Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Alessandro Rinaldi <ale@alerinaldi.it>
To: wireguard@lists.zx2c4.com
Subject: engarde - small issue with wireguard-windows
Date: Sat, 18 Apr 2020 00:55:49 +0200	[thread overview]
Message-ID: <CAJntV_GNfHPPUQKf=PnFuK3g4J30F+DVy+=9op-=K+u2ihzSHA@mail.gmail.com> (raw)

Hello,

I just subscribed to the mailing list so I'll introduce myself: I'm
Alessandro, I'm from Italy and I LOVE WireGuard :)

Last year I was looking for a way to create a reliable network tunnel
over multiple unstable connections. I'm a volunteer in a radio station
and it happens sometimes to broadcast from remote locations where
Internet connections are not good.
What I was looking for was not a failover mechanism, since when
transmitting nearly real-time audio we couldn't afford even the time
for it to detect a problem in the connection and switch to another
one. Audio transmission requires low bandwidth, so we didn't care
about wasting it to have a stable connection.

So I came up with a solution that I called engarde [0]: it basically
takes packets emitted from WireGuard and sends them to the other peer
over all the available network interfaces (like for example, an ADSL
modem over Ethernet, one or two 4G USB dongles, and maybe a WiFi
network). On the other peer, engarde takes all the packets it receives
and sends them to the local UDP port WireGuard is listening on. When
it receives a packet back from WireGuard, it sends them back to all
the destinations it received packets from recently (by default, 30
seconds). Since WireGuard disards duplicated packets by looking at
their timestamps [1], this totally works as a redundant bonding
solution, for both upload and download: as long as at least one
connection is up at any given moment, the tunnel is stable, without
even a minimal interruption.
The behaviour is better described in the project README, along with
some example use cases and configurations.

With the spreading of Covid-19 here in North of Italy, many radio
speakers started transmitting from home, and I know of various radio
stations that used engarde to have a stable audio signal by using, for
example, the speaker's home connection and its smartphone one via USB
tethering.

First of all, I'd love to know what you think about it, or if you have
a better approach than this one: I searched a lot for possible
solutions before coming up with my own one and, even if I'm really
satisfied with it, I'd like to know if there are more "mainstream"
approaches for that.

Also, by testing this, I found a strange issue with the WireGuard
Windows client. For the solution to work, the WireGuard client must
send its packets not directly to the other peer, but to engarde
itself, that will dispatch them through all the interfaces. So, I need
to set "127.0.0.1:54321" as the peer address, where 54321 is the port
engarde is listening on. This works on Linux and Mac, but not on
Windows. When I bring the tunnel up with 127.0.0.1:12345 as peer
address, this is the error I get in logs:
```
2020-04-18 00:45:33.537: [TUN] [Radio] peer(gucn…uwWE) - Failed to
send handshake initiation write udp4 0.0.0.0:59301->127.0.0.1:12345:
wsasendto: Indirizzo richiesto non valido nel proprio contesto.
```
This seems to be returned directly by the OS, since it's translated:
I'm using Italian Windows, in the English version it's "The requested
address is not valid in its context".
The exact same configuration works like a charm in TunSafe.
Is this an issue that could be solved on the WireGuard side?

Thank you so much for any feedback you'll provide me, both for engarde
itself and for the issue I'm having on Windows.

[0] https://github.com/porech/engarde
[1] https://www.wireguard.com/protocol/ , "DoS Mitigation" section

                 reply	other threads:[~2020-04-24 20:56 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJntV_GNfHPPUQKf=PnFuK3g4J30F+DVy+=9op-=K+u2ihzSHA@mail.gmail.com' \
    --to=ale@alerinaldi.it \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).