Re: Roaming Mischief - Markus Woschank

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: Markus Woschank <markus.woschank@gmail.com>
To: Aaron Jones <aaronmdjones@gmail.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Roaming Mischief
Date: Fri, 17 Nov 2017 19:38:54 +0100	[thread overview]
Message-ID: <CAKUy5ax4zhSyQoAEMJvebphSKe71CNJOJVZc1n8D5QX89=_Veg@mail.gmail.com> (raw)
In-Reply-To: <cdf48a39-3d81-5269-dbb4-93929cdf081f@gmail.com>

> Roaming means that the current endpoint (at shutdown time) would be
> persisted, and if the reboot doesn't take very long, it is highly
> likely that the (new) endpoint does still make sense, particularly
> because UDP is used which means new sessions can usually resume as if
> nothing happened, even through a NAT (though if you are also behind a
> NAT, source port randomisation may trip you up if you don't have it
> forwarded through the remote one, but that's beside the point).

Thanks for the example, did not yet have look at wg-quick.

But I argue that the concept of configuration and state should not be mixed.
Having the configuration the same and saving the current state, not
via showconf which should be used for configuration and not state as
the name implies, to a different location and restoring that state
(the current endpoint of the roaming peers) would be much cleaner and
not mix up a state-store-operation that stores a so called
configuration mixed with state that includes the private key.

Markus

next prev parent reply	other threads:[~2017-11-17 18:34 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-14  9:59 Jason A. Donenfeld
2017-11-14 10:30 ` Kalin KOZHUHAROV
2017-11-14 13:53   ` Lonnie Abelbeck
2017-11-14 14:08     ` Kalin KOZHUHAROV
2017-11-14 13:25 ` Bruno Wolff III
2017-11-14 13:50   ` Kalin KOZHUHAROV
2017-11-15 18:38 ` Markus Woschank
2017-11-15 22:03   ` Aaron Jones
2017-11-17 17:23     ` Markus Woschank
2017-11-17 17:36       ` Aaron Jones
2017-11-17 18:38         ` Markus Woschank [this message]
2017-11-17 18:46         ` Markus Woschank
2017-11-17 21:29           ` Aaron Jones
2017-11-17 22:06             ` Markus Woschank
2017-11-17 22:11               ` Markus Woschank
2017-11-18  9:38           ` Matthias Urlichs
2017-11-18 15:01     ` Markus Woschank
2017-11-18 15:11       ` Markus Woschank
2017-11-16 17:45 ` Stephen Major

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKUy5ax4zhSyQoAEMJvebphSKe71CNJOJVZc1n8D5QX89=_Veg@mail.gmail.com' \
    --to=markus.woschank@gmail.com \
    --cc=aaronmdjones@gmail.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).