diff --git a/contrib/benchmarking/configs/other.conf b/contrib/benchmarking/configs/other.conf deleted file mode 100644 index 4257914..0000000 --- a/contrib/benchmarking/configs/other.conf +++ /dev/null @@ -1,8 +0,0 @@ -[Interface] -ListenPort = 27183 -PrivateKey = oHilodMrwJSD1UUIkAkyCek2yqy1Frs5XuN47ShGFk0= - -[Peer] -PublicKey = S8hEvD+dam+PrwG4GrSPtE2Pl3ylO/oiUnUDXw3vnx0= -AllowedIPs = 192.168.2.2/32 -Endpoint = 10.10.10.100:38292 \ No newline at end of file diff --git a/contrib/benchmarking/configs/thinkpad.conf b/contrib/benchmarking/configs/thinkpad.conf deleted file mode 100644 index df02b2b..0000000 --- a/contrib/benchmarking/configs/thinkpad.conf +++ /dev/null @@ -1,8 +0,0 @@ -[Interface] -ListenPort = 38292 -PrivateKey = MPCo/WSBkm/DCkbEXUhtjc5u//IeD6wEeaw3Q2HxFGw= - -[Peer] -PublicKey = c5PwaIZcVZFDuoDdQJGnYe+fk+wt0qANARpnZDOvqhw= -AllowedIPs = 0.0.0.0/0 -Endpoint = 172.16.48.128:27183 diff --git a/contrib/benchmarking/openvpn-config.txt b/contrib/benchmarking/openvpn-config.txt deleted file mode 100644 index f51eabd..0000000 --- a/contrib/benchmarking/openvpn-config.txt +++ /dev/null @@ -1,2 +0,0 @@ -Server: openvpn --dev tun --ifconfig 192.168.3.1 192.168.3.2 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721 -Client: openvpn --dev tun --ifconfig 192.168.3.2 192.168.3.1 --secret static.key --cipher AES-256-CBC --auth SHA256 --port 61721 --remote 10.10.10.1 diff --git a/contrib/benchmarking/static.key b/contrib/benchmarking/static.key deleted file mode 100644 index 53075fe..0000000 --- a/contrib/benchmarking/static.key +++ /dev/null @@ -1,21 +0,0 @@ -# -# 2048 bit OpenVPN static key -# ------BEGIN OpenVPN Static key V1----- -12abb34ac1cb716576642c7e4c9719af -b311929f6bb5a7b9082c9ac3a02dc77a -26fc65ba97e67d1dc5b273e72760caba -6c8a3321acdf89bfd0469528bfc9ed89 -1c9c3762d1e18786c8b6dd590456f158 -d1f625810da1225864c23d7e848ca5d7 -18a49c4b7e640f8e51001ace9222de75 -e05177fd01b32d702bd12b45b085678c -239e3927d98912174ac648d0e37a3247 -45cabcbea7cf70832f8800a8b863a35a -933c5921fd65882b050bd1096a0c6c60 -638fb22eafb9f49c13573236d0427441 -c98869ba8de30e597452237527e7dcc6 -519058a919de4432203dc1d7622fb4d0 -f8f20c5350256cdf17bb3b85c5c838fc -6ddeb4da9dae8b0b882cb043db483a9d ------END OpenVPN Static key V1----- diff --git a/contrib/client-server-example/README b/contrib/client-server-example/README new file mode 100644 index 0000000..fd3088a --- /dev/null +++ b/contrib/client-server-example/README @@ -0,0 +1,16 @@ + === IMPORTANT NOTE === + +Do not use these scripts in production. They are simply a +demonstration of how easy the `wg(8)` tool is at the command +line, but by no means should you actually attempt to use +these. They are horribly insecure and defeat the purpose +of WireGuard. + + STAY AWAY! + +Distros: do not distribute these with your packages. + + + +That all said, this is a pretty cool example of just how +darn easy WireGuard can be. diff --git a/contrib/stress-testing/badpacket.c b/contrib/stress-testing/badpacket.c deleted file mode 100644 index eee61fc..0000000 --- a/contrib/stress-testing/badpacket.c +++ /dev/null @@ -1,27 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -int main(int argc, char *argv[]) -{ - static const unsigned char handshake1[143] = { 1, 0 }; - int fd = socket(AF_INET, SOCK_DGRAM, 0); - struct sockaddr_in addr = { - .sin_family = AF_INET, - .sin_port = htons(atoi(argv[2])), - .sin_addr = inet_addr(argv[1]) - }; - connect(fd, (struct sockaddr *)&addr, sizeof(addr)); - - for (;;) - send(fd, handshake1, sizeof(handshake1), 0); - - close(fd); - - return 0; -} diff --git a/contrib/stress-testing/peg.c b/contrib/stress-testing/peg.c deleted file mode 100644 index 6b539fa..0000000 --- a/contrib/stress-testing/peg.c +++ /dev/null @@ -1,50 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -static unsigned long long interface_tx_bytes(const char *interface) -{ - char buf[PATH_MAX]; - FILE *f; - unsigned long long ret; - snprintf(buf, PATH_MAX - 