Re: [PATCH] Add japanese translation.
On 2/14/20 11:27 PM, Eiji Tanioka wrote: > Hi, Samuel. > > Thank you for your reply! > I re-created patch. Thanks, applied: https://git.zx2c4.com/wireguard-android/commit/?id=822f72df956ecd3aaa6a2b254e059e38ba5122e4 ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH] Add japanese translation.
On 2/13/20 4:31 AM, Eiji Tanioka wrote: > This patch is Japanese translation for wireguard-android. Thank you for the patch! Yes, `git format-patch` and sending to this list is how we're currently accepting contributions to the Android app. Next time, please also include your Signed-off-by: line in the commit message. > --- > app/src/main/res/values-ja/strings.xml | 300 - > 1 file changed, 150 insertions(+), 150 deletions(-) It looks like you created this file in a previous commit. Please squash your changes to a single commit that creates the file with its final contents. Thanks, Samuel ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: CryptoKey Routing Management for Peers
You might also want to check out https://pypi.org/project/wgnlpy/ which is a Wireguard configuration library for python. ~Derrick • iPhone > On Feb 14, 2020, at 3:02 AM, Barrett Strausser wrote: > > > I don't doubt that it can handle 1M peers. > > My question was more concerned with can an Organization perform the > configuration management to handle 1M peers if all configuration is through a > static IP. > > If I have 1M peers and . have no change per day, that still leaves 100 > changes or ~4 per hour. I'd argue it is a good practice to have to restart > services to pick up those changes. > > I'll have a look at those links. Thank you very much > > -b > > > >> On Sat, Feb 8, 2020 at 4:29 PM Jason A. Donenfeld wrote: >> WireGuard has an API, via Netlink. This might help you: >> >> https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library >> https://git.zx2c4.com/wireguard-tools/tree/src/uapi/linux/wireguard.h >> >> It can handle 1M peers, yes. > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH] Implement reading keys from stdin.
On Fri, 2020-02-14 at 12:17 +0100, Jason A. Donenfeld wrote: > Except the command line arguments have length limits you'll hit > anyway. Wouldn't the better way to do this be passing a config file > to > `wg setconf wg0 /dev/stdin`? Yes, they would be better. However each command has slight inefficiencies for my usecase: - `wg setconf` removes the endpoints of peers that don't have a static endpoint address - `wg addconf` cannot remove peers - `wg syncconf` needs to be given the exact allowed IPs of all peers it has to keep, not just the ones that have changed. It will also remove all peers that were added manually by the user (and not by my daemon). For now I will either use `wg syncconf`, or maybe `wg addconf` + multiple `wg set peer remove`. I've been thinking, how stable is the IPC protocol? It might be nice to have a tool/daemon/something that makes it possible to use the protocol to configure devices that natively use netlink or OpenBSD ioctls. signature.asc Description: This is a digitally signed message part ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[ANNOUNCE] wireguard-linux-compat v0.0.20200215 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, A new version, v0.0.20200215, of the backported WireGuard kernel module for 3.10 <= Linux <= 5.5.y has been tagged in the git repository. Please note that until Linux 5.6 is released, this snapshot is a snapshot rather than a secure final release. == Changes == * send: cleanup skb padding calculation * socket: remove useless synchronize_net Sorry for the back-to-back releases. This fixes a regression spotted by Eric Dumazet. This release contains commits from: Jason A. Donenfeld. As always, the source is available at https://git.zx2c4.com/wireguard-linux-compat/ and information about the project is available at https://www.wireguard.com/ . This snapshot is available in compressed tarball form here: https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200215.tar.xz SHA2-256: 0def6f3608ec06f6dfc454aa5281a7c38b06ff27096cb341448d20602da4e923 A PGP signature of that file decompressed is available here: https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200215.tar.asc Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE Remember to unxz the tarball before verifying the signature. If you're a package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest version. Finally, WireGuard development thrives on donations. By popular demand, we have a webpage for this: https://www.wireguard.com/donations/ Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl5HJy8QHGphc29uQHp4 MmM0LmNvbQAKCRBJ/HASpd4DrkecEADDiaWXMlsxqEowxnVsZpB3Nl+7gPct4ZMA KaV6Nj64EFmLLTIpVpLUkttHhWVPlr2Av8lcNO1HE4GeMfQJSgQKhd6ft6a3HYTT Uq4B8c9+B5Fe++9ROC+NUsJHb1wb1VldKo9x38wAS5U8MKLYP2LTiWwAXbVnDNvk h+uHpkrGdlXJ9D9d1asjpFQekuemzZ7qdf1W8W5S+6f5rfcH3eAIn0cVghb/iKvW w9J0lEV8Yny0hq2k24rv6+dzAEHQCALINriZGS0MdNnkwpbcpxvxkQO87jBIVBZz CNTYWW63JYj/LQagSKBXYMb0jstYMRbdHx37nrmhPFLB27ZwsxtZXDG+ci7MWyqb hNPHOJQ2HG5OIcjaK+iuXzom+HN/OvwjboTGD3dD0NFuVrjm5zDOaYwjaLW62ijd /ujys5DxeE0++KBMQ6TMcn+Zakdu5SGmyKcyYrlofTNydY/EsKxdoVdrJrjTUUFg HN2tjIL6essPLgDyHwJURl2d8y1Jg+unYJb/xKb6CJEVsALpJnbHgJ/CmBjENbGE GzPWupkuW5ybo4nnMWGzbz3u9sj/sXyTpE2YWRh1UMqMB5BQHqMkXvA0/GUz/EHz sHdMdSS7+lQgrMQsktxI8E3a9PdxrUCPgZTG+1IyTmR1p4FaClQXvKtQ+eMqHBlT BGPhnREXpQ== =RTSb -END PGP SIGNATURE- ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[ANNOUNCE] wireguard-linux-compat v0.0.20200214 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, A new version, v0.0.20200214, of the backported WireGuard kernel module for 3.10 <= Linux <= 5.5.y has been tagged in the git repository. Please note that until Linux 5.6 is released, this snapshot is a snapshot rather than a secure final release. == Changes == * chacha20poly1305: defensively protect against large inputs Defense-in-depth sort of check. * netns: ensure that icmp src address is correct with nat We finally upstreamed the last remaining compat.h hack in this patch series: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=803381f9f117493d6204d82445a530c834040fe6 That means we can port compat.h to use the new proper API. * receive: reset last_under_load to zero Matt found a small optimization while porting the Linux kernel module to OpenBSD's kernel. * send: account for mtu=0 devices This fixes issues related to setting the MTU of a device to zero. This release contains commits from: Jason A. Donenfeld. As always, the source is available at https://git.zx2c4.com/wireguard-linux-compat/ and information about the project is available at https://www.wireguard.com/ . This snapshot is available in compressed tarball form here: https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200214.tar.xz SHA2-256: 6aaed62beb23803a456b7875a56e9462125a589c9dfb6d0b672c1a8f9f3f45ab A PGP signature of that file decompressed is available here: https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-0.0.20200214.tar.asc Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE Remember to unxz the tarball before verifying the signature. If you're a package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest version. Finally, WireGuard development thrives on donations. By popular demand, we have a webpage for this: https://www.wireguard.com/donations/ Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl5GouAQHGphc29uQHp4 MmM0LmNvbQAKCRBJ/HASpd4DrjcREADZ62q40fW86qwDY2c3WglegysWlytKNuy2 fzyg07ZbJpoN4mUWzVxwv96ewkU4q34iwJ/EM5/LGqV+uP4rsLWO8HeaT/TdTsfi OPSwnx5B89Hc8N+RejDB++eCtVU1nr6BEPIyK/Gi8Ng4biZWea5U7Q85/gAYOLVE W5HN51XobxRa0W0Y7DYGpMONXXWRXh1YICtROUo51Z/l1SsR9/B8K/uKoXuqGJR7 GKVrjkdSQDJTQIIepkn123xL/2s4QncfSqpDkbxnQKAn1rh3ZlfFDUDsjfJVLFnP 4A+pfF2Z82vURZNgtV70Ur1w0niuIHUC7NMbQJEHaaapMa7CQZ1pkOJR549KGG1r 6PQ28USZf6ZLxY0dkHesuTzkbYlSxM1+Sodi3lqyEmJy/laavVzR62EP/k7d/i9g UJkDS5yRs8yg4KXLtqUqYJEy62ZTS0CbmbSMFPgPlXYXtymzXec1f4QHE/h2n9Kt MDH7O4vSxYnKAjj4tHpabIfK8f0Brl7Ha1WOJbYhG7sA9bgylGuMh5ruv8U/SHlY V4v0/fM4PQxmHJxyzKaQ1BDj14a/zy4LcBogUtGqKJ0X2DQ/HBap154lPM0q5TT8 Ov026Uts4dqIm4lMk2qiC06WaAYhXFHsiunpmBtpOd+dzwHmDc6bMYCdkFRFFZt9 gkjz6SzcOQ== =leGA -END PGP SIGNATURE- ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH] Implement reading keys from stdin.
