ipv6 multicast peer ?

Hello, On a "server side" I've for example these peers, and i want to send a ipv6 multicast group ff02::1 How can I do that with peer / allowed-ips routing ? Regards Nicolas interface: wg0 public key: ** private key: (hidden) listening port: 6081 peer: preshared

Re: Question about origin of packet relative to peer

t; On K, 2020-05-27 at 11:01 +0200, nicolas prochazka wrote: > > How can i know that a packet come from peer X ? > You can check which peers allowed ips list covers the received packets > source ip > > > Is is possible to mark packet not a level interface (wg0) but at peer &

Question about origin of packet relative to peer

Hello, Using one wireguard Interface, with multiple peer How can i know that a packet come from peer X ? Is is possible to mark packet not a level interface (wg0) but at peer level ? I can dump packet at wg0 but i lost the peer origin. Thanks, Nicolas interface: wg0 public key: A private

Wireguard, allowed-ips, ipv6 and multicast

, but if i'm trying to be more restrictive, as ff05::/32 for example, it does not work. Is a specific interaction between allowed-ips and multicast group in ipv6 ? Regards, Nicolas Prochazka.

Usage Add/Remove Allowed-ip

Hello, Is it possible to add/remove Allowed-ip in peer description without modify configuration file or using wg set command, I think about wg peer add|remove allowed-ip Regards, Nicolas Prochazka ___ WireGuard mailing list WireGuard@lists.zx2c4.com

about wireguard-go

Hello, We need to compile wireguard-go on linux, because we are using a closed linux, under we cannot compile module, how can we do ? make on wireguard-go tells us that is not recommend on linux Regards, Nicolas Prochazka ___ WireGuard mailing list

Re: Reflections on WireGuard Design Goals

hello, just to say you, as a simple end user we are using wireguard since one year for our product, we have 10K tunnels deployed , wireguard is perfect for us, very simple, we can develop our specific code on top of if ( key management , ) so +1 for jason vision thanks for this piece of code

Re: about high availibity

ok and thanks nicolas https://www.avast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail; target="_blank">https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif; alt="" width="46" height="29" style="width: 46px;

Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces

Ok, To be more precise, the uses cases are : services ( as daemon ) are listening on specifiq interface/Ipv6 address to secure and active service by client, with only one interface, it is not possible, aliasing seems to be not relevant. However i can understand that is not the problem of wireguard

Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces

Hello, i known, but we are using one interface by customer, each interface manages multiple peers ( > 500 ) as wg_interface0 = client 0 = 500 peers wf_interfacen= client n = 500 peers at this moment, only one interface wg0 manage all peers and all customers , it's very complicating for the

[wireguard-dev] Ability to use one udp port for multiple wg interfaces

.. With mutliple interface, all is good in term of performance with the last release , but each interface must have it's own port, that is not possible to manage ( different port by client ) Is there a solution ? Regards, Nicolas Prochazka ___ WireGuard

Re: [wireguard-dev] Help about configuration

ing > packet matches the allowed-ips of the other machine. > > -- > Sent from my telephone. > > On Sep 20, 2017 17:11, "nicolas prochazka" <prochazka.nico...@gmail.com> > wrote: > > Hello, can somebody tells me what I do wrong : > I can ping from

[wireguard-dev] Help about configuration

seems strange wireguard : v0.0.20170918] kernel : 4.9.23 on client1 kernel : 4.4.0 on server 1 Regards, Nicolas Prochazka Server 1 : ifconfig neocoretech_rd neocoretech_rd Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: fd00:14::8b5:8aff:fe85:f

Re: multiple wireguard interface and kworker ressources

interfaces with 500 tunnels (peer) for each . Nicolas 2017-06-14 16:15 GMT+02:00 Jason A. Donenfeld <ja...@zx2c4.com>: > On Wed, Jun 14, 2017 at 3:50 PM, nicolas prochazka > <prochazka.nico...@gmail.com> wrote: >> At this moment, we are using 3000 wg tunnel on a single wiregua

Re: multiple wireguard interface and kworker ressources

hello, after create of wg interface, kworker thread does not return to a normal state in my case, kernel thread continues to consume a lot of cpu . I must delete wireguard interface to kworker decrease. Nicolas 2017-06-13 23:47 GMT+02:00 Jason A. Donenfeld : > Hi Nicolas, > > It

Re: multiple wireguard interface and kworker ressources

Hello again, with 0.0.20170613 , i can reproduce a big kworker cpu time consumption Regards, nicolas 2017-06-13 14:48 GMT+02:00 Jason A. Donenfeld : > Hi Nicolas, > > I'll look into this. However, you need to update WireGuard to the > latest version, which is 0.0.20170613. I

Re: [wireguard-devel ] traffic shapping

t; You were simply missing traffic shaping support for IPv6 in your kernel? > Which symbols were needed? > > Thanks, > Baptiste > > On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote: > > hello, > > to close, it's working perfectly well in ipv4 and then whe

Re: [wireguard-devel ] traffic shapping

is wg0 is configured as ipv6 tunnel. Regards, NIcolas 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <nicolas.procha...@gmail.com>: > Hello, > is there an incompatibilty between wireguard and traffic shaping or i > misconfig something ? > > After configuring Qos , I need

[wireguard-devel ] traffic shapping

trying with tc + iptables, tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10 and iptables mark rules, traffic seems to be not "apply" to queue . Regards, Nicolas Prochazka. - Example : after this configuration, traffic on wg0 on port 80,443,8080 are goi

[ wireguard-devel] Purge old peer

ble to implement an auto purge of old peer ? Regards, Nicolas Prochazka. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [ wireguard-dev ] About configuring allowedip

your head it > becomes clearer. > > HTH > > Dan > > > On 24 Feb 2017, at 11:41, Nicolas Prochazka <nicolas.procha...@gmail.com> > wrote: > > > > hello again, > > my configuration , > > ping peer 1-->peer 2 : ok ( on ipv6 wg0

Re: [ wireguard-dev ] dmesg when using ipv6

you are right, sorry. I do a lot of tests and sometime it seems wireguard is in a "strange" state, I'm trying to reproduce. A question : When I've the dmesg, "could not create ipv4 socket", i cannot rmmod wireguard from kernel. I'm trying ip link del dev wg0 , rmmod wireguard there's no

[ wireguard-dev ] About configuring allowedip

Hello, i'm trying to do this with wireguard, withtout success : peer1 ---> peer2 : config ok , works peer3 ---> peer1 : config ok , works peer3 --->peer1 ---> peer2 : not ok . I suspect allowed-ip configuration, but all my tests does not works. perhaps I must create two wireguard interface

Re: [wireguard-devel] About ip management

Thanks These are good ideas to explore Regards, Nicolas 2017-02-20 13:48 GMT+01:00 Dan Lüdtke <m...@danrl.com>: > Hi Nicolas, > > > > On 17 Feb 2017, at 15:03, nicolas prochazka <prochazka.nico...@gmail.com> > wrote: > > I hope not to have misund

[wireguard-devel] About ip management

ay for client to know good private_ip . We cannot use dhcp, layer 3 , so ... we need to implement a pool ip manager , is it correct ? Regards, Nicolas Prochazka. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Some questions about wireguard

hello, sorry for my english. This question(udp tunnel ..) is not relevant, I learn a lot with the read of mailing list. Regards, Nicolas 2017-02-17 14:48 GMT+01:00 Jason A. Donenfeld <ja...@zx2c4.com>: > On Wed, Feb 15, 2017 at 11:12 AM, Nicolas Prochazka > <nicolas.procha...@g