MacOS users should be aware that if you have manually assigned DNS servers
the current wg-quick implementation will remove them and not restore them.
On Tue, May 15, 2018, 6:54 PM Jason A. Donenfeld wrote:
> Hey folks,
>
> We're gradually adding more platforms capable of running WireGuard, thank
On Thu, May 10, 2018 at 5:22 AM Matthias Urlichs
wrote:
> Hello list,
> Assume a branch office with two uplinks to the Internet that wants to
> use WG to talk to the main office, using both of these uplinks in
> parallel (assuming they're both up) for better uplink speed (and for
> redundancy if
The recently released RHEL 7.5 ships with iproute2 4.11.0 so,
shouldn't have the problem.
If someone is interested in maintaining a patched version of 3.10.0
for prior RHEL versions the commit which added suppress_prefixlength
can be found at
https://git.kernel.org/pub/scm/network/iproute2/iproute
I have done similar in the past using socat but found I got better
reliability and performance by running ppp over pseudo ttys created
using socat and then having wireguard use the ppp interfaces for their
traffic. An example of the socat and ppp configuration:
On the server side:
socat pty,link=/
On Sun, Apr 15, 2018 at 6:26 PM, Jason A. Donenfeld wrote:
> Hi Patrick,
>
> I see some others on the wireguard mailing list have replied to a
> ghost email. That is, I don't have the original that they're replying
> to. Looking into it a bit further, it appears that reasonable spam
> filters -- w
On Mon, Apr 16, 2018 at 6:31 AM, Zsolt Hegyi wrote:
> Hi Cedric,
>
> As far as I know, wireguard doesn't support multicasts yet, which OSPF uses
> for neighbor discovery. The reason why BGP works is because it uses unicast
> TCP packets as means of communication.
>
> To get around this, try tellin
On Sun, Apr 15, 2018 at 12:13 PM, Jason A. Donenfeld wrote:
> On Sun, Apr 15, 2018 at 6:06 PM, Tim Sedlmeyer wrote:
>> PMTUD on the Internet is often broken and increasingly becoming more
>> broken, so in my opinion introducing any level of potential security
>> concern t
PMTUD on the Internet is often broken and increasingly becoming more
broken, so in my opinion introducing any level of potential security
concern to support it would be unwise.
If MTU issues are regularly presenting a significant issue to
successful deployment of wireguard than in the short term I
On Thu, Apr 5, 2018 at 3:13 AM, Matthias Urlichs wrote:
> Hi,
>
>
> Another option would be to run insecure QUIC or SCTP on top of WireGuard,
>
> You cannot run SCTP on the Internet anyway. Too many routers block anything
> that's not TCP/UDP/ICMP.
>
> I'm also wondering how easy this would be to
You need to create multiple wireguard interfaces and assign a single
peer to each.
On Fri, Mar 16, 2018 at 1:01 PM, Roman Mamedov wrote:
> Hello,
>
> I need to have multiple gateways on my WG network that can provide access to
> the entire IPv4 (or IPv6) Internet, for redundancy and load-balancin
The ip address for the wg0 interface on peer 2 is set to 10.100.1.2/32
so peer2 has no route to reach 10.100.1.1. You either need to set a
route to 10.100.1.1 on peer 2 or change the address on peer 2 so the
subnet it is in includes 10.100.1.1. For example 10.100.1.2/24.
On Thu, Mar 15, 2018 at 10
Allowed-ips plays a variety of roles which at different times can be
mapped to several traditional network roles but one it doesn't really
play the role of routing table. Instead they act as a forwarding
information base for the wireguard interface matching ip addresses to
peers. Wireguard then mak
Another option instead of using the iptables rule is to create a
network namespace
and assign the wireguard interface to it.
ip netns add mesh
ip link add wg0 type wireguard
ip link set wg0 netns mesh
ip -n mesh addr add x.x.x.x/24 dev wg0
ip netns exec mesh wg setconf wg0 /etc/wireguard/wg0.conf
Glad you got it working with ssf. If you are still interested in
getting it to work with socat, I have done so and it is pretty easy to
do.
On the server side of the connection:
socat -d -d TCP-LISTEN:443,reuseaddr TUN:192.168.255.1/24,up
On the client side:
socat TCP:server_address:443 TUN:192
ned-off-by: Tim Sedlmeyer
---
src/tools/config.c | 4
1 file changed, 4 deletions(-)
diff --git a/src/tools/config.c b/src/tools/config.c
index 5ab6ece..0407b36 100644
--- a/src/tools/config.c
+++ b/src/tools/config.c
@@ -128,10 +128,6 @@ static bool parse_keyfile(uint8_t key[static WG_KEY_LE
errno is checked following fread of the preshared key file. fread doesn't
set errno, so it shouldn't be checked. On the EdgeRouter ER-X when wg uses
glibc instead of musl libc this incorrect check causes removal of preshared
keys to fail. This patch removes the check of errno.
---
src/tools/confi
Jason,
That fixed it.
Thanks,
Tim
On Wed, Nov 22, 2017 at 7:20 PM Jason A. Donenfeld wrote:
> Hi Tim,
>
> Thanks for letting me know. This is a tools regression from
> 0.0.2017, which I just fixed, based on your report:
>
>
> https://git.zx2c4.com/WireGuard/patch/?id=7153081da70006a872347
Removal of the preshared-key from a peer using the 'wg set' command and
providing /dev/null or an empty file as the preshared-key filename does not
result in the key being removed from the peer. The command doesn't return
an error, but it also doesn't remove the key. I have attempted it using
0.0.2
18 matches
Mail list logo