New things I didn't know about Wireguard

Posted on Thu 27 December 2018 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is part of my brief series on Wireguard. I'm pretty enamoured with Wireguard and the way it works, and I've been using it pretty seamlessly for over a year now. I've learned a couple things that weren't immediately obvious though, so I'm documenting them here.

Easy Provisioning

Samuel Holland mentioned an interesting trinket, in his post at https://lists.zx2c4.com/pipermail/wireguard/2018-December/003703.html:

"[...] WireGuard will ignore a peer whose public key matches the interface's private key. So you can distribute a single list of peers everywhere …


Continue reading

Wireguard - Part Three (Troubleshooting)

Posted on Mon 12 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is part of my brief series on Wireguard. I'm pretty enamoured with Wireguard and the way it works, but there were a couple slightly curly bits that I needed to get my head around. This troubleshooting guide is a rough dump of the issues I had, and how I fixed them.

Gotten Stuck?

At this stage, there are actually a few ways that this can go wrong, even though we haven't done much. Think through all the bits:

  • Installed Wireguard at both ends
  • Set up your NAT rule on …

Continue reading

Wireguard - Part Two (VPN routing)

Posted on Sun 11 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is a continuation of my brief series on the new Wireguard VPN. Part One was about the simple building-blocks to get Wireguard working between two endpoints. Now that we've got a couple machines able to ping each other by IP address, we can carry on a bit deeper into the inter-LAN routing stuff.

Extending on from the IP addresses in Part One, instead of JUST connecting to the remote machine, I want to actually have access to everything on the whole 10.20.0.0/16 network; even the …


Continue reading

Wireguard - Part One (Installation)

Posted on Sat 03 June 2017 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

Wireguard is the most excellent VPN stack around. It's really fast, the concept of Cryptokey Routing is awesome, and I love the speed and simplicity benefits that come from opionionated cryptography. The protocol is so simple - expressed in a mere 4k lines of code - that it's auditable by anyone.

But.

With my initial naive approach, I found myself using HTTPS, over ports forwarded over SSH tunnels, connected over Wireguard. Although it was straightforward to get Wireguard working between two endpoints, I ended up in nested-crypto hell.

So, this brief series …


Continue reading

HP Procurve's warn-and-disable

Posted on Sun 30 April 2017 in Tech • Tagged with Tech, Networking

Since mid-2016, I've been working as a Network and Security Administrator. While I'd done a fair amount of networking previously, most of my experience had been with either unmanaged switches, or in a pre-built Cisco environment. Stepping into the world of managed networking was new for me, as was stepping into the world of HP Switches.

We were having recurring issues with a certain business unit looping ports on a switch. We had loop-protect running, but it was only set to disable the port after 5 seconds, and only for …


Continue reading