* WIreGuard on embedded devices and traffic shaping question.
@ 2017-01-27 11:05 j0eblack
2017-02-11 9:20 ` Jason A. Donenfeld
2017-02-13 13:37 ` j0eblack
0 siblings, 2 replies; 3+ messages in thread
From: j0eblack @ 2017-01-27 11:05 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 1561 bytes --]
Greetings people and robots,
I'm sending this email with a positive feed-back of my experience with WireGuard and the embedded device that I used with it, also I want to thank the WireGruard dev team for the awesome free software!
WireGuard is running on a Olimex Lime A-10 board with Debian Jessie on it:
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 8.6 (jessie)
Release: 8.6
Codename: jessie
uname -a
Linux lime-a10 4.8.4-sunxi #6 SMP Sun Oct 23 15:55:47 CEST 2016 armv7l GNU/Linux
The WireGuard packages were installed from the sid repo, everything went smoothly without any manual intervention for the setup.
My initial idea was to use WireGuard as a open-vpn-type server-client setup.
After reading some of the mails from this list I was able to get two peers to talk to each other and after that is was a matter of iptables rules to get one of the peers to act as a 'exit server' and the other connected peers to it as 'clients'.
If anyone is interested in this set-up I can write a short guide how you can achieve that and other people can point if any mistakes were made during the setup.
Something that I want to do, and I was not able to find information about it in the mailing list or the docs on the website is, can bandwidth (traffic shaping) limits be applied between connected peers?
I have done this in the past with open-vpn and tc (per IP address shaping) and I am really curious if this can be done inside WireGuard or not?
With regards,
j0eblack
[-- Attachment #2: Type: text/html, Size: 1908 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: WIreGuard on embedded devices and traffic shaping question.
2017-01-27 11:05 WIreGuard on embedded devices and traffic shaping question j0eblack
@ 2017-02-11 9:20 ` Jason A. Donenfeld
2017-02-13 13:37 ` j0eblack
1 sibling, 0 replies; 3+ messages in thread
From: Jason A. Donenfeld @ 2017-02-11 9:20 UTC (permalink / raw)
To: j0eblack; +Cc: WireGuard mailing list
Hey Joe,
Sorry for the late reply. There was a conference and then a small trip
after, and now I'm catching up on the backlog.
On Fri, Jan 27, 2017 at 12:05 PM, <j0eblack@teknik.io> wrote:
> If anyone is interested in this set-up I can write a short guide how you can
> achieve that and other people can point if any mistakes were made during the
> setup.
I'd certainly be interested in some sort of blog write-up. The more
documentation and tutorials, the better, IMHO.
> Something that I want to do, and I was not able to find information about it
> in the mailing list or the docs on the website is, can bandwidth (traffic
> shaping) limits be applied between connected peers?
The traffic shaping with WireGuard is the same trafic shaping found in
the rest of the Linux kernel -- the qdisc and tc subsystem. I think
you can use the usual techniques there for applying shaping to the
entire interface or selectively to certain flows.
> I have done this in the past with open-vpn and tc (per IP address shaping)
> and I am really curious if this can be done inside WireGuard or not?
I believe it can be using exactly that idea.
Regards,
Jason
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: WIreGuard on embedded devices and traffic shaping question.
2017-01-27 11:05 WIreGuard on embedded devices and traffic shaping question j0eblack
2017-02-11 9:20 ` Jason A. Donenfeld
@ 2017-02-13 13:37 ` j0eblack
1 sibling, 0 replies; 3+ messages in thread
From: j0eblack @ 2017-02-13 13:37 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
Thank you for the reply, Jason.=0A=0AIndeed my email was a bit rushed, af=
ter some tweaking I was able to shape the entire 10.0.0.0/24 range since =
that is what I intend to use.=0A=0AI used again tc and qdisk as in my pre=
vious projects and everything is working flawlessly, the website is open =
for users to add their public keys.=0A=0AThe next couple of days I have s=
ome free time and I will start a short white-up how new people can get WG=
going and eventually configure one of the peers to be a 'exit' point.=0A=
=0AThanks again for the awesome software!=0A=0ARegards,=0AJoe=0A=0AFebrua=
ry 11, 2017 11:20 AM, "Jason A. Donenfeld" <Jason@zx2c4.com> wrote:=0A> H=
ey Joe,=0A> =0A> Sorry for the late reply. There was a conference and the=
n a small trip=0A> after, and now I'm catching up on the backlog.=0A> =0A=
> On Fri, Jan 27, 2017 at 12:05 PM, <j0eblack@teknik.io> wrote:=0A> =0A>>=
If anyone is interested in this set-up I can write a short guide how you=
can=0A>> achieve that and other people can point if any mistakes were ma=
de during the=0A>> setup.=0A> =0A> I'd certainly be interested in some so=
rt of blog write-up. The more=0A> documentation and tutorials, the better=
, IMHO.=0A> =0A>> Something that I want to do, and I was not able to find=
information about it=0A>> in the mailing list or the docs on the website=
is, can bandwidth (traffic=0A>> shaping) limits be applied between conne=
cted peers?=0A> =0A> The traffic shaping with WireGuard is the same trafi=
c shaping found in=0A> the rest of the Linux kernel -- the qdisc and tc s=
ubsystem. I think=0A> you can use the usual techniques there for applying=
shaping to the=0A> entire interface or selectively to certain flows.=0A>=
=0A>> I have done this in the past with open-vpn and tc (per IP address =
shaping)=0A>> and I am really curious if this can be done inside WireGuar=
d or not?=0A> =0A> I believe it can be using exactly that idea.=0A> =0A> =
Regards,=0A> Jason
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-13 13:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-27 11:05 WIreGuard on embedded devices and traffic shaping question j0eblack
2017-02-11 9:20 ` Jason A. Donenfeld
2017-02-13 13:37 ` j0eblack
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).