From: "Sune Mølgaard" <email@example.com> To: Nicholas Capo <firstname.lastname@example.org>, email@example.com Subject: Re: Hooks in clients? Date: Sat, 14 Nov 2020 10:55:03 +0100 Message-ID: <firstname.lastname@example.org> (raw) In-Reply-To: <email@example.com> On 13/11/2020 17.58, Nicholas Capo wrote: > On Fri, 2020-11-13 at 16:46 +0100, Sune Mølgaard wrote: >> Hiya, >> >> I am looking towards deploying WireGuard as my primary VPN >> connection, >> and wonder a bit if the various clients (Android, wg-quick, whatever >> there is for macOS, iOS and Windows), could be made to include the >> possibility of calling external programs upon (re-)connections, in my >> case specifically for port knocking, but possibly useful for other >> purposes as well? >> >> In the cases of Android and iOS, I am a bit unsure about interaction >> with other apps, so maybe, to begin with, just built-in port knocking >> capabilities could be considered. >> >> Any thoughts? >> > > In my experence there isn't really a case where the client gets > disconnected (like a crash) and then needs to reconnect. > For me the client always stays enabled, but if there is a problem at > the remote end then packets don't go anywhere. > > In other words the traffic might get dropped by the remote (feels like > no traffic *at all*), but I've never seen a situation where I was > accedentially sending unencrypted traffic. > > Nicholas > > > Hi Nicholas, Well, my worry was that if I used port knocking, then, since I also use fail2ban on the server, the client (phone specifically), would change IP-addresses, need to knock, or else get banned. But if I understand Jason correctly (thank you, Jason), even if we employ port knocking for a few other things, if we keep the WG port open, it will actually look closed, unless one actually has a legitimate client and client config. Is that understanding correct? -- Real programmers don't comment... What was hard to write should be hard to read.
next prev parent reply other threads:[~2020-11-14 9:55 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-11-13 15:46 Sune Mølgaard 2020-11-13 15:50 ` Jason A. Donenfeld 2020-11-13 16:58 ` Nicholas Capo 2020-11-14 9:55 ` Sune Mølgaard [this message] 2020-11-14 10:02 ` Jason A. Donenfeld
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Development discussion of WireGuard This inbox may be cloned and mirrored by anyone: git clone --mirror http://inbox.vuxu.org/wireguard # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \ firstname.lastname@example.org public-inbox-index wireguard Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.vuxu.org/vuxu.archive.wireguard AGPL code for this site: git clone https://public-inbox.org/public-inbox.git