hello,
just to say you, as a simple end user
we are using wireguard since one year for our product,
we have 10K tunnels deployed ,
wireguard is perfect for us, very simple, we can develop our specific
code on top of if ( key management , )
so +1 for jason vision
thanks for this piece of code
Re
Hello,
We need to compile wireguard-go on linux, because we are using a closed
linux, under we cannot compile module,
how can we do ? make on wireguard-go tells us that is not recommend on linux
Regards,
Nicolas Prochazka
___
WireGuard mailing list
thanks a lot
Regards
NIcolas Prochazka
Le mar. 9 oct. 2018 à 11:17, KeXianbin(http://diyism.com) <
kexian...@diyism.com> a écrit :
> Some hint here:
> https://gist.github.com/diyism/60aa6ca24df772a4928f1aced65e72ee#file-bargeos-on-digitalocean-L40
>
> On Tue, Oct 9, 2018 a
l
module. See wireguard.com/install/ for more info.. Stop.
Le mar. 9 oct. 2018 à 11:24, nicolas prochazka
a écrit :
> thanks a lot
> Regards
> NIcolas Prochazka
>
> Le mar. 9 oct. 2018 à 11:17, KeXianbin(http://diyism.com) <
> kexian...@diyism.com> a écrit :
>
>> Som
Hello,
Is it possible to add/remove Allowed-ip in peer description without
modify configuration file or using wg set command,
I think about wg peer add|remove allowed-ip
Regards,
Nicolas Prochazka
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
Hello,
I'm trying to use openssl to generate curve key ,
as : openssl genpkey -algorithm X25519
however, result seems to be not understand by wg pubkey
openssl genpkey -algorithm X25519
echo -n 'MC4CAQAwBQYDK2VuBCIEIFBA+aTU9C5BrNPaJe0IVBZfZF39+8WqiYET0XEEM7Ba'
| wg pubkey
wg: Trailing characters
Thanks for the explanation,
Nicolas
Le dim. 8 sept. 2019 à 23:24, Jason A. Donenfeld a écrit :
>
> This seems to work, maybe:
>
> openssl genpkey -algorithm X25519 -outform der | tail -c 32 | base64
>
> openssl genpkey -algorithm X25519 -outform der | tail -c 32 | base64 | wg
> pubkey
>
> I have
ut if i'm trying to be more restrictive, as ff05::/32 for example,
it does not work.
Is a specific interaction between allowed-ips and multicast group in ipv6 ?
Regards,
Nicolas Prochazka.
Hello,
Using one wireguard Interface, with multiple peer
How can i know that a packet come from peer X ?
Is is possible to mark packet not a level interface (wg0) but at peer level ?
I can dump packet at wg0 but i lost the peer origin.
Thanks,
Nicolas
interface: wg0
public key: A
private key:
:
>
> On K, 2020-05-27 at 11:01 +0200, nicolas prochazka wrote:
> > How can i know that a packet come from peer X ?
> You can check which peers allowed ips list covers the received packets
> source ip
>
> > Is is possible to mark packet not a level interface (wg0) but
lem
bandwitch , latency ,
how wireguard manage this ( udp tunnel from kernel ? )
- about peer key management ?
with 10 000 peer keys, how can we manage it, use wg and a database for
example ?
To finish, wireguard seems to be very impressive, just the essential
thanks.
Regards,
Nico
hello,
wg show, showconf output format is not easy to parse.
Can you add a json output , with all information about peers , conf (
endpoint, pubkey,handshake ... ) in a single line
Regards,
Nicolas Prochazka
___
WireGuard mailing list
WireGuard
hello,
sorry for my english.
This question(udp tunnel ..) is not relevant, I learn a lot with the read
of mailing list.
Regards,
Nicolas
2017-02-17 14:48 GMT+01:00 Jason A. Donenfeld :
> On Wed, Feb 15, 2017 at 11:12 AM, Nicolas Prochazka
> wrote:
> > - how many tunnels a pee
way for
client to know good private_ip .
