From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: j0eblack@teknik.io Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 4df2715c for ; Fri, 27 Jan 2017 10:53:30 +0000 (UTC) Received: from mail.teknik.io (mail.teknik.io [50.247.95.113]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 3d48c80c for ; Fri, 27 Jan 2017 10:53:30 +0000 (UTC) Mime-Version: 1.0 Date: Fri, 27 Jan 2017 11:05:21 +0000 Content-Type: multipart/alternative; boundary="--=_RainLoop_734_543737792.1485515121" Message-ID: <91e1990891fb763b8090a2eed1321744@mail.teknik.io> From: j0eblack@teknik.io Subject: WIreGuard on embedded devices and traffic shaping question. To: wireguard@lists.zx2c4.com List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , ----=_RainLoop_734_543737792.1485515121 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Greetings people and robots,=0A=0AI'm sending this email with a positive = feed-back of my experience with WireGuard and the embedded device that I = used with it, also I want to thank the WireGruard dev team for the awesom= e free software!=0A=0AWireGuard is running on a Olimex Lime A-10 board wi= th Debian Jessie on it:=0A=0Alsb_release -a=0ANo LSB modules are availabl= e.=0ADistributor ID: Debian=0ADescription: Debian GNU/Linux 8.6 (jessie)= =0ARelease: 8.6=0ACodename: jessie=0A=0Auname -a=0ALinux lime-a10 4.8.4-s= unxi #6 SMP Sun Oct 23 15:55:47 CEST 2016 armv7l GNU/Linux=0A=0AThe WireG= uard packages were installed from the sid repo, everything went smoothly = without any manual intervention for the setup.=0A=0AMy initial idea was t= o use WireGuard as a open-vpn-type server-client setup.=0A=0AAfter readin= g some of the mails from this list I was able to get two peers to talk to= each other and after that is was a matter of iptables rules to get one o= f the peers to act as a 'exit server' and the other connected peers to it= as 'clients'.=0A=0AIf anyone is interested in this set-up I can write a = short guide how you can achieve that and other people can point if any mi= stakes were made during the setup.=0A=0ASomething that I want to do, and = I was not able to find information about it in the mailing list or the do= cs on the website is, can bandwidth (traffic shaping) limits be applied b= etween connected peers?=0A=0AI have done this in the past with open-vpn a= nd tc (per IP address shaping) and I am really curious if this can be don= e inside WireGuard or not?=0A=0AWith regards,=0Aj0eblack ----=_RainLoop_734_543737792.1485515121 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Greetings people and robots,
<= br>I'm sending this email with a positive feed-back of my experience with= WireGuard and the embedded device that I used with it, also I want to th= ank the WireGruard dev team for the awesome free software!

WireGua= rd is running on a Olimex Lime A-10 board with Debian Jessie on it:
lsb_release -a
No LSB modules are available.
Distributor ID: Debi= an
Description: Debian GNU/Linux 8.6 (jessie)
Release: 8.6
Coden= ame: jessie

uname -a
Linux lime-a10 4.8.4-sunxi #6 SMP Sun Oct = 23 15:55:47 CEST 2016 armv7l GNU/Linux

The WireGuard packages were= installed from the sid repo, everything went smoothly without any manual= intervention for the setup.

My initial idea was to use WireGuard = as a open-vpn-type server-client setup.

After reading some of the = mails from this list I was able to get two peers to talk to each other an= d after that is was a matter of iptables rules to get one of the peers to= act as a 'exit server' and the other connected peers to it as 'clients'.=

If anyone is interested in this set-up I can write a short guide = how you can achieve that and other people can point if any mistakes were = made during the setup.

Something that I want to do, and I was not = able to find information about it in the mailing list or the docs on the = website is, can bandwidth (traffic shaping) limits be applied between con= nected peers?

I have done this in the past with open-vpn and tc (p= er IP address shaping) and I am really curious if this can be done inside= WireGuard or not?

