[Chugalug] WireGuard VPN

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] WireGuard VPN

JustinMcAfee
Has anyone successfully set-up the WireGuard VPN yet? It's supposed to be 2x faster than any competing IPSEC based VPN. And the people who do have it working are singing its praises. Plus Torvalds said, "Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."

I've been playing with it throughout the week and have a busted Debian VM and a non-functioning wg0 interface.

If anyone has it set-up successfully, I'd love to jump into an IRC with you and figure out what I'm doing wrong on my end.

Additionally, if we could work up a process for a static-ip'd (or DDNS'd) servers, with undefined roaming clients, I'd be glad to both write the documentation/host/publish it as well as write a script similar to PiVPN that was cross platform.

My specific questions:
Does the client HAVE to be defined at the Server?
    It appears the answer is no, and that the server can be setup to receive any incoming connection that has the public key.

Does the server HAVE to have something from the client?
     It appears that the server has to have a copy of the clients public key ahead of time. This is unique in that OVPN certs can be handed to any client, and the client will initiate a handshake. It appears that I have to GIVE a public key to the server to talk to WG clients. Is this the case?

Anyone willing to help a brother out?

Also, big thanks to Aaron Welch for helping me recover that busted MacBook a few weeks ago! The student started her first day at college this week and as far as she knows Chugalug and Aaron took care of her pro bono. Regardless I appreciate the time and energy that went in to helping!

Performance tables: https://www.wireguard.com/performance/

Justin McAfee, cipher6
PGP Public Key: 
https://flowcrypt.com/pub/justinamcafee
**********************************************************************
To any NSA and FBI agents reading my email: please consider *
* whether defending the US Constitution against all enemies,       *
* foreign or domestic, requires you to follow Snowden's example. *
**********************************************************************

Sent with ProtonMail Secure Email.


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] WireGuard VPN

JustinMcAfee
Was actually able to get it configured this week successfully. On a 35mbps sym vdsl line, I was getting a MAX 3mbps over udp with OpenVPN.

Using WireGuard I'm successfully hitting speeds upwards of 12-15mpbs. And with little to no overhead on the server/client compared to the OVPN running in user space. Highly recommend taking a look at the project if you didn't the other day.

Additionally Ars ran a piece proclaiming the wg gospel as well. Though they lament the lack of Windows support. https://arstechnica.com/gadgets/2018/08/wireguard-vpn-review-fast-connections-amaze-but-windows-support-needs-to-happen/


Justin McAfee, cipher6
PGP Public Key: 
https://flowcrypt.com/pub/justinamcafee
**********************************************************************
To any NSA and FBI agents reading my email: please consider *
* whether defending the US Constitution against all enemies,       *
* foreign or domestic, requires you to follow Snowden's example. *
**********************************************************************

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On August 25, 2018 8:10 AM, JustinMcAfee <[hidden email]> wrote:

Has anyone successfully set-up the WireGuard VPN yet? It's supposed to be 2x faster than any competing IPSEC based VPN. And the people who do have it working are singing its praises. Plus Torvalds said, "Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."

I've been playing with it throughout the week and have a busted Debian VM and a non-functioning wg0 interface.

If anyone has it set-up successfully, I'd love to jump into an IRC with you and figure out what I'm doing wrong on my end.

Additionally, if we could work up a process for a static-ip'd (or DDNS'd) servers, with undefined roaming clients, I'd be glad to both write the documentation/host/publish it as well as write a script similar to PiVPN that was cross platform.

My specific questions:
Does the client HAVE to be defined at the Server?
    It appears the answer is no, and that the server can be setup to receive any incoming connection that has the public key.

Does the server HAVE to have something from the client?
     It appears that the server has to have a copy of the clients public key ahead of time. This is unique in that OVPN certs can be handed to any client, and the client will initiate a handshake. It appears that I have to GIVE a public key to the server to talk to WG clients. Is this the case?

Anyone willing to help a brother out?

