[WireGuard] Demo Server: Dual stack?

[WireGuard] Demo Server: Dual stack?

[Dan Lüdtke]

Jason,

do you plan on adding IPv6 compatibility to the demo server? If not, do =
you mind if I set one up? How difficult is it to run the demo server. It =
just accepts every key, right?

Cheers,

Dan=

Re: [WireGuard] Demo Server: Dual stack?

[Jason A. Donenfeld]

Hi Dan,

I guess I could provide IPv6 connectivity, but.... why? It's a demo.
If you're using it as an access point to the Internet with intentions
beyond simply trying out WireGuard, then you're abusing my service.

I'm happy to consider this, but I'll need to be convinced that this
actually matters.

Jason

On Wed, Nov 16, 2016 at 12:39 PM, Dan L=C3=BCdtke <mail@danrl.com> wrote:
> Jason,
>
> do you plan on adding IPv6 compatibility to the demo server? If not, do y=
ou mind if I set one up? How difficult is it to run the demo server. It jus=
t accepts every key, right?
>
> Cheers,
>
> Dan
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Demo Server: Dual stack?

[Dan Lüdtke]

Hi Jason,

> I guess I could provide IPv6 connectivity, but.... why? It's a demo.

Because it is a demo of a brand new protocol, showing how it can be used =
with legacy versions payload and transport protocol. I find that odd, =
but as I understand we have contradicting point of views on IP =
protocols.

> If you're using it as an access point to the Internet with intentions
> beyond simply trying out WireGuard, then you're abusing my service.

I am not using it at all. But it would be useful for howtos and blog =
posts to reference it. I don't use vintage IP in my posts, so I can't =
refer to the official demo server.

Since many potential peers are behind NATs using RFC1918 legacy IP =
addresses AND have global unicast IP addresses (which are easier to =
whitelist in a firewall than maintaining port forwarding in networks =
using a dynamic configuration protocol) I expect WireGuard to be =
especially useful using IPv6 as transport.

BTW, I don't see any reason why the demo server should forward to the =
Internet at all. Connectivity between peers/server and accessing the =
hidden website would be enough for my usecase (howtos/blog posts), which =
may be a different one than what you intended when you setup the server.=20=


> I'm happy to consider this, but I'll need to be convinced that this
> actually matters.

Unfortunately :) I, for one, need to be convinced why I should create =
lasting documentation using an EOL IP protocol. Why does IPv4 matter =
more than IPv6? Usually, latency is better when using IPv6. Latency is =
probably the first thing demo users test (ping through the tunnel).

However, if you like to share some information how to set up one myself, =
I am happy to host a IPv6 demo server. Currently I am wondering how to =
accept *any* public key in the [Peer] config.

Cheers,

Dan

> Jason
>=20
> On Wed, Nov 16, 2016 at 12:39 PM, Dan L=C3=BCdtke <mail@danrl.com> =
wrote:
>> Jason,
>>=20
>> do you plan on adding IPv6 compatibility to the demo server? If not, =
do you mind if I set one up? How difficult is it to run the demo server. =
It just accepts every key, right?
>>=20
>> Cheers,
>>=20
>> Dan
>> _______________________________________________
>> WireGuard mailing list
>> WireGuard@lists.zx2c4.com
>> http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Demo Server: Dual stack?

[Dan Lüdtke]

PS: This is not urgent or anything. Just wanted to know what your plans =
are and/or to get an idea how to setup a demo server myself.

I think there are more important things to do right now.


> On 16 Nov 2016, at 15:38, Dan L=C3=BCdtke <mail@danrl.com> wrote:
>=20
> Hi Jason,
>=20
>> I guess I could provide IPv6 connectivity, but.... why? It's a demo.
>=20
> Because it is a demo of a brand new protocol, showing how it can be =
used with legacy versions payload and transport protocol. I find that =
odd, but as I understand we have contradicting point of views on IP =
protocols.
>=20
>> If you're using it as an access point to the Internet with intentions
>> beyond simply trying out WireGuard, then you're abusing my service.
>=20
> I am not using it at all. But it would be useful for howtos and blog =
posts to reference it. I don't use vintage IP in my posts, so I can't =
refer to the official demo server.
>=20
> Since many potential peers are behind NATs using RFC1918 legacy IP =
addresses AND have global unicast IP addresses (which are easier to =
whitelist in a firewall than maintaining port forwarding in networks =
using a dynamic configuration protocol) I expect WireGuard to be =
especially useful using IPv6 as transport.
>=20
> BTW, I don't see any reason why the demo server should forward to the =
Internet at all. Connectivity between peers/server and accessing the =
hidden website would be enough for my usecase (howtos/blog posts), which =
may be a different one than what you intended when you setup the server.=20=

