Am 30.01.19 um 16:46 schrieb Gawen ARAB:
Hey Rene, > I suggest to use a cryptographically generated IPv6 address (128-bit hash of Wiregurad public key with first n bits replaced by a Wireguard-specific IPv6 prefix) > for routing and management purposes. Adding a reverse-lookup IPv6-address -> Wireguard public key via DHT would allow a public IPv6 overlay network > with authorization via firewall rules. Nodes should also be able to announce their subnets via DHT. I agree. I plan to use the subnet ORCHID as defined by RFC 4843. See command `wh orchid`.
Great! :-) RFC 4843 has been obsoleted by RFC 7343. Please use RFC 7343 instead and re-use as much cryptographic code of Wireguard as possible to reduce possible bugs and weaknesses. I suggest to omit the custom UDP protocol and libpcap by adding an ORCHIDv2 address to the wireguard network device and run the DHT via a port of the ORCHIDv2 address. That way you can easily calculate the ORCHIDv2 address of a peer from the public key and connect the DHT. Regards, Renne _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