Also, big thanks to Aaron Welch for helping me recover that busted MacBook a few weeks ago! The student started her first day at college this week and as far as she knows Chugalug and Aaron took care of her pro bono. Regardless I appreciate the time and energy that went in to helping!

Performance tables: https://www.wireguard.com/performance/

Justin McAfee, cipher6
PGP Public Key: 
https://flowcrypt.com/pub/justinamcafee
**********************************************************************
To any NSA and FBI agents reading my email: please consider *
* whether defending the US Constitution against all enemies,       *
* foreign or domestic, requires you to follow Snowden's example. *
**********************************************************************

Sent with ProtonMail Secure Email.



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] WireGuard VPN

JustinMcAfee
Last time I'm going to mention WireGuard ;)

I wrote a walkthrough, if you look at it, let me know if there are any additions, corrections, or necessary subtractions.


Justin McAfee, cipher6
PGP Public Key: 
https://flowcrypt.com/pub/justinamcafee
**********************************************************************
To any NSA and FBI agents reading my email: please consider *
* whether defending the US Constitution against all enemies,       *
* foreign or domestic, requires you to follow Snowden's example. *
**********************************************************************

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On August 29, 2018 1:39 PM, JustinMcAfee <[hidden email]> wrote:

Was actually able to get it configured this week successfully. On a 35mbps sym vdsl line, I was getting a MAX 3mbps over udp with OpenVPN.

Using WireGuard I'm successfully hitting speeds upwards of 12-15mpbs. And with little to no overhead on the server/client compared to the OVPN running in user space. Highly recommend taking a look at the project if you didn't the other day.

Additionally Ars ran a piece proclaiming the wg gospel as well. Though they lament the lack of Windows support. https://arstechnica.com/gadgets/2018/08/wireguard-vpn-review-fast-connections-amaze-but-windows-support-needs-to-happen/


Justin McAfee, cipher6
PGP Public Key: 
https://flowcrypt.com/pub/justinamcafee
**********************************************************************
To any NSA and FBI agents reading my email: please consider *
* whether defending the US Constitution against all enemies,       *
* foreign or domestic, requires you to follow Snowden's example. *
**********************************************************************

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On August 25, 2018 8:10 AM, JustinMcAfee <[hidden email]> wrote:

Has anyone successfully set-up the WireGuard VPN yet? It's supposed to be 2x faster than any competing IPSEC based VPN. And the people who do have it working are singing its praises. Plus Torvalds said, "Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."

I've been playing with it throughout the week and have a busted Debian VM and a non-functioning wg0 interface.

If anyone has it set-up successfully, I'd love to jump into an IRC with you and figure out what I'm doing wrong on my end.

Additionally, if we could work up a process for a static-ip'd (or DDNS'd) servers, with undefined roaming clients, I'd be glad to both write the documentation/host/publish it as well as write a script similar to PiVPN that was cross platform.

My specific questions:
Does the client HAVE to be defined at the Server?
    It appears the answer is no, and that the server can be setup to receive any incoming connection that has the public key.

Does the server HAVE to have something from the client?
     It appears that the server has to have a copy of the clients public key ahead of time. This is unique in that OVPN certs can be handed to any client, and the client will initiate a handshake. It appears that I have to GIVE a public key to the server to talk to WG clients. Is this the case?

Anyone willing to help a brother out?

Also, big thanks to Aaron Welch for helping me recover that busted MacBook a few weeks ago! The student started her first day at college this week and as far as she knows Chugalug and Aaron took care of her pro bono. Regardless I appreciate the time and energy that went in to helping!

Performance tables: https://www.wireguard.com/performance/

Justin McAfee, cipher6
PGP Public Key: 
https://flowcrypt.com/pub/justinamcafee
**********************************************************************
To any NSA and FBI agents reading my email: please consider *
* whether defending the US Constitution against all enemies,       *
* foreign or domestic, requires you to follow Snowden's example. *
**********************************************************************

Sent with ProtonMail Secure Email.




_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug