Date: Sun, 13 Nov 2016 23:35:06 +0100 From: =?utf-8?Q?Dan_L=C3=BCdtke?= To: WireGuard mailing list Subject: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request Hi all, first step of OpenWRT/LEDE integration is making sure the helper script = for configuring the interface is installed. The corresponding pull = request can be found here: https://github.com/openwrt/packages/pull/3512 Please support this pull request. Once it is accepted, the GUI (luci) will follow. Thanks, Dan= . Date: Tue, 22 Nov 2016 14:08:05 +0100 From: Baptiste Jonglez To: wireguard@lists.zx2c4.com Subject: [WireGuard] Pull-based peer configuration --IuhbYIxU28t+Kd57 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Right now, the only method for configuring peers is "push-based", i.e. using `wg` to push the public key and AllowedIPs for each peer to the running wireguard instance. I'm toying with the idea of a pull-based model, for instance storing peer configuration in a Radius or SQL database. But it seems like an incredibly bad idea to integrate a Radius or SQL library inside the kernel. What about having a userspace daemon that wireguard can query from kernelspace when a new peer connects? Wireguard would basically ask "Is this public key allowed to connect, and what are its AllowedIPs?". The daemon would then use whatever method it wants (flat file, SQL/Radius database, LDAP=E2=80=A6) to determine whether the peer is allowed and its configuration. I guess it looks a bit like the IKE daemon in IPsec (though not exactly, since wireguard handles rekeying itself), which I'm not sure is a good sign :) Baptiste --IuhbYIxU28t+Kd57 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYNEMwAAoJEL4B7CKgTi5GiTYP/AorAzM10Oq16bJoetG1v7LD 6x9jf/vbERLB+C4uNewxz+L4kytAdagmoIfL3o/fAVFPHRpTPM2axh66RRDRVd0B QR/6jOliEabDBapBPpE9xRcAQ7qhqv4RNNDRW2S5UHDfz/rxnr1TyjMQWzEE3Y67 Tm0wFJ4CmF+qANDSRwnPrndXbDvcylI48ws7UX8VC25GdcZJV73cGD4576PjXgnt nnxr7MtmODEl7MkVu3LRJF1aZxkuROcvbwSLNMtVqa2uSeddtr9y4zPKvj7fgFCs 57lTzSdURea1R8zkMxdKZlrI2aIiF08fXcJrSPH6o1rDLCLep3qAwID/kt7qESRn FU/QpA3DTvEDjKAwwS2bcaSrjvsWgNc7K2nIwp/gFzaUU5RfOrpBFIXMjI/NUC6N TCMraF93qNsHX/VJHpTXyOObDHJQIIX5GUUUNTUFQhvGVx50H4XFYOS51OWzoj0B rAX1+6cW4jPJt+0rSr3kRIrNop0d/NAp2oHEvIEp7Y+GS56EqEMtisjN29XXu+ni oT22s42XqCDqqydvJ8tcRFse15bTiMZrV7hAqWMirS1wy/WsZLNfN39zZ+9E/7YA faICAQ2+h8TZwurlgL2VeMfz6yWwwSWI/f6JJrA6nxUW+oJ8oWS+9/dklKPhdBcS gFq8MyTa9CeIKPb/SK1E =f1MT -----END PGP SIGNATURE----- --IuhbYIxU28t+Kd57-- . Date: Mon, 12 Dec 2016 13:03:18 +0100 From: "Michal Kowalski" To: wireguard@lists.zx2c4.com Subject: Re: [WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request Hi, Is possible to add/modify version to support IPv4 only ? I would like to disable IPv6 and compile LEDE but than wireguard disappear. It is because of flash size 4MB. Thanks, Michal .