>=20
>> I'm happy to consider this, but I'll need to be convinced that this
>> actually matters.
>=20
> Unfortunately :) I, for one, need to be convinced why I should create =
lasting documentation using an EOL IP protocol. Why does IPv4 matter =
more than IPv6? Usually, latency is better when using IPv6. Latency is =
probably the first thing demo users test (ping through the tunnel).
>=20
> However, if you like to share some information how to set up one =
myself, I am happy to host a IPv6 demo server. Currently I am wondering =
how to accept *any* public key in the [Peer] config.
>=20
> Cheers,
>=20
> Dan
>=20
>> Jason
>>=20
>> On Wed, Nov 16, 2016 at 12:39 PM, Dan L=C3=BCdtke <mail@danrl.com> =
wrote:
>>> Jason,
>>>=20
>>> do you plan on adding IPv6 compatibility to the demo server? If not, =
do you mind if I set one up? How difficult is it to run the demo server. =
It just accepts every key, right?
>>>=20
>>> Cheers,
>>>=20
>>> Dan
>>> _______________________________________________
>>> WireGuard mailing list
>>> WireGuard@lists.zx2c4.com
>>> http://lists.zx2c4.com/mailman/listinfo/wireguard
>=20
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [WireGuard] Demo Server: Dual stack?

[Jason A. Donenfeld]

Hey Dan,

On Wed, Nov 16, 2016 at 3:38 PM, Dan L=C3=BCdtke <mail@danrl.com> wrote:
> Hi Jason,
>
>> I guess I could provide IPv6 connectivity, but.... why? It's a demo.
>
> Because it is a demo of a brand new protocol, showing how it can be used =
with legacy versions payload and transport protocol. I find that odd, but a=
s I understand we have contradicting point of views on IP protocols.

I see what you mean. That's a fair point. We might as well give people
an opportunity for trying things out, indeed.

Currently the scripts on the server don't support that, so I'll have
to write a small bit of code, but it shouldn't be too bad. I'll circle
back in a few weeks.

Jason

Re: [WireGuard] Demo Server: Dual stack?

[Dan Lüdtke]

Thanks Jason!

No hurry, though.

Is the script open source as well? Maybe I can tinker with it, so you =
don't waste your precious development time on supporting infrastructure.

> On 16 Nov 2016, at 15:49, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>=20
> Hey Dan,
>=20
> On Wed, Nov 16, 2016 at 3:38 PM, Dan L=C3=BCdtke <mail@danrl.com> =
wrote:
>> Hi Jason,
>>=20
>>> I guess I could provide IPv6 connectivity, but.... why? It's a demo.
>>=20
>> Because it is a demo of a brand new protocol, showing how it can be =
used with legacy versions payload and transport protocol. I find that =
odd, but as I understand we have contradicting point of views on IP =
protocols.
>=20
> I see what you mean. That's a fair point. We might as well give people
> an opportunity for trying things out, indeed.
>=20
> Currently the scripts on the server don't support that, so I'll have
> to write a small bit of code, but it shouldn't be too bad. I'll circle
> back in a few weeks.
>=20
> Jason

Re: [WireGuard] Demo Server: Dual stack?

[Jason A. Donenfeld]

Hi Dan,

Everything is open source:

https://git.zx2c4.com/WireGuard/tree/contrib/examples/ncat-client-server/README

client.sh and server.sh -- the ugliest bash you've ever seen. :)

Jason

Re: [WireGuard] Demo Server: Dual stack?