We cannot use dhcp, layer 3 , so ...
we need to implement a pool ip manager , is it correct ?
Regards,
Nicolas Prochazka.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Thanks
These are good ideas to explore
Regards,
Nicolas
2017-02-20 13:48 GMT+01:00 Dan Lüdtke :
> Hi Nicolas,
>
>
> > On 17 Feb 2017, at 15:03, nicolas prochazka
> wrote:
> > I hope not to have misunderstood ip management with wireguard,
> > in a "server mod
Hello, i'm trying to do this with wireguard, withtout success :
peer1 ---> peer2 : config ok , works
peer3 ---> peer1 : config ok , works
peer3 --->peer1 ---> peer2 : not ok .
I suspect allowed-ip configuration, but all my tests does not works.
perhaps I must create two wireguard interface on
hello,
i've a lot of
Wireguard : could not create ipv4 socket in dmesg
I 'm using wireguard with setting ipv6 peer private ip, and the connection
betweek peers is ipv4
interface: wg0
public key: vhnquNl9iD3oJrJPVBbOUma7MohVcQ1zm5suUTm1QCk=
private key: (hidden)
listening port: 6081
peer:
you are right, sorry.
I do a lot of tests and sometime it seems wireguard is in a "strange"
state, I'm trying to reproduce.
A question :
When I've the dmesg, "could not create ipv4 socket", i cannot rmmod
wireguard from kernel.
I'm trying
ip link del dev wg0 ,
rmmod wireguard
there's no wiregu
;
> Jason: I think we are approaching the point in time when there will be a
> -dev and a -users ML :)
>
>
> > On 23 Feb 2017, at 14:03, Nicolas Prochazka
> wrote:
> >
> > Hello, i'm trying to do this with wireguard, withtout success :
> >
> > p
gt; allowed ips: fd00::eea8:6bff:fef9:23bc/128
> > latest handshake: 1 minute, 43 seconds ago
> > transfer: 52.59 KiB received, 79.01 KiB sent
> >
> >
> > 2017-02-23 14:41 GMT+01:00 Dan Lüdtke :
> > Nicolas: Could you provide the configuration files? Because
to implement an auto purge of old
peer ?
Regards,
Nicolas Prochazka.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
f i'm trying with tc + iptables,
tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
and iptables mark rules,
traffic seems to be not "apply" to queue .
Regards,
Nicolas Prochazka.
-
Example : after this configuration, traffic on wg0 on port 80,443,80
is wg0 is configured as ipv6 tunnel.
Regards,
NIcolas
2017-03-06 18:40 GMT+01:00 Nicolas Prochazka :
> Hello,
> is there an incompatibilty between wireguard and traffic shaping or i
> misconfig something ?
>
> After configuring Qos , I need to add filter to flow
>
> If i
hello,
to close, it's working perfectly well in ipv4 and then when i correctly
configure my kernel, perfectly well for ipv6.
Regards,
Nicolas
2017-03-08 12:26 GMT+01:00 Nicolas Prochazka :
> Hello again,
> So i verify my configuration,
> - on a virtual tap , traffic shaping i
c shaping support for IPv6 in your kernel?
> Which symbols were needed?
>
> Thanks,
> Baptiste
>
> On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote:
> > hello,
> > to close, it's working perfectly well in ipv4 and then when i correctly
> >
ximum interval in second
between handshake, can we set this interval ?
Regards,
Nicolas Prochazka
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
1%
Is it normal behavior ?
Version : WireGuard 0.0.20170409
kernel : 4.9.23
Regards,
Nicolas Prochazka
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hello again,
with 0.0.20170613 , i can reproduce a big kworker cpu time consumption
Regards,
nicolas
2017-06-13 14:48 GMT+02:00 Jason A. Donenfeld :
> Hi Nicolas,
>
> I'll look into this. However, you need to update WireGuard to the
> latest version, which is 0.0.20170613. I can't provide help fo
hello,
after create of wg interface, kworker thread does not return to a
normal state in my case,
kernel thread continues to consume a lot of cpu .
