Re: [RFC] WireGuard: next generation secure network tunnel

2016-07-01 Thread Bruno Wolff III
On Sat, Jul 02, 2016 at 01:03:17 +0200, "Jason A. Donenfeld" wrote: Hey Bruno, Sorry I didn't reply to this earlier; the message didn't make it to me somehow. I only sent it to LKML, since we had communicated separately when you helped me by making changes for the 4.7 kernel, I didn't think

Re: [RFC] WireGuard: next generation secure network tunnel

2016-07-01 Thread Jason A. Donenfeld
Hey Bruno, Sorry I didn't reply to this earlier; the message didn't make it to me somehow. Bruno Wolff III writes: > I tried this out on 4.7 kernels and it seemed to work OK. I can't tell > about security, but the packets made it to where they are going. Happy to hear! > > My eventual use case

Re: [RFC] WireGuard: next generation secure network tunnel

2016-07-01 Thread Richard Weinberger
Jason, Am 01.07.2016 um 16:25 schrieb Jason A. Donenfeld: > Hi Richard, > > On Fri, Jul 1, 2016 at 1:42 PM, Richard Weinberger > wrote: >> So every logical tunnel will allocate a new net device? >> Doesn't this scale badly? I have ipsec alike setups >> with many, many road warriors in mind. > >

Re: [RFC] WireGuard: next generation secure network tunnel

2016-07-01 Thread Jason A. Donenfeld
Hi Richard, On Fri, Jul 1, 2016 at 1:42 PM, Richard Weinberger wrote: > So every logical tunnel will allocate a new net device? > Doesn't this scale badly? I have ipsec alike setups > with many, many road warriors in mind. No, this isn't the case. Each net device has multiple peers. Check out th

Re: [RFC] WireGuard: next generation secure network tunnel

2016-07-01 Thread Richard Weinberger
On Tue, Jun 28, 2016 at 4:49 PM, Jason A. Donenfeld wrote: > WireGuard acts as a virtual interface, doing layer 3 IP tunneling, > addable with "ip link add dev wg0 type wireguard". You can set the > interface's local IP and routes using the usual ip-address and So every logical tunnel will alloca

Re: [RFC] WireGuard: next generation secure network tunnel

2016-06-29 Thread Bruno Wolff III
On Tue, Jun 28, 2016 at 16:49:18 +0200, "Jason A. Donenfeld" wrote: Today I'm releasing WireGuard, an encrypted and authenticated tunneling virtual interface for the kernel. It uses next-generation I tried this out on 4.7 kernels and it seemed to work OK. I can't tell about security, but th

[RFC] WireGuard: next generation secure network tunnel

2016-06-28 Thread Jason A. Donenfeld
Hi Dave & Folks, Today I'm releasing WireGuard, an encrypted and authenticated tunneling virtual interface for the kernel. It uses next-generation cryptography and is designed to be both easy to use and simple to implement (only ~4000 LoC, which compared to xfrm or openvpn is spectacular), avoidin