WIreGuard on embedded devices and traffic shaping question.

WIreGuard on embedded devices and traffic shaping question.

[j0eblack]

[-- Attachment #1: Type: text/plain, Size: 1561 bytes --]

Greetings people and robots,

I'm sending this email with a positive feed-back of my experience with WireGuard and the embedded device that I used with it, also I want to thank the WireGruard dev team for the awesome free software!

WireGuard is running on a Olimex Lime A-10 board with Debian Jessie on it:

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.6 (jessie)
Release: 8.6
Codename: jessie

uname -a
Linux lime-a10 4.8.4-sunxi #6 SMP Sun Oct 23 15:55:47 CEST 2016 armv7l GNU/Linux

The WireGuard packages were installed from the sid repo, everything went smoothly without any manual intervention for the setup.

My initial idea was to use WireGuard as a open-vpn-type server-client setup.

After reading some of the mails from this list I was able to get two peers to talk to each other and after that is was a matter of iptables rules to get one of the peers to act as a 'exit server' and the other connected peers to it as 'clients'.

If anyone is interested in this set-up I can write a short guide how you can achieve that and other people can point if any mistakes were made during the setup.

Something that I want to do, and I was not able to find information about it in the mailing list or the docs on the website is, can bandwidth (traffic shaping) limits be applied between connected peers?

I have done this in the past with open-vpn and tc (per IP address shaping) and I am really curious if this can be done inside WireGuard or not?

With regards,
j0eblack

[-- Attachment #2: Type: text/html, Size: 1908 bytes --]

Re: WIreGuard on embedded devices and traffic shaping question.

[Jason A. Donenfeld]

Hey Joe,

Sorry for the late reply. There was a conference and then a small trip
after, and now I'm catching up on the backlog.

On Fri, Jan 27, 2017 at 12:05 PM,  <j0eblack@teknik.io> wrote:
> If anyone is interested in this set-up I can write a short guide how you can
> achieve that and other people can point if any mistakes were made during the
> setup.

I'd certainly be interested in some sort of blog write-up. The more
documentation and tutorials, the better, IMHO.

> Something that I want to do, and I was not able to find information about it
> in the mailing list or the docs on the website is, can bandwidth (traffic
> shaping) limits be applied between connected peers?

The traffic shaping with WireGuard is the same trafic shaping found in
the rest of the Linux kernel -- the qdisc and tc subsystem. I think
you can use the usual techniques there for applying shaping to the
entire interface or selectively to certain flows.

> I have done this in the past with open-vpn and tc (per IP address shaping)
> and I am really curious if this can be done inside WireGuard or not?

I believe it can be using exactly that idea.

Regards,
Jason

Re: WIreGuard on embedded devices and traffic shaping question.

[j0eblack]

Thank you for the reply, Jason.=0A=0AIndeed my email was a bit rushed, af=
ter some tweaking I was able to shape the entire 10.0.0.0/24 range since =
that is what I intend to use.=0A=0AI used again tc and qdisk as in my pre=
vious projects and everything is working flawlessly, the website is open =
for users to add their public keys.=0A=0AThe next couple of days I have s=
ome free time and I will start a short white-up how new people can get WG=
 going and eventually configure one of the peers to be a 'exit' point.=0A=
=0AThanks again for the awesome software!=0A=0ARegards,=0AJoe=0A=0AFebrua=
ry 11, 2017 11:20 AM, "Jason A. Donenfeld" <Jason@zx2c4.com> wrote:=0A> H=
ey Joe,=0A> =0A> Sorry for the late reply. There was a conference and the=
n a small trip=0A> after, and now I'm catching up on the backlog.=0A> =0A=
> On Fri, Jan 27, 2017 at 12:05 PM, <j0eblack@teknik.io> wrote:=0A> =0A>>=
 If anyone is interested in this set-up I can write a short guide how you=
 can=0A>> achieve that and other people can point if any mistakes were ma=
de during the=0A>> setup.=0A> =0A> I'd certainly be interested in some so=
rt of blog write-up. The more=0A> documentation and tutorials, the better=
, IMHO.=0A> =0A>> Something that I want to do, and I was not able to find=
 information about it=0A>> in the mailing list or the docs on the website=
 is, can bandwidth (traffic=0A>> shaping) limits be applied between conne=
cted peers?=0A> =0A> The traffic shaping with WireGuard is the same trafi=
c shaping found in=0A> the rest of the Linux kernel -- the qdisc and tc s=
ubsystem. I think=0A> you can use the usual techniques there for applying=
 shaping to the=0A> entire interface or selectively to certain flows.=0A>=
 =0A>> I have done this in the past with open-vpn and tc (per IP address =
shaping)=0A>> and I am really curious if this can be done inside WireGuar=
d or not?=0A> =0A> I believe it can be using exactly that idea.=0A> =0A> =
Regards,=0A> Jason