best way for redundancy?

2021-02-25 Thread Joachim Lindenberg 
Hello
I do have a wireguard VPN that connects multiple sites. Unfortunately some 
routers are not available all the time, causing network disruption. I´d like to 
improve connectivity via redundancy, i.e. add multiple routers that connect the 
networks.
What are the options to do that using wireguard? Can I have multiple peers with 
different keys and endpoint but same Allowed IPs? Will wireguard select the one 
available?
Any suggestions?
Thanks, Joachim

Wintun releases notification - or 'latest' option?

2021-02-25 Thread Clint Dovholuk 
Any chance you'd consider sending an email to the list when wintun gets an
update?  Right now there's no great way for me to get the 'latest'. The code
changes infrequently so it's not a huge deal but it'd be fantastic to be
notified when a new release is out.

Alternatively some form of redirect from say
https://www.wintun.net/builds/latest.zip -->
https://www.wintun.net/builds/wintun-0.10.2.zip would be really nice?

Something to consider, maybe? :)

Thanks
-Clint

Re: wireguard-go on windows

2021-02-25 Thread Matt Layher 
A glance at 
https://github.com/WireGuard/wgctrl-go/blob/master/internal/wguser/parse.go#L48 
seems to indicate that we treat the first "blank" line produced by 
bufio.Scanner (which strips \n) as a sentinel to stop parsing, which 
would mean something like "errno=0\n\n" would parse the errno and be 
done once it interprets the final line "\n".


The tests seem to indicate this works as expected, but I don't regularly 
develop on Windows and welcome PRs if something has changed.

- Matt

On 2/25/21 12:54 PM, Jason A. Donenfeld wrote:

+ Matt Layher

Hi Davanath,


We are trying to use wgctrl way of configuring the wireguard devices
and facing issues while creating/configuring the wireguard device on
windows.

1) First problem was while creating the wintun device using wintun.dll
and using wgctrl for configuring it.  It hangs in
wgclient.ConfigureDevice api()

wgctrl works with wireguard. wireguard uses wintun, but wireguard is not wintun.


2) So tried to first create the device through wireguard.exe. And then
used wgctrl way to configure it, but wgClient.Devices() is not able to
get the devices on our test windows boxes (even though it works on my
development machine)

This sounds like a potential bug in wgctrl.

Matt -- I wonder if there's a bug in the parser, recently unearthed by
a change in wireguard-go. Specifically, uapi stipulates that requests
and responses end with \n\n. Is it possible that you're relying on the
socket to EOF, instead of looking for the \n\n? Recent wireguard-go
keeps the socket open, in case you want to send one request after
another.

Jason

Re: wireguard-go on windows

2021-02-25 Thread Jason A. Donenfeld 
+ Matt Layher

Hi Davanath,

> We are trying to use wgctrl way of configuring the wireguard devices
> and facing issues while creating/configuring the wireguard device on
> windows.
>
> 1) First problem was while creating the wintun device using wintun.dll
> and using wgctrl for configuring it.  It hangs in
> wgclient.ConfigureDevice api()

wgctrl works with wireguard. wireguard uses wintun, but wireguard is not wintun.

>
> 2) So tried to first create the device through wireguard.exe. And then
> used wgctrl way to configure it, but wgClient.Devices() is not able to
> get the devices on our test windows boxes (even though it works on my
> development machine)

This sounds like a potential bug in wgctrl.

Matt -- I wonder if there's a bug in the parser, recently unearthed by
a change in wireguard-go. Specifically, uapi stipulates that requests
and responses end with \n\n. Is it possible that you're relying on the
socket to EOF, instead of looking for the \n\n? Recent wireguard-go
keeps the socket open, in case you want to send one request after
another.

Jason

Wireguard on Mac not working through a corporate VPN

2021-02-25 Thread Michael Lennartz 
Hi team,

Since a while already we’re testing Wireguard in our environment and I think, 
it’s a great project.
The focus is currently on Mac clients, where we’ve used the CLI version from 
homebrew so far very successfully.

It’s important to note, the we’re reaching the server peer via another 
(Corporate) VPN interface.


Recently we’ve updated to MacOS 11.2 (Big Sur) on the M1 architecture and the 
(most recent) CLI version of Wireguard stopped working:
When I now try to connect to the server peer, the "wg-quick up …” hangs at the 
first ‘wg set utun3 peer …’ command.

Then we try to use the GUI version from the AppStore, which seems to establish 
the tunnel interface and routing correctly. But we can’t see any traffic 
passing the corporate VPN interface towards the server peer. Even not the 
initial handshake.


Do you have some hints, if this setup is supposed to be working ? Or any 
suggestion where to look at ?


Br,
Michael

Fwd: wireguard-go on windows

2021-02-25 Thread Devanath S 
Hi Jason,

Thank you for your prompt response.

We are trying to use wgctrl way of configuring the wireguard devices
and facing issues while creating/configuring the wireguard device on
windows.

1) First problem was while creating the wintun device using wintun.dll
and using wgctrl for configuring it.  It hangs in
wgclient.ConfigureDevice api()

2) So tried to first create the device through wireguard.exe. And then
used wgctrl way to configure it, but wgClient.Devices() is not able to
get the devices on our test windows boxes (even though it works on my
development machine)

So was trying to investigate how wireguard works on windows.  With
wgctrl package I was able to get it working on linux/mac, but facing
such issues on windows.  The reason for using wgctrl was to make it
configurable through our own APP.

Regard,
Dev

On Thu, Feb 25, 2021 at 7:54 AM Jason A. Donenfeld  wrote:
>
> I'm curious to learn what you're trying to debug this way; you're
> better off using wireguard-windows.
>
> The pipe permissions are too strict internally, it appears. Try
> running as Local System.
>
> Jason

Re: wireguard-go on windows

2021-02-25 Thread Jason A. Donenfeld 
I'm curious to learn what you're trying to debug this way; you're
better off using wireguard-windows.

