-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 12/08/18 00:46, Jason A. Donenfeld wrote:
> This is in fact true, but I'm not sure we're planning on following
> suite with that kind of thing in kernel space for WireGuard...
Indeed. :)
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Th
On Sat, Aug 11, 2018, 17:15 Aaron Jones wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 11/08/18 22:52, Luiz Angelo Daros de Luca wrote:
> > I see these wireguard extra features just like dhcp is. Nobody
> > thinks about implementing dhcp inside kernel or even iproute
> > tools.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 11/08/18 22:52, Luiz Angelo Daros de Luca wrote:
> I see these wireguard extra features just like dhcp is. Nobody
> thinks about implementing dhcp inside kernel or even iproute
> tools.
The Linux kernel has a (minimal, non-configurable) DHCP clie
> I think that given the WireGuard building block, it's certainly
> possible to build a 2FA framework around it.
>
I see these wireguard extra features just like dhcp is. Nobody thinks about
implementing dhcp inside kernel or even iproute tools.
+1 for 2FA and +1 for a service that share peer inf
On Fri, Aug 10, 2018 at 6:35 AM Brian Candler wrote:
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection
I think that given the WireGuard building block, it's certainly
possible to build a 2FA framework around it. And I do generally
On Fri, Aug 10, 2018, 3:16 PM em12345 wrote:
> Hi,
>
> > From my point of view, the only thing which makes me uncomfortable about
> > wireguard is the lack of any second authentication factor. Your private
> > key is embedded in a plaintext file in your device (e.g. laptop), not
> > even protecte
Hello together,
> In the absence of that, it would be nice if the private key which is
> stored on the laptop were encrypted with a passphrase. Simplest option
> may be to extend wg-quick so that the entire config file can be
> pgp-encrypted.
one can already do that via the wg-quick PostUp hook,
Hi,
> From my point of view, the only thing which makes me uncomfortable about
> wireguard is the lack of any second authentication factor. Your private
> key is embedded in a plaintext file in your device (e.g. laptop), not
> even protected with a passphrase.
Most VPN authentications are just au
>
> On 10/08/18 16:40, jungle Boogie wrote:
>> If someone already has my ssh key, I'd revoke it - regardless if
>> they had the password or not. Same with the WG key - shutdown the
>> tunnel, remove the affected peer and start it back up.
>
> No need to interrupt the tunnel.
>
> # wg set peer rem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 10/08/18 16:40, jungle Boogie wrote:
> If someone already has my ssh key, I'd revoke it - regardless if
> they had the password or not. Same with the WG key - shutdown the
> tunnel, remove the affected peer and start it back up.
No need to interr
On 10 August 2018 at 09:03, Brian Candler wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say, a
On Fri, 10 Aug 2018, 19:04 Brian Candler, wrote:
> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say,
On 10/08/2018 16:03, Roman Mamedov wrote:
But I'd feel a lot happier if a second level of authentication were
required to establish a wireguard connection, if no packets had been
flowing for more than a configurable amount of time - say, an hour. It
would give some comfort around lost/stolen devi
hello,
just to say you, as a simple end user
we are using wireguard since one year for our product,
we have 10K tunnels deployed ,
wireguard is perfect for us, very simple, we can develop our specific
code on top of if ( key management , )
so +1 for jason vision
thanks for this piece of code
Re
On Fri, 10 Aug 2018 14:35:14 +0100
Brian Candler wrote:
> From my point of view, the only thing which makes me uncomfortable
> about wireguard is the lack of any second authentication factor. Your
> private key is embedded in a plaintext file in your device (e.g.
> laptop), not even protected
On Fri, Aug 10, 2018 at 02:35:14PM +0100, Brian Candler wrote:
From my point of view, the only thing which makes me uncomfortable
about wireguard is the lack of any second authentication factor. Your
private key is embedded in a plaintext file in your device (e.g.
laptop), not even protected w
On 10.08.2018 15:35, Brian Candler wrote:
> Whilst I appreciate that wireguard is symmetrical, a common use case
> is to have remote "clients" with a central "office". I'm thinking
> about a hook whereby the "office" side could request extra
> authentication when required - e.g. if it sees a conne
Please excuse my brevity, phone typing here...
On Fri, 10 Aug 2018, 16:36 Brian Candler, wrote:
> Thanks for explaining the project background, and your very sensible
> goals of simplicity and robustness. And thanks for releasing this
> excellent piece of software.
>
> From my point of view, t
For whatever reason, in the last several weeks, WireGuard been receiving a
considerable amount of attention, and with that comes various parties
interested in the project moving in this direction or in that direction. And
more generally, over the last year or so, we've seen a decent amount of
inte
Hey list,
For whatever reason, in the last several weeks, WireGuard been receiving a
considerable amount of attention, and with that comes various parties
interested in the project moving in this direction or in that direction. And
more generally, over the last year or so, we've seen a decent amou
20 matches
Mail list logo