Re: wg-quick nft instead of iptables

Have you tried if iptables-nftables-compat (might have different names, depending distribution) works for the rules used in wg-quick? Its a wrapper that translate iptables rules to nft transparently by providing a iptables executable. Julian Wollrath writes: > Hi, > > with the newest snapshot

Re: [PATCH] treewide: more portable bash shebangs

On 17/07/2019 18.32, Jordan Glover wrote: > On Tuesday, July 16, 2019 10:08 PM, Jörg Thalheim wrote: > >> On 16/07/2019 18.32, Jordan Glover wrote: >> >>> On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim jo...@higgsboson.tk wrote: >>> >>>> Whi

Re: [PATCH] treewide: more portable bash shebangs

On 16/07/2019 18.32, Jordan Glover wrote: > On Tuesday, July 16, 2019 12:21 PM, Jörg Thalheim wrote: > >> While /usr/bin/env is more or less available on all POSIX systems >> /bin/bash might not be. This is particular the case on NixOS and the BSD >> family (/usr/loc

[PATCH] treewide: more portable bash shebangs

shebangs in the repository helps to run the code without any further modification. Signed-off-by: Jörg Thalheim --- contrib/examples/dns-hatchet/apply.sh | 2 +- contrib/examples/extract-handshakes/extract-handshakes.sh | 2 +- contrib/examples/json/wg-json

Re: [wireguard-android] 'roaming' from LTE to WiFi with version 0.0.20180523

On 2018-05-24 05:16, nnet wrote: > So this is how it ends: > > 05-23 20:33:45.323 9600 9619 D WireGuard/GoBackend/wireguard: > peer(AsMM…SeWg) - Sending handshake initiation > > 05-23 20:33:45.326 9600 9619 E WireGuard/GoBackend/wireguard: > peer(AsMM…Se

Re: WireGuard for FreeBSD

On 2018-05-22 02:44, Jason A. Donenfeld wrote: > On Tue, May 22, 2018 at 2:33 AM, Outback Dingo wrote: > I too would prefer this, and maybe at some point down the line I'll > put some real time and effort into porting WireGuard from the Linux > kernel to kFreeBSD. But it's not the case that it's "

Re: [PATCH] Adopt Go workspace best practices

On 2018-05-20 19:57, Filippo Valsorda wrote: > Relative imports break when the project is built from within GOPATH, > where most Go developers prefer to develop: > > device.go:10:2: local import "./ratelimiter" in non-local package > tun_darwin.go:10:2: local import "./rwcancel" in non-lo

Re: WireGuard in systemd-networkd

Wireguard support in networkd is now set in stone. systemd v237 was released three days ago. On 2018-01-09 13:49, Jason A. Donenfeld wrote: > Hi folks, > > Thanks to the wonderful work of Jörg Thalheim, WireGuard is now > supported inside systemd-netword's .netdev files. The

Re: [PATCH] wg: correct type for CTRL_ATTR_FAMILY_ID

sorry for the duplicate messages. I had to resend this patch due wrong sender address and the resend dialog was a bit confusing. On 2017-10-31 08:55, Jörg Thalheim wrote: > Signed-off-by: Joerg Thalheim > --- > src/tools/mnlg.c | 4 ++-- > 1 file changed, 2 insertions(+),

[PATCH] wg: correct type for CTRL_ATTR_FAMILY_ID

Signed-off-by: Joerg Thalheim --- src/tools/mnlg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tools/mnlg.c b/src/tools/mnlg.c index 9135651..5ac72e2 100644 --- a/src/tools/mnlg.c +++ b/src/tools/mnlg.c @@ -19,7 +19,7 @@ struct mnlg_socket { struct mnl_soc

Re: Wireguard and VRFs?

You assign a firewall mark to each wireguard interface to route dedicated routing table using ip rule. wg-quick use this feature for example, when you redirect 0.0.0.0 via a vpn interface: $ wg-quick up mullvad [#] ip link add mullvad type wireguard [#] wg setconf mullvad /dev/fd/63 [#] ip addre

Re: Get configuration from SRV records?

