On Fri, Aug 10, 2018 at 02:35:14PM +0100, Brian Candler wrote:
From my point of view, the only thing which makes me uncomfortable
about wireguard is the lack of any second authentication factor. Your
private key is embedded in a plaintext file in your device (e.g.
laptop), not even protected w
Hi, all:
I'm trying to figure out the right PostUP/PostDown incantations to send
just ssh traffic (on port tcp/22) via the wg tunnel, but I'm having a
bit of a hard time. I should be able to do this with --set-mark for
iptables/PREROUTING and a fwmark ip route rule, but it doesn't appear to
be wor
On Fri, Oct 05, 2018 at 12:03:04PM +0200, Toke Høiland-Jørgensen wrote:
> > When you're doing policy routing with packets that are being forwarded
> > by the system -- a router, for example -- then the prerouting table is
> > sufficient. But for locally generated packets, you have to use the
> > OU
On Fri, Oct 05, 2018 at 06:32:44PM +0200, Matthias Urlichs wrote:
On 05.10.18 17:53, Konstantin Ryabitsev wrote:
But should the admin need to bring up the OpenVPN link
This may be a stupid question, but why do you need OpenVPN any more, if
you have Wireguard?
Because it's already
On Sat, Oct 06, 2018 at 11:21:01AM +0100, Brian Candler wrote:
> My even more stupid question is "why use wireguard if the only thing it's
> carrying is ssh?" - but I guess it's a convenient way to tunnel to a network
> which doesn't have public-routed addresses.
Right -- and I also don't want to
Hello:
For auditing purposes, I would like to be able to log the remote
endpoint IP for each wg connection on the server side. What's the best
way to do this, preferably using syslog?
Best,
-K
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https:/
On Wed, Jan 16, 2019 at 10:52:48AM -0500, John wrote:
> > For auditing purposes, I would like to be able to log the remote
> > endpoint IP for each wg connection on the server side. What's the best
> > way to do this, preferably using syslog?
>
> Enable the debug option when building should print
Hello, all:
Is there any mechanism to add some kind of 2-factor authentication
mechanism either via:
a. additional prompting for a HOTP/TOTP key sequence similar to how
openvpn allows doing auth-user-pass in addition to certificate-based
authentication
b. some way to use PGP Auth keys with wireg
Hi, all:
I am getting the following error trying to build using the latest
CentOS-7.4 kernel using the 20170907 snapshot:
[root@ossna17 ~]# uname -r
3.10.0-693.2.2.el7.x86_64
[root@ossna17 ~]# cat /var/lib/dkms/wireguard/0.0.20170907/build/make.log
DKMS make.log for wireguard-0.0.20170907 for ker
On Fri, Sep 22, 2017 at 12:52:43AM +0200, Jason A. Donenfeld wrote:
The easiest way would be to add OTP to the part of your infra that
does the key exchange. That is, if you have some kind of HTTPS
REST-based API or an SSH-based API, you can have the server not accept
a new public key until the O
On Wed, Oct 11, 2017 at 03:52:14PM +0200, Le Sandie wrote:
+1 for the live streaming and recording. I can attend virtually!
This should totally be a Twitch.tv session. :)
-K
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com
On Mon, Sep 27, 2021 at 05:21:57AM -0500, Bruno Wolff III wrote:
> > With obfuscation there would be UDP packets of random junk, and it would be
> > a
> > much harder job to come up with a rule to drop those without affecting
> > anything else.
>
> If your ISP is blocking your Wireguard traffic c
12 matches
Mail list logo