Development discussion of WireGuard
 help / color / mirror / Atom feed
* WireGuard namespacing/isolation on Windows
@ 2022-10-31  3:26 Madars Virza
  0 siblings, 0 replies; only message in thread
From: Madars Virza @ 2022-10-31  3:26 UTC (permalink / raw)
  To: wireguard


Consider the following use case: preventing accidental WebRTC-style
information leaks. These leaks used to happen because WebRTC JS API
exposes IP enumeration even if no packets get sent over the
corresponding interfaces (i.e., even though the default route is the
VPN endpoint, WebRTC API would "betray" information about other
interfaces visible to the browser.)

In Linux, an elegant way around such leakage is to run your
application in a separate network namespace a la . For example, you can launch your
browser/BitTorrent client/etc in a separate netns that only sees wgN
so that even if there were WebRTC-style leaks, the application would
not immediately see interfaces outside its network namespace.

What would one do to achieve a similar result for WireGuard clients on Windows?

I'd be happy to write a little bit of code / accept solutions that are
not production-grade (this is all meant for a developer workstation).


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-10-31 13:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-31  3:26 WireGuard namespacing/isolation on Windows Madars Virza

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).