On 2017-05-29 13:02, Quan Zhou wrote: > Hi list, > > I'm struggling to set up wg on multiple servers, what would you think > if peer information like ports and l list of (public) nodes can be > retrieved from DNS records? I know a guy, who exactly did this with some scripts. You probably want dnss

Re: TCP traffic in ipip tunnel inside wireguard connection

Like Jason said, multiple wireguard interfaces are the way to go here. You can then set up your routing protocols on top. On 2017-05-29 21:57, Ivan Leonardo wrote: > Hello > > Recently i have been experimenting with wireguard, and in fact the > performance in wg is better than the ipsec tunnels i

Re: openresolv dependency

On 2017-05-22 02:08, Jason A. Donenfeld wrote: > > > On Mon, May 22, 2017 at 3:02 AM, B > wrote: > > On Mon, 22 May 2017 02:41:13 +0200 > "Jason A. Donenfeld" mailto:ja...@zx2c4.com>> wrote: > > > https://github.com/EggieCode/wireguard-ppa/issues/19 >

Re: [PATCH] tools: add wireguard@.service

On 2017-05-26 16:30, Daniel Kahn Gillmor wrote: >> diff --git a/src/tools/wireguard@.service b/src/tools/wireguard@.service >> new file mode 100644 >> index 000..b6d53bf >> --- /dev/null >> +++ b/src/tools/wireguard@.service >> @@ -0,0 +1,19 @@ >> +[Unit] >> +Description=WireGuard via wg(8) fo

Re: Text-based IPC for Userspace Implementations

On 2017-05-16 17:01, Jonathan Rudenberg wrote: >> On May 16, 2017, at 09:12, Toke Høiland-Jørgensen wrote: >> >> So why not avoid any possible confusion and just emit JSON? Or another >> well-established serialisation format where the nesting can be made >> explicit... :) > +1 to this, requiring i

Re: RTNETLINK answers: Operation not supported

On 2017-02-28 17:08, William Clark wrote: > Hello, > > So I wanted to try WireGuard but unfortunately I can't get pas this part: > ip link add dev wg0 type wireguard. > > When ever I run the command "ip link add dev wg0 type wireguard" > I get the output: > RTNETLINK answers: Operation not support

Re: Announcement: Public Wireguard server for testing

In this context, I found the following rules useful to bypass the vpn for some routes: #!/usr/bin/env bash # /etc/wireguard/.sh if [ "${1:-down}" = "up" ]; then action="add" else action="del" fi ip rule $action priority 32763 to 192.168.0.0/16 lookup main ip rule $action priority 32763 to 1

Re: FAQ and quickstart

The kernel module is most likely not loaded. Make sure the following command returns something. $ lsmod | grep wireguard wireguard 126976 0 ip6_udp_tunnel 16384 1 wireguard udp_tunnel 16384 1 wireguard x_tables 28672 12 xt_hashlimit,xt_LOG,ipt_RE

Re: Multiple Endpoints

> I am also interested in multiple endpoints support, and I am preparing a > proposal that I will send soon. > Does your proposal also includes support for different address family? (switch between ipv4/ipv6 and back) signature.asc Description: OpenPGP digital signature ___

[WireGuard] Dual stack?

On 2016-12-28 14:19, Maykel Moya wrote: > Chiming in just to tell that my ip6 experience is a breeze since > wireguard appeared. > > Right now I found myself advocating WG more as a simple-to-configure and > reliable-roaming ip6 tunnelling technology than a VPN itself. > > I've previously used HE (

Re: Multicast over a wireguard link?

I currently use OSPF with one interface per peering with link-local ipv4/ipv6 addresses (AllowedIPs=0.0.0.0/0,::/0, ipv4 => 169.254.0.0/16 + lifetime 0) This works fine. On 2016-12-20 15:53, Toke Høiland-Jørgensen wrote: > Does Wireguard has a notion of multicast? I would like to eventually > re

Re: openwrt route_allowed_ips is inprecise

On 2016-12-18 21:14, Jason A. Donenfeld wrote: > Hey Dan, > > The route_allowed_ips directive is not precise enough. I'm CCing Jorg, > the NixOS maintainer, because this same concern probably applies to > the Nix logic. > > Your code is: > > if [ ${route_allowed_ips} -ne 0 ]; then >for allowe

[WireGuard] [PATCH] uapi.h: public_key field is a getter

Signed-off-by: Jörg Thalheim --- src/uapi.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/uapi.h b/src/uapi.h index 6c6971e..69dfee3 100644 --- a/src/uapi.h +++ b/src/uapi.h @@ -113,7 +113,7 @@ struct wgpeer { struct wgdevice { char interface[IFNAMSIZ]; /* Get