On Sun, Feb 9, 2020 at 1:15 AM Hristo Venev wrote: > > On Sat, 2020-02-08 at 23:20 +0100, Jason A. Donenfeld wrote: > > Trying to get a handle on the use case for this. > > I am working on a program [1] that configures a WireGuard interface by > invoking `wg`. Generally there are multiple peers, and some of them may > have preshared keys. > > Currently the most reasonable way to pass keys is to write each one to > a temporary file. I think passing all of them over stdin is nicer. Except the command line arguments have length limits you'll hit anyway. Wouldn't the better way to do this be passing a config file to `wg setconf wg0 /dev/stdin`? ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH] Implement reading keys from stdin.
On Sun, Feb 9, 2020 at 12:23 AM Jason A. Donenfeld wrote: > Thank for the patch, and nice hanging with you at FOSDEM. > > Trying to get a handle on the use case for this. Is this so that you > can put the private key and the preshared key in a single file > together? Is there a situation where the shell redirection trick > doesn't cut it? For example: > > wg set wg0 private-key <(head -n 1 bothkeys) preshared-key <(tail -n 1 > bothkeys) > I would guess there are shells which don't have the <(cmd) bashism... -- Mantas Mikulėnas ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Windows Wireguard with Multiple Endpoints in Different Subnets
The config file stays the same. The configuration breaks when I define a default gateway in my network settings (in order to have the Windows machine connected to the Internet). From that moment on, the packages destined to the other ethernet port (the one where the default gateway not is) are showing up on the wrong port (I can see them with Wireshark). But only the packages from Wireguard, if I do a simple ping, everything works because the subnets are all still properly defined. On Tue, Jan 28, 2020 at 11:38 AM Jason A. Donenfeld wrote: > On Tue, Jan 28, 2020 at 11:34 AM wrote: > > b) The configuration described above breaks when I define a default > gateway, e.g. 192.168.0.1. > > I didn't quite understand what type of change this sentence implies. > What's the config file after you make the transformation described in > (b)? > ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: After win2019 server reboot, Wireguard tunnel doesn't start
Hello, bellow is another occurance of the bug. At 17:19 server was rebooted because of updates. The process C:\windows\system32\svchost.exe (bserver) has initiated the restart of computer bserver on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Service pack (Planned) Reason Code: 0x80020010 Shutdown Type: restart Comment: 2020-02-11 14:13:29.084361: [TUN] [Server] peer(SuXT…9iko) - Sending keepalive packet 2020-02-11 14:13:39.080286: [TUN] [Server] peer(SuXT…9iko) - Receiving keepalive packet 2020-02-11 14:13:39.085654: [TUN] [Server] peer(SuXT…9iko) - Sending keepalive packet 2020-02-11 14:22:18.562874: [TUN] [Server] peer(SuXT…9iko) - Removing all keys, since we haven't received a new one in 540 seconds 2020-02-12 17:19:00.295842: [MGR] Exited UI process for user 'admin_user@bserver' for session 2 with status 40010004 2020-02-12 17:19:01.351433: [MGR] Starting UI process for user ‘admin_user@bserver’ for session 2 2020-02-12 17:19:02.508881: [MGR] Exited UI process for user 'admin_user@bserver' for session 2 with status c26b 2020-02-12 17:20:46.494769: [TUN] [Server] Device closing 2020-02-12 17:20:46.532011: [TUN] [Server] Routine: TUN reader - stopped 2020-02-12 17:20:46.574511: [TUN] [Server] Routine: event worker - stopped 2020-02-12 17:20:46.579359: [TUN] [Server] Routine: receive incoming IPv4 - stopped 2020-02-12 17:20:46.626363: [TUN] [Server] Routine: receive incoming IPv6 - stopped 2020-02-12 17:20:46.627376: [TUN] [Server] peer(SuXT…9iko) - Stopping... 