Re: Using WG for transport security in a p2p network

2018-04-05 Thread Matthias Urlichs
Hi, > > Another option would be to run insecure QUIC or SCTP on top of WireGuard, You cannot run SCTP on the Internet anyway. Too many routers block anything that's not TCP/UDP/ICMP. > I'm also wondering how easy this would be to program.

Re: ssh console hang

2018-04-05 Thread Lucian Cristian
On 05.04.2018 09:44, Lucian Cristian wrote: Starting some time ago I get ssh console hangs when the screen is displaying lots of data (cat large file, compile something with lots of verbosity) I tried lowering the MTU of wg interface to 1380 or the MTU of the host but it's not helping. What can

Re: making wireguard work on RHEL7/etc.

2018-04-05 Thread Daniel Kahn Gillmor
On Tue 2017-06-27 13:08:14 +0200, Jason A. Donenfeld wrote: > compat.h is a dumpster fire already. Tons of people use the RHEL kernel. > I think supporting it won't make an already gross cess pool any more > disgusting. It's a file of hacks; I might as well add another. > > (I probably won't add ha

Re: Using WG for transport security in a p2p network

2018-04-05 Thread Kalin KOZHUHAROV
Hello Ximin, On Thu, Apr 5, 2018 at 5:22 AM, Ximin Luo wrote: > Our network churn is not expected to be very heavy, perhaps on the order of > ~30 new connections per node per week or so. So any extra latency in the > initial > connection caused by this separation of layers, should not be signif

Re: Using WG for transport security in a p2p network

2018-04-05 Thread Tim Sedlmeyer
On Thu, Apr 5, 2018 at 3:13 AM, Matthias Urlichs wrote: > Hi, > > > Another option would be to run insecure QUIC or SCTP on top of WireGuard, > > You cannot run SCTP on the Internet anyway. Too many routers block anything > that's not TCP/UDP/ICMP. > > I'm also wondering how easy this would be to

Re: making wireguard work on RHEL7/etc.

2018-04-05 Thread Daniel Kahn Gillmor
On Thu 2018-04-05 11:08:20 -0400, Daniel Kahn Gillmor wrote: > On Tue 2017-06-27 13:08:14 +0200, Jason A. Donenfeld wrote: >> compat.h is a dumpster fire already. Tons of people use the RHEL kernel. >> I think supporting it won't make an already gross cess pool any more >> disgusting. It's a file o

Re: Using WG for transport security in a p2p network

2018-04-05 Thread Ximin Luo
(reposting to the list) On Thu, Apr 5, 2018 at 12:13 AM, Matthias Urlichs wrote: > Another option would be to run insecure QUIC or SCTP on top of WireGuard, > > You cannot run SCTP on the Internet anyway. Too many routers block > anything that's not TCP/UDP/ICMP. > Well, that's another advantag

Re: Using WG for transport security in a p2p network

2018-04-05 Thread Ximin Luo
On Thu, Apr 5, 2018 at 8:32 AM, Kalin KOZHUHAROV wrote: > On Thu, Apr 5, 2018 at 5:22 AM, Ximin Luo wrote: > > Our network churn is not expected to be very heavy, perhaps on the order > of > > ~30 new connections per node per week or so. So any extra latency in the > initial > > connection cause

Re: Using WG for transport security in a p2p network

2018-04-05 Thread Ximin Luo
On Thu, Apr 5, 2018 at 9:06 AM, Tim Sedlmeyer wrote: > On Thu, Apr 5, 2018 at 3:13 AM, Matthias Urlichs > wrote: > > > > Ideally we wouldn't need root > > > > If you go the netlink route, you do need one process that has the > > appropriate privilege, which means root at install time (but not >

Re: Using WG for transport security in a p2p network

2018-04-05 Thread Matthias Urlichs
On 05.04.2018 20:07, Ximin Luo wrote: > In the typical WG use-case this is not an issue because the network > admin controls both endpoints and can upgrade both simultaneously, but > this wouldn't be the case for our p2p network. Your p2p network would need to exchange v2 keys before upgrading. Th