Development discussion of WireGuard
 help / color / mirror / Atom feed
* Security: Support 3rd party firewall software
@ 2020-09-26 23:24 properly
  2020-10-01 11:30 ` Matthias Urlichs
  0 siblings, 1 reply; 2+ messages in thread
From: properly @ 2020-09-26 23:24 UTC (permalink / raw)
  To: wireguard

On Windows, wireguard is not obeying Comodo Firewall because wireguard
wintun network adapter is not including comodo's driver.

Note that this problem doesn't occur on OpenVPN's network adapter (V9)
because it loads comodo driver.


1. Disable Windows Firewall on Win10
2. Install Comodo Firewall(CF)
3. Configure CF
4. Acknoledge that the CF is filtering packet as expected

5. Install Wireguard
6. Connect to WG
7. All packets runs through WG, and comodo can't filter them


This is severe security risk.
Using Windows firewall is not an answer here.
There are many people who bought third party software solution.


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Security: Support 3rd party firewall software
  2020-09-26 23:24 Security: Support 3rd party firewall software properly
@ 2020-10-01 11:30 ` Matthias Urlichs
  0 siblings, 0 replies; 2+ messages in thread
From: Matthias Urlichs @ 2020-10-01 11:30 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1: Type: text/plain, Size: 679 bytes --]

On 27.09.20 01:24, properly@secmail.pro wrote:
> This is severe security risk.

Yeah, but the Windows Firewall does manage to block WG packets, doesn't it?

Thus IMHO the security problem is on Comodo's side as they obviously
don't use the same system interface as the Windows firewall. It's their
job to intercept every packet, not Wireguard's to special-case feeding
the data to them.

Forcing each driver to load some 3rd-party tool if it happens to be
installed is not a viable solution. Nice of OpenVPN to work with Comodo,
but what if Domoco creates a competing product and then Mocodo comes
along and … you get the picture.

-- 
-- Matthias Urlichs



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-10-01 11:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-26 23:24 Security: Support 3rd party firewall software properly
2020-10-01 11:30 ` Matthias Urlichs

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git