2020-02-12 17:20:46.627376: [TUN] [Server] peer(SuXT…9iko) - Routine: sequential sender - stopped 2020-02-12 17:20:46.628361: [TUN] [Server] peer(SuXT…9iko) - Routine: nonce worker - stopped 2020-02-12 17:20:46.629361: [TUN] [Server] Routine: encryption worker - stopped 2020-02-12 17:20:46.630362: [TUN] [Server] Routine: decryption worker - stopped 2020-02-12 17:20:46.630362: [TUN] [Server] Routine: decryption worker - stopped 2020-02-12 17:20:46.630362: [TUN] [Server] Routine: handshake worker - stopped 2020-02-12 17:20:46.631382: [TUN] [Server] Routine: handshake worker - stopped 2020-02-12 17:20:46.631382: [TUN] [Server] Routine: encryption worker - stopped 2020-02-12 17:20:46.631382: [TUN] [Server] peer(SuXT…9iko) - Routine: sequential receiver - stopped 2020-02-12 17:20:46.631382: [TUN] [Server] peer(CbnY…MhkI) - Stopping... 2020-02-12 17:20:46.632362: [TUN] [Server] peer(CbnY…MhkI) - Routine: sequential receiver - stopped 2020-02-12 17:20:46.633361: [TUN] [Server] peer(CbnY…MhkI) - Routine: sequential sender - stopped 2020-02-12 17:20:46.633361: [TUN] [Server] peer(CbnY…MhkI) - Routine: nonce worker - stopped 2020-02-12 17:20:46.633361: [TUN] [Server] peer(JRsL…401s) - Stopping... 2020-02-12 17:20:46.633361: [TUN] [Server] peer(JRsL…401s) - Routine: sequential receiver - stopped 2020-02-12 17:20:46.634362: [TUN] [Server] peer(JRsL…401s) - Routine: nonce worker - stopped 2020-02-12 17:20:46.634362: [TUN] [Server] peer(JRsL…401s) - Routine: sequential sender - stopped 2020-02-12 17:20:46.635445: [TUN] [Server] peer(nLK/…f3mE) - Stopping... 2020-02-12 17:20:46.635445: [TUN] [Server] peer(nLK/…f3mE) - Routine: sequential receiver - stopped 2020-02-12 17:20:46.635445: [TUN] [Server] peer(nLK/…f3mE) - Routine: nonce worker - stopped 2020-02-12 17:20:46.636367: [TUN] [Server] peer(nLK/…f3mE) - Routine: sequential sender - stopped 2020-02-12 17:20:46.636367: [TUN] [Server] peer(1WB6…G/xk) - Stopping... 2020-02-12 17:20:46.636367: [TUN] [Server] peer(1WB6…G/xk) - Routine: sequential receiver - stopped 2020-02-12 17:20:46.637416: [TUN] [Server] peer(1WB6…G/xk) - Routine: nonce worker - stopped 2020-02-12 17:20:46.638361: [TUN] [Server] peer(1WB6…G/xk) - Routine: sequential sender - stopped 2020-02-12 17:20:46.638361: [TUN] [Server] peer(akUl…uaHM) - Stopping... 2020-02-12 17:20:46.639378: [TUN] [Server] peer(akUl…uaHM) - Routine: sequential receiver - stopped 2020-02-12 17:20:46.639378: [TUN] [Server] peer(akUl…uaHM) - Routine: nonce worker - stopped 2020-02-12 17:20:46.640362: [TUN] [Server] peer(akUl…uaHM) - Routine: sequential sender - stopped 2020-02-12 17:20:46.640362: [TUN] [Server] peer(UUvS…DwEo) - Stopping... 2020-02-12 17:20:46.641361: [TUN] [Server] peer(UUvS…DwEo) - Routine: sequential receiver - stopped 2020-02-12 17:20:46.641361: [TUN] [Server] peer(UUvS…DwEo) - Routine: sequential sender - stopped 2020-02-12 17:20:46.641361: [TUN] [Server] peer(UUvS…DwEo) - Routine: nonce worker - stopped 2020-02-12 17:20:46.641361: [TUN] [Server] Interface closed 2020-02-12 17:20:46.642361: [TUN] [Server] Shutting down 2020-02-12 17:21:56.974077: [TUN] [Server] Starting WireGuard/0.0.38 (Windows Server 10.0.17763; amd64) 2020-02-12 17:21:56.974077: [MGR] Starting WireGuard/0.0.38 (Windows Server 10.0.17763; amd64) 2020-02-12 17:21:57.199444: [TUN] [Server] SCM locked for 24s by .\NT Service Control Manager, marking service as started 2020-02-12 17:21:57.203451: [TUN] [Server] Watching network interfaces
Re: [PATCH] Fix formatting in wg-quick(8)
