From: "Hendrik Friedel" <hendrik@friedels.name>
To: "Aaron Jones" <me@aaronmdjones.net>, wireguard@lists.zx2c4.com
Subject: Re[2]: Better Output
Date: Mon, 18 Apr 2022 08:40:02 +0000 [thread overview]
Message-ID: <emc5e5b4f5-ac77-4b94-ab65-2b839761543f@envy> (raw)
In-Reply-To: <c93e4542-d4d8-8cef-871a-0c3810d3242f@aaronmdjones.net>
Hello Aaron,
thanks for your reply.
>This would be technically achievable, but note that WireGuard
>uses UDP, which has no concept of "connections". See also
>below.
That is understood. But one can distinguish between a situation where a
(not sure about an alternative word) "connection" was established and
where not.
By the way: What does the Green Symbol today in the windows-client tell
me? Currently, I find it totally mis-leading. I think today it only
shows that:
1) the domain could be resolved to an IP
2) data was sent to it
That seems not very useful.
> > 2) If a wireguard server responds, but the key is not valid
>
>WireGuard does not respond if the keys are not valid. See
>section 5.1 ("Silence is a Virtue") in the WireGuard
>whitepaper [1].
Then, Silence is also a sign of a failed connection, no? --> red symbol.
But ok, it cannot show the reason "key invalid".
> > 3) If the connection fails, the Windows Client should show
> > a RED symbol under status.
>
>This could only be determined by a previously-in-use session
>having had no packets received for greater than the maximum
>rekey interval (2 minutes).
Why? If a connection is established, data is received, in my experience
--> green Symbol. If no data is received --> red.
Sorry, but having to check the "bytes received" and ignoring the green
symbol is hardly intuitive (a bit geeky, if I may say that). The 99%
user does not know the backgrounds and/or the whitepaper.
>However, WireGuard itself will not send any data if it has no
>data to send (same section of the whitepaper), and so if you
>are not using the tunnel for 2 minutes, this would be
>indistinguishable from a failed tunnel.
Well, I was only thinking about the esablishing of a connection, not the
situation while a tunnel is up (but not used).
So, I understand that an icon that was turned green once may have to
stay green (as one cannot distinguish between no data *intended* to be
transmitted and no data transmitted *unintendedly*/failed connection.
Unless:
>An exception is if you enable keepalives; they are 0-length
>data packets.
In that case, the Icon would always be able to reflect the real status.
Now, would that not be something for the ToDo List?
Best regards,
Hendrik
>
>
>[1] https://www.wireguard.com/papers/wireguard.pdf
>
>Regards,
>Aaron Jones
>
prev parent reply other threads:[~2022-04-18 8:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-17 8:22 Hendrik Friedel
2022-04-17 19:05 ` Aaron Jones
2022-04-18 8:40 ` Hendrik Friedel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=emc5e5b4f5-ac77-4b94-ab65-2b839761543f@envy \
--to=hendrik@friedels.name \
--cc=me@aaronmdjones.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).