Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

[ Linus Torvalds Is Hoping WireGuard Will Be Merged Sooner Rather Than
Later ]

Linus wrote:
"Btw, on an unrelated issue: I see that Jason actually made the pull
request to have wireguard included in the kernel.

Can I just once again state my love for it and hope it gets merged soon?
Maybe the code isn't perfect, but I've skimmed it, and compared to the
horrors that are OpenVPN and IPSec, it's a work of art."

https://www.phoronix.com/scan.php?page=news_item=Linus-Likes-WireGuard
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

On 7/2/18 10:25 PM, Germano Massullo wrote:
> Notizia simpatica:
> US Senator Recommends Open-Source WireGuard To NIST For Government VPN
> https://www.phoronix.com/scan.php?page=news_item=WireGuard-Senator-Recommends

Circa il senatore:
https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/1033766-us-senator-recommends-open-source-wireguard-to-nist-for-government-vpn?p=1033783#post1033783
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

Notizia simpatica:
US Senator Recommends Open-Source WireGuard To NIST For Government VPN
https://www.phoronix.com/scan.php?page=news_item=WireGuard-Senator-Recommends

___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

Il 4 aprile 2018 11:42, Stefano De Carlo  ha scritto:
> Il 10/01/2018 12:57, Germano Massullo ha scritto:
>> Pull request approvata, ora WireGuard è disponibile in systemd-networkd
>
> È interessante che Torvalds stesso spinge per avere Wireguard incluso in
> Linux: https://lkml.org/lkml/2018/2/13/752

Bene!
Spero che si diffonda anche nella comunità BSD, così da poterlo avere
in futuro anche in FreeNAS
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Stefano De Carlo]

Il 10/01/2018 12:57, Germano Massullo ha scritto:
> Pull request approvata, ora WireGuard è disponibile in systemd-networkd

È interessante che Torvalds stesso spinge per avere Wireguard incluso in
Linux: https://lkml.org/lkml/2018/2/13/752

Stefanauss.
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

Il 12/12/2017 09:51, Germano Massullo ha scritto:
> Pull request per supporto su systemd-networkd
> https://github.com/systemd/systemd/pull/4191
Pull request approvata, ora WireGuard è disponibile in systemd-networkd
https://lists.zx2c4.com/pipermail/wireguard/2018-January/002274.html
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

Il 13/12/2017 21:26, Rugantio ha scritto:
> Mi piacerebbe però saperne di più riguardo la sicurezza di wireguard,
> sai se qualcuno ha fatto un audit?

Jason A. Donenfeld, il creatore di Wireguard ha detto:

===
WireGuard has undergone several intense code reviews, and of course it's
been
written by a guy who audits other people's codebases for a living, but it
hasn't _yet_ been audited. And now is *not* the time to audit it either!
It's
still undergoing changes, so as to make any audit done now not very
useful. I
suspect after we post the first RFC to netdev, there will be a flurry of
changes requested. After those are made, and the structure of the code base
solidifies, we'll be in a good place to request audits. Fortunately
being from
the security industry myself, I know a few different companies who want
to take
a look at it. So hold tight -- they'll be comin'.
===

da https://xn--4db.cc/HtJY8GOU
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Rugantio]

Il 2017-12-12 08:51 Germano Massullo ha scritto:

Pull request per supporto su systemd-networkd
https://github.com/systemd/systemd/pull/4191


Grazie del contributo!
La sto provando su Debian (è in unstable) e sembra fare il suo dovere. 
In questi giorni la provo su arch e vi faccio sapere come va.
Mi piacerebbe però saperne di più riguardo la sicurezza di wireguard, 
sai se qualcuno ha fatto un audit?

___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

Pull request per supporto su systemd-networkd
https://github.com/systemd/systemd/pull/4191
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless

Re: [Ninux-Wireless] WireGuard: Next Generation Kernel Network Tunnel

[Germano Massullo]

seconda parte dell'esempio 2, per chi ha una distro Linux basata su
Firewalld, come Fedora/RHEL/CentOS

=== Host B (gateway VPN) ===
quando viene creata l'interfaccia wg0, essa non essendo stata assegnata
ad alcuna zona firewall, ricadrà nella zona di default, che blocca tutto
tranne i pacchetti ICMP. Pertanto finché si tratta di effettuare dei
ping sugli host (es. da A a C) tutto funziona, appena si prova ad
utilizzare un servizio, non ci si riesce.
Pertanto con
# firewall-cmd --zone=trusted --add-interface=wg0 --permanent
# firewall-cmd --reload
si risolve il problema.
Ora da host A si può eseguire correttamente
$ ssh user@10.1.0.22
che è il server SSH in esecuzione sull'host C
___
Wireless mailing list
Wireless@ml.ninux.org
http://ml.ninux.org/mailman/listinfo/wireless