From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "Dan Lüdtke" <mail@danrl.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>,
Peter Dolding <oiaohm@gmail.com>
Subject: Re: Built-in Roaming is limited due to a design fault adding STUN and TURN support would be good and make wire-guard connections more durable.
Date: Sun, 15 Jan 2017 11:55:16 +0100 [thread overview]
Message-ID: <CAHmME9rzi6W0m7_aLx4jTDCW2hFhEtkdWiMOQ6SNenrc8uEVyA@mail.gmail.com> (raw)
In-Reply-To: <F343B5F3-4A99-4F0D-B5BE-DBDC0CDECE09@danrl.com>
On Sun, Jan 15, 2017 at 9:39 AM, Dan L=C3=BCdtke <mail@danrl.com> wrote:
> Although I see the problem and ran into it myself, I would like to see a =
solution outside the
> wireguard code. Like the one Jason proposed or even a new approach. I am =
afraid that
> network layers problems (legacy IP and especially NAT) are about to uglif=
y yet another
> beautiful protocol.
Yea -- worry not. I'm not going to add big cludges into core
WireGuard. I would like to provide some useful facilities for people
to do interesting composable solutions to disgusting networking
problems. But I think this solution space is more in the realm of
"API" than "protocol".
I could also imagine people making "wireguard UDP proxy daemons" --
little programs that listen on 127.0.0.1:xxxxx and then forward
packets to some dynamically learned MySQL-connected ASN1-parsed IP
while doing things like "if multiple packets that start with a 0x1 and
are 148 bytes long are sent in a row, the server has probably changed
IPs and we should get STUNed again".
Or, maybe this kind of proxy is objectionable and people would prefer
to use netlink notification for connectivity events instead.
Either way, there's plenty of room for building terrible things _on
top of_, rather than inside of, wireguard.
> My concerns expressed and all that said, I would love to see some code or=
PoC. Code and pcaps are king :)
:) As the Reverend Doctor Pastor says, PoC||GTFO.
> Wireguards roaming feature tool care of the sites where even the ipv6 pre=
fix changes from time to time.
Or when your laptop or cellphone is moving around between IP addresses
frequently.
next prev parent reply other threads:[~2017-01-15 10:44 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-02 6:10 Peter Dolding
2017-01-02 14:18 ` Jason A. Donenfeld
2017-01-05 11:08 ` Peter Dolding
2017-01-05 20:33 ` Jason A. Donenfeld
2017-01-09 13:43 ` Peter Dolding
2017-01-15 8:39 ` Dan Lüdtke
2017-01-15 10:55 ` Jason A. Donenfeld [this message]
2017-01-18 5:55 ` Peter Dolding
2017-01-18 6:11 ` Dan Lüdtke
2017-01-18 11:21 ` Peter Dolding
2017-01-18 12:07 ` Dan Lüdtke
2017-01-21 21:51 ` Peter Dolding
2017-01-22 23:29 ` Jason A. Donenfeld
2017-01-15 10:40 ` Jason A. Donenfeld
2017-01-18 7:38 ` Peter Dolding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9rzi6W0m7_aLx4jTDCW2hFhEtkdWiMOQ6SNenrc8uEVyA@mail.gmail.com \
--to=jason@zx2c4.com \
--cc=mail@danrl.com \
--cc=oiaohm@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).