From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Adrian Larsen <alarsen@maidenheadbridge.com>
Cc: Clint Dovholuk <clint.dovholuk@netfoundry.io>,
Riccardo Paolo Bestetti <pbl@bestov.io>,
WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Using WireGuard on Windows as non-admin - proper solution?
Date: Sat, 28 Nov 2020 15:28:01 +0100 [thread overview]
Message-ID: <CAHmME9q_UbmfVyd9hH5+b1n6pE=mOgZdKMcyF=AFf2Nm0QHumg@mail.gmail.com> (raw)
In-Reply-To: <d9dc454a-15fd-a547-8d0f-b7916818c3de@maidenheadbridge.com>
On Thu, Nov 26, 2020 at 9:53 AM Adrian Larsen
<alarsen@maidenheadbridge.com> wrote:
>
> One thing that is commonly implemented in other clients doing tunnels is
> the detection of "ON / OFF Corporate network".
>
> Without any user intervention, the vpn client is capable to detect (on
> every network change) where the user is located and to active the client
> or not.
>
> Values to detect are a combination of:
>
> (usually you can do AND / OR of this values)
>
> 1- Adapter domain (i.e. contoso.com) . This comes from DHCP values
> received.
>
> 2 - DNS servers IPs
>
> 3 - Hostname vs IP. (This is to create a local DNS A record on your
> internal DNS server that is resolvable only when you are ON corporate
> network and not outside)
>
> The detection of this values are platform agnostic. You can use it on
> any client: Linux, Windows, Mac, etc; to detect when turn ON / OFF the
> vpn client automatically without user intervention.
That sounds like it introduces a security vulnerability, in which you
send the magic unauthenticated packets, and voila, WireGuard
deactivates and you're sending data in the clear.
next prev parent reply other threads:[~2020-11-28 14:28 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-12 15:18 vh217
2020-11-13 2:16 ` Jason A. Donenfeld
2020-11-13 12:03 ` Der PCFreak
2020-11-15 15:28 ` Patrik Holmqvist
2020-11-19 16:56 ` Jason A. Donenfeld
2020-11-20 11:49 ` Patrik Holmqvist
2020-11-20 12:52 ` Jason A. Donenfeld
2020-11-20 13:10 ` Patrick Fogarty
2020-11-20 13:14 ` Patrik Holmqvist
2020-11-17 10:18 ` Viktor H
2020-11-26 7:09 ` Chris Bennett
2020-11-21 10:05 ` Jason A. Donenfeld
2020-11-22 12:55 ` Jason A. Donenfeld
2020-11-23 14:57 ` Fatih USTA
2020-11-24 23:42 ` Riccardo Paolo Bestetti
2020-11-25 1:08 ` Jason A. Donenfeld
2020-11-25 7:49 ` Riccardo Paolo Bestetti
2020-11-25 10:30 ` Jason A. Donenfeld
2020-11-25 11:45 ` Jason A. Donenfeld
2020-11-25 14:08 ` Riccardo Paolo Bestetti
[not found] ` <8bf9e364f87bd0018dabca03dcc8c19b@mail.gmail.com>
2020-11-25 20:10 ` Riccardo Paolo Bestetti
2020-11-25 21:42 ` Jason A. Donenfeld
2020-11-26 8:53 ` Adrian Larsen
2020-11-28 14:28 ` Jason A. Donenfeld [this message]
2020-11-29 9:30 ` Adrian Larsen
2020-11-29 10:52 ` Jason A. Donenfeld
2020-11-29 12:09 ` Phillip McMahon
2020-11-29 12:50 ` Jason A. Donenfeld
2020-11-29 13:40 ` Phillip McMahon
2020-11-29 17:52 ` Jason A. Donenfeld
2020-11-29 19:44 ` Phillip McMahon
2020-11-29 20:59 ` Jason A. Donenfeld
2020-11-30 18:34 ` Riccardo Paolo Bestetti
2022-04-22 20:21 ` zer0flash
2020-11-30 12:47 ` Probable Heresy ;-) Peter Whisker
2020-12-02 13:40 ` Jason A. Donenfeld
2021-01-03 11:08 ` Christopher Ng
2020-11-25 12:40 ` AW: Using WireGuard on Windows as non-admin - proper solution? Joachim Lindenberg
2020-11-25 13:08 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9q_UbmfVyd9hH5+b1n6pE=mOgZdKMcyF=AFf2Nm0QHumg@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=alarsen@maidenheadbridge.com \
--cc=clint.dovholuk@netfoundry.io \
--cc=pbl@bestov.io \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).