Re: Ubuntu PPA packages outdated

I see! Please ignore :) For reference, I was working on this and forgot about that it is not a snapshot yet: https://github.com/openwrt/packages/pull/4341 > On 10 May 2017, at 10:15, Jason A. Donenfeld wrote: > > Ubuntu team: please ignore Dan's email. > > Dan: the per-peer preshared key has

Ubuntu PPA packages outdated

Hi folks, can anyone from the PPA team trigger a rebuild? Last build was two weeks ago and I would love to test the new per-peer preshared key option. I use Ubuntu peers for testing interoperability with LEDE and the PPA module. Cheers! Dan ___ WireG

Re: [RFC] Multicast and IPv6 Link Local Addresses

Hi everyone, I am very excited that we have this discussion, as I am one of those IPv6-first/IPv6-only guys who like poking the topic. I try to keep it short: - Scalability: I agree with what George said. Broadcast does not scale nicely, and IPv6 multicast is intended to help scaling things by

Re: Raspberry Pi?

Hi Sina, Maybe this article can help you kickstart WireGuard on RaspberryPi. I hope it is net yet outdated. --> https://www.danrl.com/2016/08/30/travel-wifi.html Cheers, Dan > On 25 Feb 2017, at 15:16, Sina Siadat wrote: > > Firstly, thank you so much for creating this amazing tool! :) > >

Re: Announcement: Public Wireguard server for testing

Hi Frederik, this is a very generous offer and I think I speak for all of us: Thank you for participating. I sent you a private mail regarding test keys. Cheers, Dan > On 25 Feb 2017, at 14:28, Fredrik Strömberg wrote: > > Hi all, > > I'm one of the co-founders of Mullvad, as well as a lo

Re: [ wireguard-dev ] About configuring allowedip

ve: every 25 seconds > > > Peer 2 : > > interface: wg0 > public key: dOXT9AvlEt9KSl3ricE12GuVa+U4XB0s1c92s8W+9VA= > private key: (hidden) > listening port: 6081 > > peer: q5ypTBI7bN0vPGzvlGYyF6pCqYgrDsEjO827duAwjX4= > endpoint: 77.156.x.x:58943 > all

Re: [ wireguard-dev ] About configuring allowedip

Nicolas: Could you provide the configuration files? Because from your little graphic or schema I can not even derive what you are configuring. I guess there is something overlapping prefixes maybe? Jason: I think we are approaching the point in time when there will be a -dev and a -users ML :)

Re: [wireguard-devel] About ip management

Hi Nicolas, > On 17 Feb 2017, at 15:03, nicolas prochazka > wrote: > I hope not to have misunderstood ip management with wireguard, > in a "server mode operation" , as many peers -> one peer ( server ) , > private ip configuration must be coherent. There is no need for private (assuming you m

Re: [wireguard-devel] : wg output format

Hello Nicolas, been there, asked that. The answer was negative. I know, it is no fun to parse. See here how I worked around it: -> https://github.com/danrl/lede-luci/blob/58833aa2df97ba93a9512f3b0c428cf558fa2235/applications/luci-app-wireguard/luasrc/view/wireguard.htm JSON output would have sav

Re: [Low priority feature request] Color output of `wg show`

> > On 27 Jan 2017, at 18:07, Jason A. Donenfeld wrote: > > This is controlled by an env var, which is auto by default. Grep the wg man > page for COLOR. For the record, this does the trick: watch --color WG_COLOR_MODE=always wg show Cheers, Dan _

[Low priority feature request] Color output of `wg show`

Hi Jason, here is what I observed when combining `wg` with `watch` regarding colored output. Not sure if this is a wg-issue at all. # wg show [colored output] expected # watch wg show [no colored output] expected, but not cool :) # watch --color wg show [no colored output] expected, but not c

Re: Built-in Roaming is limited due to a design fault adding STUN and TURN support would be good and make wire-guard connections more durable.

I don't see a bug here. And no patches. And still no code. Only plenty of tl;dr. I think the only thing we can do is to agree to disagree. > On 18 Jan 2017, at 12:21, Peter Dolding wrote: > >> On Wed, Jan 18, 2017 at 4:11 PM, Dan Lüdtke wrote: >> Two things

Re: Built-in Roaming is limited due to a design fault adding STUN and TURN support would be good and make wire-guard connections more durable.

