[WireGuard] auth-only wireguard

Alex Xu alex_y_xu at yahoo.ca
Thu Oct 6 19:42:47 CEST 2016

On Thu, 06 Oct 2016 09:34:18 -0700
Jehan Tremback <jehan at altheamesh.com> wrote:

> Let me be more specific about my application. I'm trying to create a
> system where routers in a "mesh" network (mixed ad-hoc wifi and
> ethernet) pay their neighbors, or are paid by their neighbors for
> bandwidth. To make this happen, I've got to be able to identify
> traffic from specific neighbors with something less spoofable than MAC
> addresses. Creating tunnels between neighbors fits the bill for now,
> and gives me a good handle to apply traffic shaping to different
> neighbors. The encapsulating tunnel packet will have the source IP
> address of the previous hop neighbor, and will be sent to the next
> hop neighbor, and can be prioritized . Authentication keeps anyone
> from spoofing addresses and stealing bandwidth.

So... now everybody can spy on each other's traffic instead of
also spoofing it. That doesn't seem like a huge improvement to me.

More information about the WireGuard mailing list