Hi Jason, Jason A. Donenfeld wrote on Thu, Feb 13, 2020 at 05:31:41PM +0100: > On Thu, Feb 13, 2020 at 5:50 AM Stephen Gregoratto > wrote: >> +.TH WG-QUICK 8 "2019-02-13" ZX2C4 "WireGuard" > It's 2020 now, but what would you think of retaining the original > date? Or do you usually bump it on every change? I'm not sure what the > convention is. The .TH macro is supposed to contain the date of the last change. If you want to explain when something was first implemented, you can do that below ".SH HISTORY". >> +.PP >> +The following might be used for connecting as a client to a VPN gateway for >> +tunneling all traffic: >> +.nf >> +.sp >> +.RS 6n > Never seen these three modifiers. They set spacing somehow? Not sure what you mean by "modifiers". .nf and .sp are roff(7) requests, .RS is a man(7) macro, and 6n is a scaling width. https://man.openbsd.org/roff.7#nf https://man.openbsd.org/roff.7#sp https://man.openbsd.org/man.7#RS_2 https://man.openbsd.org/roff.7#Scaling_Widths >> .SH SEE ALSO >> -.BR wg (8), >> +.BR pass (1), >> .BR ip (8), >> -.BR ip-link (8), >> .BR ip-address (8), >> +.BR ip-link (8), >> .BR ip-route (8), >> .BR ip-rule (8), >> -.BR resolvconf (8). >> - >> +.BR iptables (8), >> +.BR resolvconf (8), >> +.BR wg (8) >> .SH AUTHOR >> .B wg-quick > You've ordered these alphabetically, but the original ordering was > chosen deliberately. Sorting first by section, then alphabetically is done by convention. For example, see this style guide: https://mandoc.bsd.lv/mdoc/style/see_also.html The reason is that the number of references ought to be small, so deliberate ordering adds little value, and a fixed ordering results in a more predictable experience for the reader. Yours, Ingo ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH] Change "Deselect All" to "Toggle All" in Excluded apps settings
Seems reasonable, but please resubmit with your Signed-off-by: line. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: CryptoKey Routing Management for Peers
I don't doubt that it can handle 1M peers. My question was more concerned with can an *Organization *perform the configuration management to handle 1M peers if all configuration is through a static IP. If I have 1M peers and . have no change per day, that still leaves 100 changes or ~4 per hour. I'd argue it is a good practice to have to restart services to pick up those changes. I'll have a look at those links. Thank you very much -b On Sat, Feb 8, 2020 at 4:29 PM Jason A. Donenfeld wrote: > WireGuard has an API, via Netlink. This might help you: > > https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library > https://git.zx2c4.com/wireguard-tools/tree/src/uapi/linux/wireguard.h > > It can handle 1M peers, yes. > ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wireguard looses internet connection intermittently.
I think I found the problem, there is a typo in my iptable command. While editing with vi, I may have added additional i in the end of MASQUERADE. I removed it and restarted it. Now I am monitoring for issues. On Sun, 9 Feb 2020 at 10:55, Kunal Shah wrote: > Hi Jason, > > Thanks for your response. After the changes you suggested, It still gives > me the same problem. Now my GCP server wireguard configuration looks like > this. > > [Interface] > Address = 192.168.1.1 > SaveConfig = true > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j > ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t > mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i > -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE > ListenPort = 51840 > PrivateKey = > MTU=1380 > > [Peer] > PublicKey = > AllowedIPs = 192.168.1.2/32 > > On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld wrote: > >> GCP uses an MTU of 1460 because Google's network does weird things. >> That means the MTU for WireGuard should be 1380. On the GCP box, try >> adding `MTU=1380` to your config and add this line to PostUp: ` >> ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j >> TCPMSS --clamp-mss-to-pmtu` >> > ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: wireguard looses internet connection intermittently.
