what you put in there is up to you. So add
Hello Mike,
On Tue, Jan 8, 2019 at 3:20 AM Mike O'Connor wrote:
> So I've been using Wireguard to route part of my class C to my home for
> about 4 months now, but for the last few days the traffic stops for a
> short while every few minutes.
>
Does it start on its own "after few minutes"?
>
On Tue, Jan 8, 2019 at 3:20 AM Muhammad Naseer Bhatti wrote:
> Facing a strange issue with single and sometimes with double NAT with client
> running Wireguard with the server on Public IP address. If client remains
> idle for long time (more than 15 minutes) NAT table in the route is dropped
On Tue, Jan 8, 2019 at 3:22 AM Arpit Gupta wrote:
> A new user here. Recently setup wireguard to run on my pi 3 + pi hole. I am
> noticing some interesting behavior with certain apps.
>
Apps running where? Name your hosts (fakename if you prefer) for clarity.
> When using Google Duo on my
On Fri, Mar 1, 2019 at 11:03 AM kolargol wrote:
> I am testing WG on varius OSes and devices and I have noted severe battery
> drain on iOS (12.2, iPhone 8). Typically battery drops 40% during night-time
> (that is 7 hours of inactivity on the phone) when WireGuard is engaged.
>
Compared to how
On Fri, Mar 1, 2019 at 11:11 AM Scott Lipcon wrote:
>
> I've been experimenting a bit with Wireguard on several ubuntu systems, and
> am not seeing the performance I'd expect based on the numbers at
> https://www.wireguard.com/performance/
>
> I'm wondering if there is a configuration setting
On Tue, Jun 11, 2019 at 11:08 PM Lonnie Abelbeck
wrote:
> > On Jun 11, 2019, at 12:28 PM, Jason A. Donenfeld wrote:
> >
> > One of the things that always goes wrong with "sync" algorithms in
> > software -- and the commit above at the moment is no exception -- is
> > that they're kind of racey.
On Tue, 27 Aug 2019, 20:21 Dimitar Vassilev,
wrote:
> Hello,
>
> I'm trying to establish site to site VPN with 2 OpenWRTs 18.6.4 - linux
> 4.9.184
>
> my problem is that I cannot get any ping running and cannot reach the
> remote tunnel ips.
>
1. Disable the FW and test.
2. Try ping from one
On Mon, Sep 30, 2019 at 9:53 AM Nico Schottelius
wrote:
> At lookup time this works already.
>
yup!
> The problem is, if the underlying network topology changes and you need to
> reconnect via IPv4,
> when you had IPv6 underlying before.
>
Well, "if the underlying network topology changes" it
Hi Barry,
Please read the reply below with a smile, it is just friendly sarcasm
underlining my personal view.
On Tue, Feb 25, 2020 at 1:50 AM Barry Scott wrote:
> > On 23 Feb 2020, at 12:45, Arti Zirk wrote:
> >
> > On E, 2020-02-17 at 15:47 +1100, Matthew Oliver wrote:
> >> Someone asked
48 matches
Mail list logo