The funny things about really good software projects, that sometimes they are so good and complete already that there is no fuss around them, they just work and do the job done.
Mailing lists are quite, new commits are rare. Sometimes it can even feels that they are unmaintained or dead, but in fact they are more than alive.
Federated wireguard network idea
Any feedback welcome.
Let's keep things stupidly simple and simply hash the domain name to get a unique IPv6 ULA prefix.
Then we would need a stupidly simple backend application to automatically fetch pubkeys and endpoints from DNS and make a request to add each others as peers.
Et voilà, you got a worldwide federated wireguard network resolving private ULA addresses. Sort of an internet on top of the internet .
The DNS entries with the public IPv4 / IPv6 addresses could even be delegated to other domains / endpoints which would act as reverse proxy (either routing or nesting tunnels) for further privacy.
Maybe my approach is too naïve and there are flaws I haven't considered, so don't be afraid to comment.
Ok, mit android app auf Wireguard auf Proxmox LXC lässt sich zwar verbinden, aber local NAS und so bekomme ich nicht angezeigt.
"NetBIOS" Dingens nope, weil kein Fritzbox Router.
Ulkigerweise wird der LXC auch nicht bei den angeschlossenen Geräten im Router gelistet, hat aber ne IP vom Router bekommen und Port forwarding funzt ja wie gesagt auch.
im in a public library, and i think they throttled my wifi, because Apparently, you're not allowed to push Gigabytes worth of data over your own #WireGuard connection :(
I had a docker ...VPN setup... w/ #wireguard working for a while, but no matter which image I used for the network bridge the wireguard part connects, but stopped working. Then I switched to OpenVPN, which is sadly a lot slower, but my 2 month broken setup started working!
A wireguard bridge I had between two lan's stopped worked. I tried everything: when it was up, I couldn't access the server. Out of the blue.
Upgraded to the newest ubuntu distro, and it works again.
I hate when things stop working without a clear sign of what is failing. And not better when it is fixed with no trace of what was wrong.
Thought I might register wireguard.sucks and put up a wiki or something of all the stuff I've learned while working on wireguard, but friggin .sucks domains cost $330, which is way too much for a dumb joke.
wireguard.works is only 37 bucks but that seems like an overstatement if I'm honest
I’m having some difficulty with #wireguard. It runs and indicates that it is adding routes. But ip a doesn’t show these routes, and traffic doesn’t seem to flow through the tunnel.
I'm a #linux geek and a security enthusiast. Also, I'm a cheapskate. Last time our family was out and about, the hotel offered paid wifi, priced per device and I wasn't having it. Cue the TP-Link RE650 - a "range extender" capable of running the #OpenWRT router firmware. Performance and stability was crap when doing wifi-to-wifi bridging and the device didn't have enough juice to run #WireGuard#VPN, which is the way I connect safely to my home rack. A couple of weeks ago, I discovered the #Slate AX (#AXT1800) travel router from GL-iNet. Same concept, but half the size, a lot more juice, USB-C powered, SD slot and USB connector and so far rock solid and powerful enough to run WireGuard with cycles to spare. I'm a very happy customer! 🙂
Versuche gerade, #WireGuard#VPN zu meiner FRITZ!Box einzurichten. Der WireGuard Client am Mac und auch am iPhone sagen jeweils, dass die Verbindung aktiv ist aber dann funktionieren jeweils keinerlei ausgehende Verbindungen mehr. Währenddessen wird in der FRITZ!Box auch nicht angezeigt, dass eine VPN Verbindung aktiv wäre.
Wo fange ich da an zu suchen?
To my German friends. If you use a combination of #FritzBox router, #Vodafone ISP and #MullvadVPN - meaning you are trying to set up #Wireguard on the router itself - be wary, that this setup is known to leak your IPv6 address. On the other hand, if you use Mullvad VPN App on your OS, everything works fine. Not sure who to blame here specifically, but this has been a disturbing revelation to me. Be careful.
I'm about to move a few parts of my network off-site. Anyone have any input for getting LDAP-based authentication to work across locations?
Like, LDAP+TLS with mutual certificate authentication is just fine, but I don't like the idea of exposing an LDAP port. Though a firewall rule to only allow the other side's IP to access it would probably be okay.
Given that this side still needs to access some internal services, it also makes sense just to #WireGuard it or something, that gives me everything in a manner that I believe is secure, I've yet to hear of any breaks on its encryption... just that if the remote host is compromised I have quite a wide open attack surface.