Hi Jason, Thanks for your response. After the changes you suggested, It still gives me the same problem. Now my GCP server wireguard configuration looks like this. [Interface] Address = 192.168.1.1 SaveConfig = true PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE ListenPort = 51840 PrivateKey = MTU=1380 [Peer] PublicKey = AllowedIPs = 192.168.1.2/32 On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld wrote: > GCP uses an MTU of 1460 because Google's network does weird things. > That means the MTU for WireGuard should be 1380. On the GCP box, try > adding `MTU=1380` to your config and add this line to PostUp: ` > ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j > TCPMSS --clamp-mss-to-pmtu` > ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[PATCH] Add japanese translation.
This patch is Japanese translation for wireguard-android. --- app/src/main/res/values-ja/strings.xml | 300 - 1 file changed, 150 insertions(+), 150 deletions(-) diff --git a/app/src/main/res/values-ja/strings.xml b/app/src/main/res/values-ja/strings.xml index 336cd4e..2044f4b 100644 --- a/app/src/main/res/values-ja/strings.xml +++ b/app/src/main/res/values-ja/strings.xml @@ -1,180 +1,180 @@ -Unable to delete %d tunnel: %s -Unable to delete %d tunnels: %s +%d トンネルを削除できません: %s +%d トンネルを削除できません: %s -Successfully deleted %d tunnel -Successfully deleted %d tunnels +%d トンネルを削除しました +%d トンネルを削除しました -%d tunnel selected -%d tunnels selected +%d トンネルを選択 +%d トンネルを選択 -Imported %d of %d tunnels -Imported %d of %d tunnels +%d 個(全 %d 個)のトンネル設定をインポート +%d 個(全 %d 個)のトンネル設定をインポート -Imported %d tunnel -Imported %d tunnels +%d 個のトンネル設定をインポート済 +%d 個のトンネル設定をインポート済 -%d Excluded Application -%d Excluded Applications +除外アプリ %d 個 +除外アプリ %d 個 -Add peer +ピアを追加する Addresses Allowed IPs WireGuard %1$s\'s %2$s %s %1$s in %2$s -: Must be positive and no more than 65535 -: Must be positive -: Must be a valid UDP port number -Invalid key -Invalid number -Invalid value -Missing attribute -Missing section -Missing value -Syntax error -Unknown attribute -Unknown section -Value out of range -File must be .conf or .zip -Cancel -Cannot delete configuration file %s -Configuration for “%s” already exists -Configuration file “%s” already exists -Configuration file “%s” not found -Cannot rename configuration file “%s” -Cannot save configuration for “%1$s”: %2$s -Successfully saved configuration for “%s” -Create WireGuard Tunnel -Cannot create local binary directory -Create from scratch -Create from file or archive -Create from QR code -Cannot create output directory -Cannot create file in downloads directory -Cannot create local temporary directory -Create Tunnel -Currently using light (day) theme -Currently using dark (night) theme -Use dark theme -Delete -Deselect All -DNS servers -Edit -Endpoint -Error bringing down tunnel: %s -Error fetching apps list: %s -Please obtain root access and try again -Error bringing up tunnel: %s -Exclude private IPs -Excluded Applications -Generate -Unknown “%s” error -(auto) -(generated) -(optional) -(random) -Illegal file name “%s” -Unable to import tunnel: %s -Import Tunnel from QR Code -Imported “%s” -Interface -: WireGuard base64 keys must be 44 characters (32 bytes) -: WireGuard keys must be 32 bytes -: WireGuard hex keys must be 64 characters (32 bytes) -Listen port -Unable to export log: %s -Saved to “%s” -Log file will be saved to downloads folder -Export log file -Unable to run logcat: -Unable to determine kernel module version -No modules are available for your device -The experimental kernel module can improve performance -Success. The application will restart in 5 seconds -Download and install kernel module -Downloading and installing… -Something went wrong. Please try again +: 65535未満の正の整数を指定してください +: 正の整数を指定 +: 有効な UDP ポート番号を指定してください +無効な鍵 +無効な数字 +無効な値 +属性が不足しています +セクションが不足しています +値が不足しています +構文エラー +未知の属性 +未知のセクション +範囲外の値 +ファイルの拡張子は .conf か .zip です +キャンセル +%s の定義を削除できません +"%s" の定義はすでに存在します +設定ファイル "%s" はすでに存在します +設定ファイル "%s" が見つかりません +設定ファイル "%s" の名前を変更できません +“%1$s” の設定を保存できません: %2$s +"%s" の設定を保存しました +WireGuard トンネルの作成 +ローカルバイナリディレクトリを作成できません +空の状態から作成 +ファイル、アーカイブから作成 +QRコードから作成 +出力ディレクトリを作成できません +ダウンロードディレクトリにファイルを作成できません +ローカルに一時ディレクトリを作成できません +トンネルを作成 +ライト(日中)テーマを使用中 +ダーク(夜間)テーマを使用中 +ダークテーマを使用する +削除 +すべての選択を解除 +DNS サーバ +編集 +エンドポイント +トンネル停止時エラー: %s +アプリ一覧取得エラー: %s +root 権限を取得して再試行してください +トンネル起動時エラー: %s +プライベート IP アドレスの除外 +除外されたアプリケーション +生成 +未知のエラー “%s” +(自動) +(生成済み) +(任意) +(ランダム) +不正なファイル名 “%s” +トンネル設定をインポートできません: %s +QR コードからトンネル設定をインポートできません +インポートしました “%s” +インターフェース +: WireGuard base64 鍵は44文字(32バイト)でなければなりません +: WireGuard 鍵は32バイトでなければなりません +: WireGuard hex 鍵は64文字(32バイト)でなければなりません +Listen ポート +ログをエクスポートできません: %s +“%s” に保存しました +ログはダウンロードフォルダに保存されます +ログのエクスポート +logcat を実行できません: +カーネルモジュールバージョンを特定できません +このデバイス用のモジュールは利用できません +実験的カーネルモジュールはパフォーマンスが向上する場合があります +成功. アプリは5秒後以内に再起動します +
[PATCH] Change "Deselect All" to "Toggle All" in Excluded apps settings
From: sebcbi1 Android : Change functionality in excluded apps dialog for better user experience when user wants only one or few apps to use wireguard Please review italian and russian translation --- .../com/wireguard/android/fragment/AppListDialogFragment.java | 4 ++-- app/src/main/res/values-it/strings.xml| 2 +- app/src/main/res/values-ru/strings.xml| 2 +- app/src/main/res/values/strings.xml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java b/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java index 67059c7..c513d47 100644 --- a/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java +++ b/app/src/main/java/com/wireguard/android/fragment/AppListDialogFragment.java @@ -98,7 +98,7 @@ public class AppListDialogFragment extends DialogFragment { alertDialogBuilder.setPositiveButton(R.string.set_exclusions, (dialog, which) -> setExclusionsAndDismiss()); alertDialogBuilder.setNegativeButton(R.string.cancel, (dialog, which) -> dialog.dismiss()); -alertDialogBuilder.setNeutralButton(R.string.deselect_all, (dialog, which) -> { +alertDialogBuilder.setNeutralButton(R.string.toggle_all, (dialog, which) -> { }); binding.setFragment(this); @@ -109,7 +109,7 @@ public class AppListDialogFragment extends DialogFragment { final AlertDialog dialog = alertDialogBuilder.create(); dialog.setOnShowListener(d -> dialog.getButton(DialogInterface.BUTTON_NEUTRAL).setOnClickListener(view -> { for (final ApplicationData app : appData) -app.setExcludedFromTunnel(false); +app.setExcludedFromTunnel(!app.isExcludedFromTunnel()); })); return dialog; } diff --git a/app/src/main/res/values-it/strings.xml b/app/src/main/res/values-it/strings.xml index 2aba5f8..b37d792 100644 --- a/app/src/main/res/values-it/strings.xml +++ b/app/src/main/res/values-it/strings.xml @@ -66,7 +66,7 @@ Stai usando il tema scuro (notte) Usa tema scuro Elimina -Deseleziona tutto +Inverti tutto Server DNS Modifica Endpoint diff --git a/app/src/main/res/values-ru/strings.xml b/app/src/main/res/values-ru/strings.xml index 2f2c03b..00b96fb 100644 --- a/app/src/main/res/values-ru/strings.xml +++ b/app/src/main/res/values-ru/strings.xml @@ -66,7 +66,7 @@ В данный момент используется темная (ночная) тема Использовать темную тему Удалить -Снять выделенное +Инвертировать все DNS-серверы Редактировать Конечная точка diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 336cd4e..89a32c0 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -66,7 +66,7 @@ Currently using dark (night) theme Use dark theme Delete -Deselect All +Toggle All DNS servers Edit Endpoint -- 2.25.0 ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH] Implement reading keys from stdin.
