Linus on Wireguard
But now that I look at it, it's pretty cool, but it gets one thing wrong. The same thing that was so fuckin' annoying with tun-mode OpenVPN:
It has an internal mapping from destination IP to peer.
Eg, I can do
ip route add 10.13.37.0/24 via 192.168.0.13 dev eth7
and if eth7 only needs to know macaddress of 192.168.0.13. I don't need to tell it that packets to 10.13.37.0/24 should also go via that macaddress.
OTOH, with OpenVPN, I need to _also_ add `iroute 10.13.37.0/24` to the right peer's file in ccd.
And with WireGuard, I need to add whole 10.13.37.0/24 to that peer's AllowedIPs.
I wonder what happens when I add overlapping ranges to AllowedIPs of different peers, I guess everything breaks.
What I'd love to is if the VPN interface could use pubkey where ethernet interface uses mac address, so as to play nicely with other parts of the network stack (like routing table, firewalls, etc), and so that I don't need to have everything in two places.
@angristan Wow, we get a big green light from Linus for something that is actually security-oriented! This is unusual. Great news for Jason and all the users.
@angristan I've never seen him so consistently positive about something on lkml
totally fuckin right on
Fast, secure and up-to-date instance, welcoming everyone around the world. Join us! 🌍
Up since 04/04/2017. ✅
Why should you sign up on mstdn.io?
This instance is not focused on any theme or subject, feel free to talk about whatever you want. Although the main language is english, we accept every single language and country.
We're connected to the whole OStatus/ActivityPub fediverse and we do not block any foreign instance nor user.
We do have rules, but the goal is to have responsible users. So far we haven't had any issue with moderation
The instance uses a powerful server to ensure speed and stability, and it has good uptime. We follow state-of-the-art security practices.
Also, we have over 300 custom emojis to unleash your meming potential!
Looking for a Kpop themed instance? Try kpop.social