On Sun, 2018-04-15 at 01:15 +0200, Jason A. Donenfeld wrote:
> Hi Luiz,
>
> You could indeed arrange for something like this, either directly --
> if both IPs are accessible
Which IPs do you mean here? Public IPs or private VPN IPs (i.e. those
defined within WireGuard configuration)? I got an id
Hi list,
[CC'ing Luis, who's been working on this with me.]
I've more or less figured out how to do PMTU discovery (something
along the lines of https://xn--4db.cc/WFHQzX2o/c inspired by the vti
driver). I wonder, however, if this is safe to do.
The basic idea is that if you're talking to a Wire
I don't have an actual fix; but is something that could have a switch that
could be configured per interface? I know knobs and controls aren't really
desirable, but if Off by default, it would encourage those turning it on to
understand what they're exposing.
$0.02
On Sun, Apr 15, 2018 at 10:08
On Sun, Apr 15, 2018 at 5:45 PM, Ryan Whelan wrote:
> I don't have an actual fix; but is something that could have a switch that
> could be configured per interface? I know knobs and controls aren't really
> desirable, but if Off by default, it would encourage those turning it on to
> understand
PMTUD on the Internet is often broken and increasingly becoming more
broken, so in my opinion introducing any level of potential security
concern to support it would be unwise.
If MTU issues are regularly presenting a significant issue to
successful deployment of wireguard than in the short term I
On Sun, Apr 15, 2018 at 6:06 PM, Tim Sedlmeyer wrote:
> PMTUD on the Internet is often broken and increasingly becoming more
> broken, so in my opinion introducing any level of potential security
> concern to support it would be unwise.
I was wondering if there's actually an appropriate use case
Hi,
after recent searching/thinking about how to span a VPN from a single
publicly visible server with automatic collision-free IPs
assignment/peers' public data sharing, I came to following scheme.
Please provide your feedback on what possible improvements/security
holes/pitfalls might be...
Eve
On Sun, Apr 15, 2018 at 12:13 PM, Jason A. Donenfeld wrote:
> On Sun, Apr 15, 2018 at 6:06 PM, Tim Sedlmeyer wrote:
>> PMTUD on the Internet is often broken and increasingly becoming more
>> broken, so in my opinion introducing any level of potential security
>> concern to support it would be unw
Hi Folks,
Getting my feet wet with wireguard and enjoying the simplicity and
performance thus far. Nonetheless, I have a question about how the
normal route selection process is being affected by what's configured
for 'allowed-ips'.
I set up a peer and configured 'allowed-ips' for 0.0.0.0/0, as I
On Sun, 15 Apr 2018 14:49:23 -0400
"Patrick O'Sullivan" wrote:
> $ sudo ip route get 4.2.2.1
> 4.2.2.1 dev wg0 table 51820 src 10.111.111.100
^^^
> cache
> Can someone please explain this behavior?
Probably will be easier to do if you show the output of "ip -4 rule
On 04/15/2018 08:49 PM, Patrick O'Sullivan wrote:
$ sudo ip route show
default via 10.199.199.1 dev wlan0
10.111.111.0/24 dev wg0 proto kernel scope link src 10.111.111.100
10.199.199.0/24 dev wlan0 proto kernel scope link src 10.199.199.131
By this route table, traffic to e.g. 4.2.2.1 should u
Hi Patrick,
I see some others on the wireguard mailing list have replied to a
ghost email. That is, I don't have the original that they're replying
to. Looking into it a bit further, it appears that reasonable spam
filters -- which includes but is not limited to gmail's -- will have
your mail imme
Hi ST,
It's a cool idea using the file system like that (the sticky bit would
make the permissions part work correctly, perhaps), though I wonder if
it's a bit complicated. If the model you're after is simply "server
allocates IPs for peers already known through some channel but with
unknown wireg
Hi Jason,
First off--thanks for your work on WireGuard and just wanted to
mention that your appearance on FLOSS Weekly put my over the edge to
try out WireGuard.
> You might want to loosen these up a bit. Anyway, I've pulled it out of the
> archives for quoting here:
You are probably right. My
Hi Patrick,
> I suppose I was a victim of WireGuard's simplicity. I got it up and
> running so quickly that I didn't bother to dig into the individual
> components more than necessary at first. I ultimately may end up
> foregoing wg-quick, but either way I now understand the mechanics to
> accompl
>
> Just one question: let's assume B and C got the required information
> about each other's IPs/public keys from A. Will they now communicate
> directly without relying on A in whatever way?... It is important to
> know for the case when A is a server with metered paid traffic... Will
> the commu
On Sun, Apr 15, 2018 at 7:51 PM, Tim Sedlmeyer wrote:
> - Which allowed-ip do you use?
> - If the allowed-ip is a network, which ip within it do you choose to ping?
> - If you are connected to a single peer with an allowed-ip of 0.0.0.0/0 what
> ip do you ping?
Yea, the actual IP discovery is a
17 matches
Mail list logo