Two things I have not seen so far: - government regulations that enforce NAT - ISPs (let alone carriers) "upgrading" their networks to ipv6 nat (i myself have run both, isp + carrier networks, and i call BS on your future outlook regarding nat ipv6) - code from you in this thread > On 18 Jan 2

Re: [RFC] Handling multiple endpoints for a single peer

Hi, > On 8 Jan 2017, at 23:49, Jason A. Donenfeld wrote: > > (send an encrypted out of band non-IP packet > directly to a peer, for things like autoconfig) could play a nice role > in this. This is highly interesting! I should undust my gcc probably. > One thing that comes to mind is how to

Re: Built-in Roaming is limited due to a design fault adding STUN and TURN support would be good and make wire-guard connections more durable.

Hi Peter, I followed this thread and like to express some concerns. Although I see the problem and ran into it myself, I would like to see a solution outside the wireguard code. Like the one Jason proposed or even a new approach. I am afraid that network layers problems (legacy IP and especiall

Re: distro packaging, makefiles, deps, systemd, new tools

> I assume youre not shipping the bash completion stuff either, right? Since > openwrt doesn't use bash. We are not shipping it. FYI: The topic is discussed right now in this PR: https://github.com/openwrt/packages/pull/3816 ___ WireGuard mailing list

Re: distro packaging, makefiles, deps, systemd, new tools

> On 4 Jan 2017, at 19:50, Jason A. Donenfeld wrote: > > OpenWRT should _not_ ship this.  Agreed. Everything else looks good to me. Just had a brief look at it. Let's see what buildbot says. Should all run smoothly! ___ WireGuard mailing list WireG

Re: Multicast over a wireguard link?

[Caution: Unfiltered thoughts and ideas, untested from mind to mail. WoT ahead.] Hi Toke, I am on the road so can't test right now. Can you elaborate on babel a bit? Would you be able to use non-link-local multicast addresses? Let's call it "routed multicast" for now. Maybe related/similar cas

Re: openwrt route_allowed_ips is inprecise

> On 20 Dec 2016, at 14:33, Jason A. Donenfeld wrote: > On Tue, Dec 20, 2016 at 11:15 AM, Dan Lüdtke wrote: >> New environment, build from latest sources this morning. Can't reproduce. I >> can't see duplicate routes. Static routes were added via LuCI to represent a

Re: openwrt route_allowed_ips is inprecise

> On 20 Dec 2016, at 09:52, Dan Lüdtke wrote: > > Regarding the initial preciseness issue, have you tested that on LEDE? I > can't manage to get duplicate routes. However, outdated testing environment. > Will rebuild and test again. I can't quite understand what

Re: openwrt route_allowed_ips is inprecise

Regarding the initial preciseness issue, have you tested that on LEDE? I can't manage to get duplicate routes. However, outdated testing environment. Will rebuild and test again. I can't quite understand what the initial issue was. Wouldn't you get a "rtnetlink: file exists" when you try to add

Re: Structure(d) output of wg?

Hi, that would mean multiple calls to `wg` to get the desired structure filled, one for each [CATEGORY]. I can live with that, but was looking for a more efficient solution. Cheers, Dan Nice bandwidth, though :) > On 14 Dec 2016, at 22:09, Jason A. Donenfeld wrote: > > Hi Dan, > > This a

Structure(d) output of wg?

Hi Jason, everyone, I'd like to discuss the topic of structured output. I am working on luci-app-wireguard* which aims to provide status information via the user-friendly LUCI interface in LEDE. While writing code to parse the output I realized that I may not be the only one who needs to struct

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

> Not sure why the dependency is > hard coded like this; it shouldn't be. Even if it wasn't hardcoded, it would be introduced by +kmod-udptunnel6 anyway. Remove both manually if you really need to throw away IP and want to compile legacyIP only. It should work with both, @IP6 and kmod-udptunnel

Re: Misalignment, MIPS, and ip_hdr(skb)->version

> On 8 Dec 2016, at 05:34, Daniel Kahn Gillmor wrote: > > On Wed 2016-12-07 19:30:34 -0500, Hannes Frederic Sowa wrote: >> Your custom protocol should be designed in a way you get an aligned ip >> header. Most protocols of the IETF follow this mantra and it is always >> possible to e.g. pad opti

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

> The config value has to be the same to correlate them. In that case, > you should show an example with multiple peers, so that it's clear > what's happening. It says "Peer configurations are managed via one or more wireguard_ sections." to introduce the example. However, won't hurt to add anot

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

> On 16 Nov 2016, at 17:56, Jason A. Donenfeld wrote: > > config wireguard_foo > > --> > > config wireguard_peer1 Unfortunately, not. All peers for iface 'foo' will be named wireguard_foo. UCI sections are iterable if they have the same name. wireguard_peer1 could belong to any wg interface

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

> If somebody has time, it would be good to include one or two examples at > the end of the page (otherwise I'll do it at some point). This one OK? https://wiki.lede-project.org/docs/user-guide/tunneling_interface_protocols#static_addressing_of_a_gre_tunnel _

[WireGuard] WireGuard PPA

Hi, I noticed that you maintain a PPA for WireGuard. You may be interested in joining this discussion thread on the WireGuard mailing list. https://lists.zx2c4.com/pipermail/wireguard/2016-November/000583.html Cheers, Dan ___ WireGuard mailing list W

Re: [WireGuard] Demo Server: Dual stack?

