@lina we had a 1476 bytes MTU on the PPPoE interface. I would have expected a 1396 bytes MTU on the #WireGuard tunnel interface, but ping's with various sizes showed it had to be 1392 instead. Does that make sense, would the padding explain that?
@lina oh, wait, that could finally explain why I had to set a different #MTU than what I had calculated/expected for #WireGuard tunnel for #dn42 behind a PPPoE host...
Keep your internet activity private with #ProtonVPN. Now with #WireGuard support on #Linux.
fast
lightweight
state-of-the-art security protocol
More for #Linux!
We recently released the Advanced Kill Switch for Linux (https://protonvpn.com/support/permanent-kill-switch/), but there is more to come. Keep an eye out over the next few weeks for the new beta with the next feature - #wireguard support!
6 / 7
" 2024/02/09 by Justin Sherrill
There’s a huge amount of commits for this, but I’ll point at the first with #FreeBSD code; one of several incorporating #OpenBSD changes, and of course it rolls out to tools. "
#RUNBSD #BSD #DragonFlyBSD #WG
https://www.dragonflydigest.com/2024/02/09/wireguard-in-dragonfly/
I should update my #introduction to say:
Follow me for unhinged rants about the tech rabbit holes I go down. Currently including, but not limited to: #Wireguard #Kubernetes #BGP #Containers #Linux #Programming #Development #Networking #Git #Selfhosting #Homelab
alright #NixOS fediverse (or perhaps this is really a broader #Linux question) - I've got a NixOS #container (that's a systemd-nspawn container for you non-NixOS folks) running in a network namespace so that all of its traffic goes out over a #WireGuard interface. this works great and is awesome.
there's a problem, though. the container exposes some network services that I'd like to access from the host. normally they'd either magically be available (privateNetwork=false;) or they could be explicitly mapped. unfortunately, I don't think either of these work correctly in NixOS when netns is involved.
I can think of two options:
1. go through the effort to stand up another veth device for host/guest-only traffic
or 2. hack something together with netcat and shared filesystem space
in typing this out, I think I'm finding myself leaning towards the additional interface, though it's likely to be a pain.
is there a common pattern for these situations, or a solution that I'm not thinking of?
Hey @digitalcourage , ich habe vor einiger Zeit (anfangs nur für mich quasi als "Doku") zusammengeschrieben, wie ich meine #privatsphare versuche zu schützen, indem ich Werbung, Tracker usw. mit einem DNS-basierten Blocker für alle meine Geräte zentral abwehre.
Und weil ich das nicht nur zuhause für die ganze Familie haben wollte, habe ich das noch für unterwegs mit einem #Wireguard VPN auf meiner eigenen VM im europäischen Ausland garniert.
Und hier ist das Resultat meiner Gedanken und was ich warum und wie gemacht habe: https://thomasmerz.github.io/pihole-wireguard-knowhow/
Was haltet ihr und die anderen davon?
I'm a Go and C# developer. I like to take my digital camera Nikon Z7 for a walk with my daughter and my wife.
I sponsor open source projects, at the moment #wireguard, #signal and #GrapheneOS.
The #HardenedBSD March 2021 status report is out! We're actively looking for kernel hackers to help with the in-kernel #Wireguard implementation.
https://hardenedbsd.org/article/shawn-webb/2021-03-31/hardenedbsd-march-2021-status-report
> Set up #pihole, recursive #unbound and #wireguard for my home network, and they all play very nice together \o/
I'd heard of the other two, but I'm not familiar with Unbound. Their website says they're a “validating, recursive, caching DNS resolver”. What does that give you over using PiHole as your DNS server?
Set up #pihole, recursive #unbound and #wireguard for my home network, and they all play very nice together \o/
WireSep v0.10.0 is here. WireSep is a privilege separated implementation of WireGuard for OpenBSD.
This release contains a major effort to clarify all log messages so that looking at the logs no longer makes your eyes bleed. Furthermore it contains some cleanups found with GCC 8 and Clang Static Analyzer.
Thanks to everyone reporting back issues.
ChangeLog: https://github.com/timkuijsten/wiresep/blob/master/ChangeLog
#wireguard can create a point-to-point VPN network. Is that something that could be used to replace a #SSH connection?
Is there a concealable near future where we "wireguard" in to remote servers to administer them instead of SSHing in? If so, what would be the advantages/disadvantages of this versus current practice with SSH?
(I'm very open to the idea that I've misunderstood something fundamental and this question is really dumb/not-even-wrong)
@afiestas I keep hearing about #wireguard but have to confess I don't really get it. It's a #vpn, I get that. But people seem very exited about it.
Is it just a replacement for existing VPNs, or is it something more? If I don't currently use a VPN, should I care about Wireguard?
I had my doubts about https://www.wireguard.com (I rather keep things in userspace) but after checking it out it seems like they have done and amazing job, it is super simple and userspace implementations exists (golang and rust), can't wait to try it out! #wireguard
| SUSECON 
