On 21.05.2018 13:52, Axel Neumann wrote: > On 21.05.2018 13:22, Reto Brunner wrote: >> On Mon, May 21, 2018 at 12:07:38PM +0200, Axel Neumann wrote: >>> entirely superfluous. As discussed earlier [3] it can be achieved with >>> essentially one file-system write operation each boot. >> >> You might as well achieve the same with the timestamp. >> Just add a pre-shutdown hook, which touches a file. > > yes, can be an option, but would only work in "normal" soft-shut-down > cases, not in case of a hard reset or power cycle. A not-so-uncommon > scenario for embedded home-network devices and community-network > deployments. Especially when considering the first choice of a normal > user (desperately trying to fix its internet-via-WG tunnel connection): > Power cycle the device. > > /axel > >> Restore the system clock to this upon boot (which may very well be off >> but who cares). >> >> After the wg tunnel is back up, sync with any NTP server you trust and you >> are back up and running. >> >> What is the advantage of doing it with a counter? >> I fail to see the benefit.
Sorry, forgot to reply here: The advantage is that you could save a counter value in advance that is to-be-used after the NEXT reboot. It can be saved during boot or before WG starts (not during shut-down), so you are safe against unexpected hard resets. The (WG) boot procedure would be: 1) Read saved_counter from disk (take zero first time) and memorize it as current_counter. 2) Write saved_counter + NextBootOffset to disk. 3) Use and incremented current_counter by +1 with each new WG handshake. Considering NextBootOffset = (2^16 * 10^9): With 1 WG handshake per ms the NextBootOffset would be exhausted every ~1800 years. With 1 system reboot every ms the total 96bits counter range would overlap in ~9000 years. /axel >> _______________________________________________ >> WireGuard mailing list >> [email protected] >> https://lists.zx2c4.com/mailman/listinfo/wireguard >> > > _______________________________________________ > WireGuard mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/wireguard > _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