On Sat, 2020-02-08 at 23:20 +0100, Jason A. Donenfeld wrote: > Trying to get a handle on the use case for this. I am working on a program [1] that configures a WireGuard interface by invoking `wg`. Generally there are multiple peers, and some of them may have preshared keys. Currently the most reasonable way to pass keys is to write each one to a temporary file. I think passing all of them over stdin is nicer. [1] https://git.venev.name/hristo/wgconfd/ signature.asc Description: This is a digitally signed message part ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Japanese Translation for Android app
Hello, I recently started to use WireGuard, this is great product. I have Galaxy S9, iPad Pro, MacbookAir, and all of they can use WireGuard Tunnel. It is useful for me. I want to contribute this product, but I can't write code, I don't have build environment, so what can I do? I can translate to Japanese, so start translate wireguard-android and wireguard-apple. Today, I made translation patch for Android App. How do I send patch? "git format-patch" and "git send-email" directly to this ML? Thanks, ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH net] wireguard: device: provide sane limits for mtu setting
Hi Samir, I didn't realize this. You convinced me on this one. Thanks! On 2/14/20 15:11, Samir Nassar wrote: Hello, from https://github.com/google/syzkaller/blob/master/docs/syzbot.md "syzbot system continuously fuzzes main Linux kernel branches and automatically reports found bugs to kernel mailing lists." As I understand it, fuzzing is applying changes to inputs to see what breaks and, in this case, fix it. It doesn't make sense to set an MTU to 0 so why allow the program to crash on setting the MTU to zero instead of giving back a useful error or preventing the crash in other ways. Providing dev->min_mtu and dev->max_mtu bounds is a nice thing to do. Samir On February 14, 2020 7:40:23 AM GMT+01:00, Quan Zhou wrote: I'm just curious, under what circumstances would people set mtu to zero? On 2/14/20 14:38, Eric Dumazet wrote: If wireguard device mtu is set to zero, a divide by zero crash happens in calculate_skb_padding(). This patch provides dev->min_mtu and dev->max_mtu bounds. Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Signed-off-by: Eric Dumazet Reported-by: syzbot Cc: Jason A. Donenfeld Cc: wireguard@lists.zx2c4.com --- drivers/net/wireguard/device.c | 5 + 1 file changed, 5 insertions(+) diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c index 43db442b1373073eaf5e805cfe6cfee15875437a..c02b84cca122d92ee8a81c5efdcf67aada2554d6 100644 --- a/drivers/net/wireguard/device.c +++ b/drivers/net/wireguard/device.c @@ -271,9 +271,14 @@ static void wg_setup(struct net_device *dev) dev->features |= WG_NETDEV_FEATURES; dev->hw_features |= WG_NETDEV_FEATURES; dev->hw_enc_features |= WG_NETDEV_FEATURES; + dev->mtu = ETH_DATA_LEN - MESSAGE_MINIMUM_LENGTH - sizeof(struct udphdr) - max(sizeof(struct ipv6hdr), sizeof(struct iphdr)); + dev->min_mtu = MESSAGE_PADDING_MULTIPLE; + dev->max_mtu = ETH_MAX_MTU - MESSAGE_MINIMUM_LENGTH - + sizeof(struct udphdr) - + max(sizeof(struct ipv6hdr), sizeof(struct iphdr)); SET_NETDEV_DEVTYPE(dev, _type); ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [PATCH net] wireguard: device: provide sane limits for mtu setting
Hi Eric, On 2/14/20, Eric Dumazet wrote: > If wireguard device mtu is set to zero, a divide by zero > crash happens in calculate_skb_padding(). > > This patch provides dev->min_mtu and dev->max_mtu bounds. Thanks for the patch. However, I solved this slightly differently yesterday afternoon already: https://git.zx2c4.com/wireguard-linux/commit/?h=stable=06e79ab0d545a20dec1b179fa26841eb0afb1f07 . I've got some additional testing of this to do this afternoon, and then I'll submit it to the list. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard