Hi,
I've been thinking about this issue as well and I agree it's an
important one to solve. However, Wireguard's key selling points are its
performance, simple configuration and minimal code size and I don't
think we can compromise this. So I was wondering if a userspace program
which obfuscates
> The userspace daemon would:
>- 'Clean' Wireguard [handshake/data] packets
The objective of cleaning as described seems to be to make the protocol
indistinguishable from exchanging random payloads. But are there any common
protocols of commercial importance that are so inscrutable? If I saw
Hi everyone,
First of all, censorship circumvention is an important societal
problem to solve. It is also clearly outside of the scope of
WireGuard. Any suggested protocol change with that motive will
increase the complexity of the code base, which increases the risk of
vulnerabilities. This would
Domain fronting seems like the stealthiest option to me (and if anyone has a
reliable way to
detect domain fronting, I would love to hear about it!). But that doesn?t get
you UDP (and NAT
traversal); perhaps VOIP/WebRTC mimicry could work?
I think this is a game you can't win against a suitabl
On Thu, 6 Sep 2018 17:19:57 +0200
Fredrik Strömberg wrote:
>> First of all, censorship circumvention is an important societal
>> problem to solve. It is also clearly outside of the scope of
>> WireGuard. Any suggested protocol change with that motive will
>> increase the complexity of the code ba
Hey SB,
Thanks for the detailed post and insights.
Indeed obfuscation is an extremely useful tool. WireGuard itself is
derived from an exfiltration mechanism of mine, and so I've written
quite a few different obfuscation modules for that. When the core
WireGuard engineering becomes a bit more rel
Is there any way to connect to Wireguard behind a Carrier-grade NAT?
On SIDE_A I have a backup LTE connection, without proper public ip, only
dynamic ip and I server with Wireguard.
SIDE_A = mobile LTE connection, without public IP, behind carrier grade NAT
SIDE_A_SERVER = WIREGUARD (connecting t
Hi,
Each Wireguard device remembers the network namespace in which it was created.
In the documentation this is called the birthplace namespace [1] but I'll be
calling it the transit namespace.
Let's say I create a Wireguard device `wg0` in a network namespace called
`vpn`. Then I would like to b
Hi,
I have the problem with my wireguard server, that only the latest user
"peer" from the server config can route/ping to the internal wireguard
server IP or the clients in the network behind the wireguard server upon
successful connection. All peers can connect to the server, but only the
latest
Hi,
I appreciate this is a bit of a noob question not directly related to WireGuard
and has been covered before, but I’m just hoping for a bit of advice and
clarity. I’ve got a WireGuard tunnel up and running nicely between my MBP
laptop and my Debian server at home and am hoping to use it as a
You're using the same AllowedIPs for multiple peers.
On Thu, Sep 6, 2018 at 12:15 PM wrote:
> Hi,
>
> I have the problem with my wireguard server, that only the latest user
> "peer" from the server config can route/ping to the internal wireguard
> server IP or the clients in the network behind t
Hello,
AS [M] net/wireguard/crypto/zinc/curve25519/curve25519-arm.o
net/wireguard/crypto/zinc/curve25519/curve25519-arm.S: Assembler messages:
net/wireguard/crypto/zinc/curve25519/curve25519-arm.S:21: Error: r13 not
allowed here -- `and sp,sp,#0xfff0'
scripts/Makefile.build:429: recipe for
Could you send your kernel's .config or some more information so that
I can try to reproduce locally?
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Thanks. This should fix it:
https://git.zx2c4.com/WireGuard/commit/?id=56e1ddb4091e8e9b60546891930c3829215ec63c
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
Hi,
After receiving some positive feedback on IRC, I've gone ahead and implemented
this. You can see the code here:
https://github.com/mahkoh/wireguard/commits/transit-namespace
You can test it as follows:
* Create a new netns: ip netns add test
* Enter it: ip netns exec test bash
* Use wg-quic
> "BC" == Brian Candler writes:
BC> OK, so what about changing wireguard to use TCP and TLS on port 443?
Using udp/443 for one end could allow making it look like quic.
You'd need non-wg traffic on the port to reply like a quic server would.
-JimC
--
James Cloos OpenPGP: 0x997A9F
Hi Julian,
I'd thought of this early on, but failed to come up with what seemed
like an actually realistic use case for it.
On Thu, Sep 6, 2018 at 10:15 AM Julian Orth wrote:
> * If multiple processes are creating Wireguard devices at the same time, then
> their device namespaces are isolated
On Thu, Sep 6, 2018 at 2:43 PM Julian Orth wrote:
>
> Hi,
>
> After receiving some positive feedback on IRC, I've gone ahead and implemented
> this. You can see the code here:
>
> https://github.com/mahkoh/wireguard/commits/transit-namespace
Thanks for this. Not sure I'll accept it based on the i
Hello,
while trying to install the new wireguard snapshot 0.0.20180904, I got an
error about missing on my odroid-c1 running ArchLinux ARM
DKMS make.log for wireguard-0.0.20180904 for kernel 3.10.107-2-ARCH
(armv7l)
Thu Sep 6 22:45:48 CEST 2018
make: Entering directory '/usr/src/linux-3.10.107-
Hi Philipp,
Thanks for the report. Can you tell me if this fixes it for you?
https://git.zx2c4.com/WireGuard/commit/?id=dcb765a453fa22e4195bc42de1792567fe511c67
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/
I have written both a terraform form and an interval script which automatically
installs the basic components of wire guard and ensures that the kernel modules
are loaded at a time. The subsequent image can then be cloned and used as a
basis for a wire guard VPN appliances.
Thomas J Munn
_
https://git.zx2c4.com/WireGuard/tree/contrib/examples/nat-hole-punching
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
22 matches
Mail list logo