1, "/sys/class/net/%s/statistics/tx_bytes", interface); - f = fopen(buf, "r"); - fscanf(f, "%llu", &ret); - fclose(f); - return ret; -} - -int main(int argc, char *argv[]) -{ - char buf[1500] = { 0 }; - unsigned long long before, after, i; - struct timespec begin, end; - double elapsed; - struct ifreq req; - int fd = socket(AF_INET, SOCK_DGRAM, 0); - struct sockaddr_in addr = { - .sin_family = AF_INET, - .sin_port = htons(7271), - .sin_addr = inet_addr(argv[3]) - }; - strcpy(req.ifr_name, argv[1]); - ioctl(fd, SIOCGIFMTU, &req); - - connect(fd, (struct sockaddr *)&addr, sizeof(addr)); - - before = interface_tx_bytes(argv[2]); - clock_gettime(CLOCK_MONOTONIC, &begin); - for (i = 0; i < 10000000; ++i) - send(fd, buf, req.ifr_mtu - 28, 0); - clock_gettime(CLOCK_MONOTONIC, &end); - after = interface_tx_bytes(argv[2]); - elapsed = end.tv_sec - begin.tv_sec + (end.tv_nsec - begin.tv_nsec) / 1000000000.0; - - printf("%.4f mbps\n", ((after - before) * 8) / elapsed / 1000000.0); - return 0; -} diff --git a/contrib/stress-testing/self-send.sh b/contrib/stress-testing/self-send.sh deleted file mode 100755 index eb7947b..0000000 --- a/contrib/stress-testing/self-send.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -set -e - -PRIVATE_KEYS=("") -PUBLIC_KEYS=("") - -resetwg() { - for i in {1..64}; do - ip link delete dev wg${i} 2>/dev/null >/dev/null || true - done -} - -for i in {1..64}; do - next_key="$(wg genkey)" - PRIVATE_KEYS+=("$next_key") - PUBLIC_KEYS+=($(wg pubkey <<<"$next_key")) -done - -resetwg -trap resetwg INT TERM EXIT - -for i in {1..64}; do - { echo "[Interface]" - echo "ListenPort = $(( $i + 31222 ))" - echo "PrivateKey = ${PRIVATE_KEYS[$i]}" - - for j in {1..64}; do - [[ $i == $j ]] && continue - echo "[Peer]" - echo "PublicKey = ${PUBLIC_KEYS[$j]}" - echo "AllowedIPs = 192.168.8.${j}/32" - echo "Endpoint = 127.0.0.1:$(( $j + 31222 ))" - done - } > "/tmp/deviceload.conf" - - ip link add dev wg${i} type wireguard - wg setconf wg${i} "/tmp/deviceload.conf" - ip link set up dev wg${i} - rm "/tmp/deviceload.conf" -done - -ip address add dev wg1 192.168.8.1/24 - -while true; do - for i in {2..64}; do - echo hello | ncat -u 192.168.8.${i} 1234 - done -done diff --git a/contrib/stress-testing/threewayiperf.sh b/contrib/stress-testing/threewayiperf.sh deleted file mode 100755 index 932d666..0000000 --- a/contrib/stress-testing/threewayiperf.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -e - -if [[ $(hostname) == "thinkpad" ]]; then - make -C "$(dirname "$0")/../../src" remote-run - for i in 128 129 130; do - scp "$0" root@172.16.48.${i}: - done - for i in 128 129 130; do - konsole --new-tab -e ssh -t root@172.16.48.${i} "./$(basename "$0")" - done - exit -fi - -# perf top -U --dsos '[wireguard]' - -tmux new-session -s bigtest -d -tmux new-window -n "server 6000" -t bigtest "iperf3 -p 6000 -s" -tmux new-window -n "server 6001" -t bigtest "iperf3 -p 6001 -s" -sleep 5 -me=$(ip -o -4 address show dev wg0 | sed 's/.*inet \([^ ]*\)\/.*/\1/' | cut -d . -f 4) -for i in 1 2 3; do - [[ $i == $me ]] && continue - [[ $me == "1" ]] && port=6000 - [[ $me == "3" ]] && port=6001 - [[ $me == "2" && $i == "1" ]] && port=6000 - [[ $me == "2" && $i == "3" ]] && port=6001 - tmux new-window -n "client 192.168.2.${i}" -t bigtest "iperf3 -n 300000G -i 1 -p $port -c 192.168.2.${i}" -done -tmux attach -t bigtest diff --git a/src/wg.8 b/src/wg.8 index 67b4cf7..eee6d7b 100644 --- a/src/wg.8 +++ b/src/wg.8 @@ -131,7 +131,9 @@ to which outgoing traffic for this peer is directed. The catch-all \fI::/0\fP may be specified for matching all IPv6 addresses. Required. .IP \(bu Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a -port number. Optional. +port number. This endpoint will be updated automatically to the most recent +source IP address and port of correctly authenticated packets from the peer. +Optional. .SH CONFIGURATION FILE FORMAT EXAMPLE This example may be used as a model for writing configuration files.