[Maykel Moya]

On 16/11/16 15:49, Jason A. Donenfeld wrote:

> On Wed, Nov 16, 2016 at 3:38 PM, Dan Lüdtke <mail@danrl.com> wrote:
>> Hi Jason,
>>
>>> I guess I could provide IPv6 connectivity, but.... why? It's a demo.
>>
>> Because it is a demo of a brand new protocol, showing how it can be used with legacy versions payload and transport protocol. I find that odd, but as I understand we have contradicting point of views on IP protocols.
> 
> I see what you mean. That's a fair point. We might as well give people
> an opportunity for trying things out, indeed.

Chiming in just to tell that my ip6 experience is a breeze since
wireguard appeared.

Right now I found myself advocating WG more as a simple-to-configure and
reliable-roaming ip6 tunnelling technology than a VPN itself.

I've previously used HE (with a handcrafted mechanism to update my
public ip4 endpoint whenever it changed) or SiXXs with a new daemon
running in my system.

With WG it's just setup and forget. Roaming is *reliable*, subjective
performance is impressive (you've done the measures, I just browse and
use services from the v6 internet without hassle).

IMHO ip6 tunnelling is a(nother) good selling point of WG.

Cheers,
maykel

[WireGuard] Dual stack?

[Jörg Thalheim]

On 2016-12-28 14:19, Maykel Moya wrote:
> Chiming in just to tell that my ip6 experience is a breeze since
> wireguard appeared.
>
> Right now I found myself advocating WG more as a simple-to-configure an=
d
> reliable-roaming ip6 tunnelling technology than a VPN itself.
>
> I've previously used HE (with a handcrafted mechanism to update my
> public ip4 endpoint whenever it changed) or SiXXs with a new daemon
> running in my system.
>
> With WG it's just setup and forget. Roaming is *reliable*, subjective
> performance is impressive (you've done the measures, I just browse and
> use services from the v6 internet without hassle).
>
> IMHO ip6 tunnelling is a(nother) good selling point of WG.
>
> Cheers,
> maykel
>
> ________

On the other hand switching between dual-stack/ipv4 only networks/ipv6 on=
ly networks
is problematic at the moment with the tools we have for roaming clients,
because wireguard only supports one endpoint of one address family at the=
 time.
This might be partially fixable in future by observing the availability o=
f default routes
in userspace (switch address family if it become unavailable). However th=
e optimal
solution would be something like the happy eyeballs protocol (https://too=
ls.ietf.org/html/rfc6555),
which is implemented in modern browser -
only because somebody got a v6/v4 default route does not mean it is also =
route able.
I don't know how the latter one would fit into the stateless concept of w=
ireguard.
I currently help myself by using an dedicated routing protocoll.

Re: [WireGuard] Demo Server: Dual stack?

[Jason A. Donenfeld]

Hey Maykel,

On Wed, Dec 28, 2016 at 2:19 PM, Maykel Moya <mmoya@mmoya.org> wrote:
> With WG it's just setup and forget. Roaming is *reliable*, subjective
> performance is impressive (you've done the measures, I just browse and
> use services from the v6 internet without hassle).
>
> IMHO ip6 tunnelling is a(nother) good selling point of WG.

That's great to hear! Indeed WireGuard is a great way to get a stable
IP from anywhere, thanks to the roaming capability.

Jason

Re: [WireGuard] Dual stack?

[Jason A. Donenfeld]

On Thu, Dec 29, 2016 at 10:22 AM, J=C3=B6rg Thalheim <joerg@higgsboson.tk> =
wrote:
> On the other hand switching between dual-stack/ipv4 only networks/ipv6 on=
ly networks
> is problematic at the moment with the tools we have for roaming clients,
> because wireguard only supports one endpoint of one address family at the=
 time.
> This might be partially fixable in future by observing the availability o=
f default routes
> in userspace (switch address family if it become unavailable). However th=
e optimal
> solution would be something like the happy eyeballs protocol (https://too=
ls.ietf.org/html/rfc6555),
> which is implemented in modern browser -
> only because somebody got a v6/v4 default route does not mean it is also =
route able.
> I don't know how the latter one would fit into the stateless concept of w=
ireguard.
> I currently help myself by using an dedicated routing protocoll.

Any suggestions on what the right behavior would be to support changes
in a dual stack environment?