Thanks Jason! No hurry, though. Is the script open source as well? Maybe I can tinker with it, so you don't waste your precious development time on supporting infrastructure. > On 16 Nov 2016, at 15:49, Jason A. Donenfeld wrote: > > Hey Dan, > > On Wed, Nov 16, 2016 at

Re: [WireGuard] Demo Server: Dual stack?

PS: This is not urgent or anything. Just wanted to know what your plans are and/or to get an idea how to setup a demo server myself. I think there are more important things to do right now. > On 16 Nov 2016, at 15:38, Dan Lüdtke wrote: > > Hi Jason, > >> I guess I

Re: [WireGuard] Demo Server: Dual stack?

ng how to accept *any* public key in the [Peer] config. Cheers, Dan > Jason > > On Wed, Nov 16, 2016 at 12:39 PM, Dan Lüdtke wrote: >> Jason, >> >> do you plan on adding IPv6 compatibility to the demo server? If not, do you >> mind if I set one up? How dif

[WireGuard] Demo Server: Dual stack?

Jason, do you plan on adding IPv6 compatibility to the demo server? If not, do you mind if I set one up? How difficult is it to run the demo server. It just accepts every key, right? Cheers, Dan ___ WireGuard mailing list WireGuard@lists.zx2c4.com ht

Re: [WireGuard] Seeking Ubuntu PPA Maintainer

> But I never received / send a email to you. You are right. I was talking to other PPA maintainers as well. Nevertheless, I user your repo on my servers since it was the one that worked the best. ___ WireGuard mailing list WireGuard@lists.zx2c4.com

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

Hi Kalin, yes, this looks fine. Thanks for reporting. I created an issue and submitted a fixing pull request. As soon as it is merged the builds should be fine again. I will set up a new build machine that builds from scratch to avoid similar mistakes in the future. Cheers, Dan > On 16 Nov

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

Hi, thanks for the various feedback, guys! Here is the next round: https://github.com/openwrt/packages/pull/3514 and https://github.com/openwrt/luci/pull/852 Cheers, Dan > On 13 Nov 2016, at 23:52, Dan Lüdtke wrote: > > Hi again, > > here is the pull request for LuCi: >

Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

at 23:35, Dan Lüdtke wrote: > > Hi all, > > first step of OpenWRT/LEDE integration is making sure the helper script for > configuring the interface is installed. The corresponding pull request can be > found here: > https://github.com/openwrt/packages/pull/3512 > > Pl

[WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

Hi all, first step of OpenWRT/LEDE integration is making sure the helper script for configuring the interface is installed. The corresponding pull request can be found here: https://github.com/openwrt/packages/pull/3512 Please support this pull request. Once it is accepted, the GUI (luci) will

Re: [WireGuard] Wireguard on OpenWRT/LEDE (here: Luci)

Done! > - if ! ip link show dev "${iface}" >/dev/null 2>&1; then > - ip link add dev "${iface}" type wireguard > - else > - ip address flush dev "${iface}" > - ip route flush dev "${iface}" > - fi > + ip link del dev "${iface}" 2>/dev/null > + ip link add dev "${iface}" type wireguard

Re: [WireGuard] Wireguard on OpenWRT/LEDE (here: Luci)

Thanks for the fast reply! Changes applied. See diff here: --> https://github.com/danrl/luci-proto-wireguard/commit/6f90ff4ecc21f39721b3da357962c0ebe0d20750 Screenshots updated. > On 1 Nov 2016, at 21:09, Jason A. Donenfeld wrote: > > 3. "addresses.placeholder = "fd00:13:37::1/64"" -- migh

[WireGuard] Wireguard on OpenWRT/LEDE (here: Luci)

Hi everyone, I created a LuCi integration for Wireguard. Feedback and beta testing appreciated. --> https://github.com/danrl/luci-proto-wireguard Thanks, Dan ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo

[WireGuard] AllowedIPs vs. TunnelIPs

Any news on the AllowedIPs bikeshedding? What have you decided, Jason? --> https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg00068.html Asking because I am working on an ansible module Would like to use the most recent name for the parameter name. - Dan PS: Good to see so much progress