The pipe permissions are too strict internally, it appears. Try
running as Local System.

Jason

wireguard-go on windows

2021-02-25 Thread Devanath S 
Hi All,

I am trying to run wireguard-go on windows for debugging purpose only
and seem to get the below error.

Login user is local admin on the box and it is run as administrator. Plz advice.

c:\Go\wire-win\wireguard-go>.\wireguard.exe wg0
Warning: this is a test program for Windows, mainly used for debugging
this Go package. For a real WireGuard for Windows client, the repo you
want is , which includes
this code as a module.
INFO: (wg0) 2021/02/24 22:09:55 Starting wireguard-go version 0.0.20201118
DEBUG: (wg0) 2021/02/24 22:09:55 Debug log enabled
2021/02/24 22:09:55 [Wintun] CreateAdapter: Creating adapter
DEBUG: (wg0) 2021/02/24 22:09:56 UDP bind has been updated
INFO: (wg0) 2021/02/24 22:09:56 Device started
ERROR: (wg0) 2021/02/24 22:09:56 Failed to listen on uapi socket: open
\\.\pipe\ProtectedPrefix\Administrators\WireGuard\wg0: This security
ID may not be assigned as the owner of this object.


Regards,
srini

Re: Windows 10 has poor bandwidth when using wireguard

2021-02-25 Thread Feng Li 
Great, Amazing!
thanks!

On Thu, Feb 25, 2021 at 10:35 PM Jason A. Donenfeld  wrote:
>
> Hi Feng,
>
> Great to hear!
>
> You wrote:
> > In the LAN environment, the download speed is 40MB/s through WIFI to access 
> > the peer.
> > When the wireguard starts, the speed is down to 8MB/s.
> And now:
> > The speed is up to 25MB/s, 2x faster than the previous version.
>
> So new speed is 3.125x old speed.
>
> I'll keep thinking about the problem space and try to get us up to the
> full 40MB/s.
>
> Jason

Re: Windows 10 has poor bandwidth when using wireguard

2021-02-25 Thread Jason A. Donenfeld 
Hi Feng,

Great to hear!

You wrote:
> In the LAN environment, the download speed is 40MB/s through WIFI to access 
> the peer.
> When the wireguard starts, the speed is down to 8MB/s.
And now:
> The speed is up to 25MB/s, 2x faster than the previous version.

So new speed is 3.125x old speed.

I'll keep thinking about the problem space and try to get us up to the
full 40MB/s.

Jason

Re: [Android] couldn't find "libwg-go.so" on Nexus 5X

2021-02-25 Thread Jason A. Donenfeld 
Hey David,

That's a pretty interesting bug... are you able to reproduce every
time on that device? I'd seen reports like this in the play console
but never with useful verbose error reporting like this. The fact that
it's giving you /lib/x86 on an arm device is madness...

Jason

Re: Windows 10 has poor bandwidth when using wireguard

2021-02-25 Thread Jason A. Donenfeld 
Try out version 0.3.6, just released minutes ago, which should be much
much faster.

How to tunnel only udp traffic through Wireguard?

2021-02-25 Thread Rudi C 
I use naiveproxy+v2ray to proxy my tcp traffic, but naiveproxy doesn’t
support udp, and it just passes them through my normal network. I want
to tunnel all my udp traffic through WireGuard. Is this achievable?
Thanks.

Re: Patch: initialise device.peers.empty

2021-02-25 Thread Jason A. Donenfeld 
Fixed differently here:
https://git.zx2c4.com/wireguard-go/commit/?id=355fed440bd066b8aa32e63e04c7f92e7a097d88

Re: Handshake state collision between parralel RoutineHandshake threads

2021-02-25 Thread Jason A. Donenfeld 
Hi Laura,

I'm not sure this is actually a problem. The latest handshake message
should probably win the race. I don't see state machine or data
corruption here, but just one handshake interrupting another, which is
par for the course with WireGuard.

Or have I overlooked something important in the state machine implementation?

Jason

Re: Patch: initialise device.peers.empty

2021-02-25 Thread Jason A. Donenfeld 
Hi Laura,

Thanks for the patch. Can you resubmit this as a proper git-formatted
patch containing your Signed-off-by line?

git commit -s --amend --no-edit
git send-email HEAD~

Also, you mentioned custom unit tests. Any of those suitable for
sending upstream?

Jason

Patch: initialise device.peers.empty

2021-02-25 Thread Laura Zelenku 
Hi devs,
in some custom unit test for wireguard go I’m experiencing failed tests because 
“device.peers.empty” contains default “false” value right after device 
creation. Please apply following patch to initialise the value to true (empty = 
true) in device creation.

thanks
Laura

Index: device/device.go
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===
--- device/device.go(revision 7a0fb5bbb1720fdd9404a4cf41920e24a46e0dad)
+++ device/device.go(date 1614241756159)
@@ -292,6 +292,7 @@
}
device.tun.mtu = int32(mtu)
device.peers.keyMap = make(map[NoisePublicKey]*Peer)
+   device.peers.empty.Set(true)
device.rate.limiter.Init()
device.indexTable.Init()
device.PopulatePools()



-- 
*IMPORTANT NOTICE*: This email, its attachments and any rights attaching 
hereto are confidential and intended exclusively for the person to whom the 
email is addressed. If you are not the intended recipient, do not read, 
copy, disclose or use the contents in any way. Wandera accepts no liability 
for any loss, damage or consequence resulting directly or indirectly from 
the use of this email and attachments.