Announcement

Collapse
No announcement yet.

Latest WireGuard Patch Out For Review With It Looking Like It Will Land For Linux 5.6

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Latest WireGuard Patch Out For Review With It Looking Like It Will Land For Linux 5.6

    Phoronix: Latest WireGuard Patch Out For Review With It Looking Like It Will Land For Linux 5.6

    The long-awaited WireGuard secure VPN tunnel functionality looks like it will land with the Linux 5.6 kernel cycle happening in early 2020. Linux 5.5 is kicking off next week but the necessary crypto subsystem changes have yet to take place as well as a final sign-off on the new WireGuard code...

    http://www.phoronix.com/scan.php?pag...oking-Like-5.6

  • #2
    I've been wondering if it would be possible to implement WireGuard over TCP (please, don't lecture me on TCP over TCP issues, this would be a last resort, in order to cope with fascist firewalls) without losing its inherent stealth capabilities. Turns out, it might, with TCP Fast Open. According to page 5 of the RFC, data is already sent with the SYN packet, so WireGuard would only reply if this data could be correctly decrypted…

    Comment


    • #3
      Awesome. I use Wireguard in production already (bad I know) and it will be handy to no longer have to rely on the akmod.

      Comment


      • #4
        Is anybody here aware of 2fa approaches for WireGuard? I only know about TunSafe, which looks good but isn't available for your own server (as far as I understood their website - am I wrong?). If yes, could you give us some hints/links?

        Comment


        • #5
          Originally posted by HyperDrive View Post
          I've been wondering if it would be possible to implement WireGuard over TCP (please, don't lecture me on TCP over TCP issues, this would be a last resort, in order to cope with fascist firewalls) without losing its inherent stealth capabilities. Turns out, it might, with TCP Fast Open. According to page 5 of the RFC, data is already sent with the SYN packet, so WireGuard would only reply if this data could be correctly decrypted…
          It's possible to make UDP packets _look_ like TCP packets without actually running the TCP protocol, so you get the best of both worlds. This crazy project will do it: https://github.com/wangyu-/udp2raw-tunnel https://github.com/wangyu-/udp2raw-multiplatform Maybe I'll release a netfilter plugin someday.

          Comment


          • #6
            Typo:

            Originally posted by phoronix
            over its Zync cryptography code

            Comment


            • #7
              Originally posted by zx2c4 View Post
              It's possible to make UDP packets _look_ like TCP packets without actually running the TCP protocol, so you get the best of both worlds. This crazy project will do it: https://github.com/wangyu-/udp2raw-tunnel https://github.com/wangyu-/udp2raw-multiplatform Maybe I'll release a netfilter plugin someday.
              Hi, Jason! Congrats on getting WireGuard queued up for 5.6! That udp2raw project is indeed crazy, I love it. And it seems someone's already implementing support for it in OpenWrt… 😎

              Comment


              • #8
                Originally posted by HyperDrive View Post
                I've been wondering if it would be possible to implement WireGuard over TCP
                I stumbled on a (free) product called "Veeam PN" today. To my amazement, it actually is based on wireguard. Good choice Veeam!
                From the (v2.1) manual, page 9: "Site-to-site VPN functionality of Veeam PN is based on WireGuard technology. WireGuard does not support TCP, but Veeam PN eliminates this limitation by tunneling UDP encrypted traffic in TCP tunnel."

                The Veeam Blog say regarding what they do here: "To solve this potential road block for adoption, our developers worked out a way to encapsulate (with minimal overhead) the WireGuard UDP over TCP to give customers choice depending on their network security setup." ==> sounds a little like udp2raw?

                So it seems to be a bit more than a GUI for wireguard? Or at least a well made GUI!
                "By incorporating WireGuard into an all in one appliance (or installable via a simple script on an already installed Ubuntu Server), we have made the installation and configuration of complex VPNs simple and reliable."

                I'm quite happy without a specific GUI or appliance, but I guess this will be nice for some people and allow an easier entry into the wonderful world of wireguard?

                Last edited by anybody; 12-01-2019, 10:38 PM.

                Comment

                Working...
                X