With regards,
j0eblack

----=_RainLoop_734_543737792.1485515121-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 7463d547 for ; Sat, 11 Feb 2017 09:06:21 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 247a66b8 for ; Sat, 11 Feb 2017 09:06:21 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 331248e4 for ; Sat, 11 Feb 2017 09:06:21 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 7cebe5f4 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sat, 11 Feb 2017 09:06:21 +0000 (UTC) Received: by mail-oi0-f45.google.com with SMTP id s203so32602708oie.1 for ; Sat, 11 Feb 2017 01:20:10 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <91e1990891fb763b8090a2eed1321744@mail.teknik.io> References: <91e1990891fb763b8090a2eed1321744@mail.teknik.io> From: "Jason A. Donenfeld" Date: Sat, 11 Feb 2017 10:20:08 +0100 Message-ID: Subject: Re: WIreGuard on embedded devices and traffic shaping question. To: j0eblack@teknik.io Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hey Joe, Sorry for the late reply. There was a conference and then a small trip after, and now I'm catching up on the backlog. On Fri, Jan 27, 2017 at 12:05 PM, wrote: > If anyone is interested in this set-up I can write a short guide how you can > achieve that and other people can point if any mistakes were made during the > setup. I'd certainly be interested in some sort of blog write-up. The more documentation and tutorials, the better, IMHO. > Something that I want to do, and I was not able to find information about it > in the mailing list or the docs on the website is, can bandwidth (traffic > shaping) limits be applied between connected peers? The traffic shaping with WireGuard is the same trafic shaping found in the rest of the Linux kernel -- the qdisc and tc subsystem. I think you can use the usual techniques there for applying shaping to the entire interface or selectively to certain flows. > I have done this in the past with open-vpn and tc (per IP address shaping) > and I am really curious if this can be done inside WireGuard or not? I believe it can be using exactly that idea. Regards, Jason From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: j0eblack@teknik.io Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 9991c2cc for ; Mon, 13 Feb 2017 13:23:49 +0000 (UTC) Received: from mail.teknik.io (mail.teknik.io [50.247.95.113]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 867ba3c1 for ; Mon, 13 Feb 2017 13:23:49 +0000 (UTC) Mime-Version: 1.0 Date: Mon, 13 Feb 2017 13:37:51 +0000 Content-Type: text/plain; charset="utf-8" Message-ID: <10506714ccc9074c7fca33401c985275@mail.teknik.io> From: j0eblack@teknik.io Subject: Re: WIreGuard on embedded devices and traffic shaping question. To: "Jason A. Donenfeld" In-Reply-To: References: <91e1990891fb763b8090a2eed1321744@mail.teknik.io> Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Thank you for the reply, Jason.=0A=0AIndeed my email was a bit rushed, af= ter some tweaking I was able to shape the entire 10.0.0.0/24 range since = that is what I intend to use.=0A=0AI used again tc and qdisk as in my pre= vious projects and everything is working flawlessly, the website is open = for users to add their public keys.=0A=0AThe next couple of days I have s= ome free time and I will start a short white-up how new people can get WG= going and eventually configure one of the peers to be a 'exit' point.=0A= =0AThanks again for the awesome software!=0A=0ARegards,=0AJoe=0A=0AFebrua= ry 11, 2017 11:20 AM, "Jason A. Donenfeld" wrote:=0A> H= ey Joe,=0A> =0A> Sorry for the late reply. There was a conference and the= n a small trip=0A> after, and now I'm catching up on the backlog.=0A> =0A= > On Fri, Jan 27, 2017 at 12:05 PM, wrote:=0A> =0A>>= If anyone is interested in this set-up I can write a short guide how you= can=0A>> achieve that and other people can point if any mistakes were ma= de during the=0A>> setup.=0A> =0A> I'd certainly be interested in some so= rt of blog write-up. The more=0A> documentation and tutorials, the better= , IMHO.=0A> =0A>> Something that I want to do, and I was not able to find= information about it=0A>> in the mailing list or the docs on the website= is, can bandwidth (traffic=0A>> shaping) limits be applied between conne= cted peers?=0A> =0A> The traffic shaping with WireGuard is the same trafi= c shaping found in=0A> the rest of the Linux kernel -- the qdisc and tc s= ubsystem. I think=0A> you can use the usual techniques there for applying= shaping to the=0A> entire interface or selectively to certain flows.=0A>= =0A>> I have done this in the past with open-vpn and tc (per IP address = shaping)=0A>> and I am really curious if this can be done inside WireGuar= d or not?=0A> =0A> I believe it can be using exactly that idea.=0A> =0A> = Regards,=0A> Jason