I must delete wireguard interface to kworker decrease.
Nicolas
2017-06-13 23:47 GMT+02:00 Jason A. Donenfeld :
> Hi Nicolas,
>
> It looks to me like
auses some trouble about cpu / load average , performance
of vm.
Regards,
Nicolas
2017-06-14 9:52 GMT+02:00 nicolas prochazka :
> hello,
> after create of wg interface, kworker thread does not return to a
> normal state in my case,
> kernel thread continues to consume a lot of cpu
thanks :)
NIcolas
2017-06-14 16:13 GMT+02:00 Jason A. Donenfeld :
> On Wed, Jun 14, 2017 at 4:05 PM, Jason A. Donenfeld wrote:
>> Will keep a kworker at 100% CPU, even after that command completes?
>> I'm unable to reproduce this here. Could you give me detailed
>> environmental information so th
guard interfaces with 500 tunnels
(peer) for each .
Nicolas
2017-06-14 16:15 GMT+02:00 Jason A. Donenfeld :
> On Wed, Jun 14, 2017 at 3:50 PM, nicolas prochazka
> wrote:
>> At this moment, we are using 3000 wg tunnel on a single wireguard
>> interface, but now
>> we want di
seems strange
wireguard : v0.0.20170918]
kernel : 4.9.23 on client1
kernel : 4.4.0 on server 1
Regards,
Nicolas Prochazka
Server 1 :
ifconfig neocoretech_rd
neocoretech_rd Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fd00:14::8b5:8aff:fe85:f
packet matches the allowed-ips of the other machine.
>
> --
> Sent from my telephone.
>
> On Sep 20, 2017 17:11, "nicolas prochazka"
> wrote:
>
> Hello, can somebody tells me what I do wrong :
> I can ping from server 1 --> client 1 ( ping fd00:14::8b5:8aff:
ables ..
With mutliple interface, all is good in term of performance with the
last release , but each interface must have it's own port, that is
not possible to manage ( different port by client )
Is there a solution ?
Regards,
Nicolas Prochazka
___
Hello,
i known, but we are using one interface by customer, each interface
manages multiple peers ( > 500 )
as
wg_interface0 = client 0 = 500 peers
wf_interfacen= client n = 500 peers
at this moment, only one interface wg0 manage all peers and all
customers , it's very complicating for the admin
Ok,
To be more precise, the uses cases are :
services ( as daemon ) are listening on specifiq interface/Ipv6
address to secure and active service by client, with only one
interface, it is not possible, aliasing seems to be not relevant.
However i can understand that is not the problem of wireguard
internal dev = hack your code for our specifiq use, to multiplex
listening udp port .
I agree with you about configuration, it is possible, but we are using
"historical" private software, and it's difficult to deal with.
It is not a wireguard issue.
Regards,
Nicolas
2017-09-21 14:54 GMT+02:00 Ja
son A. Donenfeld :
> On Thu, Sep 21, 2017 at 3:14 PM, nicolas prochazka
> wrote:
>> "historical" private software, and it's difficult to deal with.
>> It is not a wireguard issue.
>
> In that case, I'd recommend you bind your services to 0.0.0.0 and just
>
Hello,
latest handshake seems to be a convinient way to determine if
wireguard tunnel is up or down, to manage a high availibity for server
side.
Now, it seems latest handshame must > 135 s to be sure that tunnel is
down, how can we specify a small delay, as 30s for example.
Regards,
Nico
ok and thanks
nicolas
https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail";
target="_blank">https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif";
alt="" width="46" height="29" style="
Hello,
On a "server side" I've for example these peers, and i want to send a
ipv6 multicast group
ff02::1
How can I do that with peer / allowed-ips routing ?
Regards
Nicolas
interface: wg0
public key: **
private key: (hidden)
listening port: 6081
peer:
preshared
42 matches
Mail list logo