Built-in Roaming is limited due to a design fault adding STUN and TURN support would be good and make wire-guard connections more durable.
Dan Lüdtke
mail at danrl.com
Wed Jan 18 13:07:56 CET 2017
I don't see a bug here. And no patches. And still no code. Only plenty of tl;dr. I think the only thing we can do is to agree to disagree.
> On 18 Jan 2017, at 12:21, Peter Dolding <oiaohm at gmail.com> wrote:
>
>> On Wed, Jan 18, 2017 at 4:11 PM, Dan Lüdtke <mail at danrl.com> wrote:
>> Two things I have not seen so far:
>> - government regulations that enforce NAT
>> - ISPs (let alone carriers) "upgrading" their networks to ipv6 nat (i myself have run both, isp + carrier networks, and i call BS on your future outlook regarding nat ipv6)
>> - code from you in this thread
>>
> https://en.wikipedia.org/wiki/Internet_censorship
> When you start looking into countries that are red in the "World map
> showing the status of YouTube blocking" you will find some of those
> its mandatory to have a NAT between ISP and open internet even for
> IPv6. Yes the area of infect users is currently small. But when you
> look a countries implementing more regulations we cannot be sure how
> small this will remain.
>
> I would say your outlook is wishful thinking that is willing to ignore
> about 10 percent of the users on the internet who don't have well
> behaved Carriers or Governments.
>
> So Dan you are doing a works for me arguement what is the most invalid
> arguement to-do in many cases. Its lets sweep a bug under a carpet
> and not consider it.
>
> The problem is the type of NAT used.
> https://en.wikipedia.org/wiki/Network_address_translation#Symmetric_NAT
>
> Symmetric NAT this nicely randomises what address users behind it are
> coming from. Usage of Symmetric NAT does not have to have anything
> to-do with reducing the number of IP addresses in usage. Symmetric
> NAT can have equal number of users to internet address.
>
> Symmetric NAT is the brick wall from hell to hole punching. The
> main objective of a Symmetric NAT is that something in the internet
> that has not had a packet from something behind the Symmetric NAT
> blocked by default. Add in symmetric NAT randomising IP to IP
> mapping. So after IPv4 disappears what Symmetric NAT still has a
> usage in IPv6.
>
> Teredo that is IPv6 over IPv4 fails if both ends are behind Symmetric
> NAT. Normal STUN for NAT punching falls over if both ends are
> behind Symmetric NAT this does not matter if it IPv4 or iPv6.
> Symmetric NAT randomising ip to ip mapping bring hell. So you opened
> up a connection after so much time the Symmetric NAT forgets and you
> attempt to send another packet to a end and it picks out a new IP
> address at random to use.
>
> The three types cone style NAT will stay in usage by client routers by
> different Carriers even after IPv6 is dominate everywhere as it make
> sense at that point so being able to punch though those at times will
> still be required.
>
> So the 4 types of common NAT are not going anywhere were they were
> used for common sense reasons. The Carrier NAT attempting to push
> massive numbers of users though limited addresses will hopefully
> disappear due to IPv6.
>
> Basically Dan is about time you step back look at NAT how it used and
> where is used and why. The change to IPv6 is only really getting
> rid of one form of NAT being the carrier nat that were non Symmetric
> NAT based on Symmetric NAT ideas that at times had massive problems
> like completely running out of ports due to not enough address because
> attempting to push too many clients out too few of addresses.
>
> If somewhere has a pure Symmetric NAT where the number of external
> address match the number of internal address for IPv4 for security
> reasons doing the same thing on IPv6 has the same logical reasons.
> So logically sane placed Symmetric NAT will remain and when you have
> to get though them the same problems will remain.
>
> The reality is the 4 common types of NAT can be deployed sanely
> without massive over-stacking. Under IPv6 the worse we should see is
> hopefully only 2 NAT deep. Possible 3 mode cone NAT in router and
> Carrier with a Symmetric NAT between you and the internet. as long as
> what ever is design can get though this worse case all cases will be
> covered. . Why hopefully only 2 nat deep It is possible to have
> like ADSL router NAT + a WIFI router doing NAT and Carrier doing
> Symmetric NAT but the wifi NAT level is kinda self inflicted by user
> on self not forced on user by carrier this is an improvement over the
> 3 to 4 deep in nat by carrier in some places..
>
> Dan attempting to code when the required interfaces to make it work
> don't exist and have not been debated does not make much sense. Also
> attempting to tell boss time this will need roughly to give something
> functional also not be guessed when you are in the location that there
> is a framework problem.
>
> IPv6 is improving something things. But IPv6 is not a magic bullet
> to cure all the issues of having at times to get through NAT.
>
> Basically it is BS the that existence of NAT can be ignored because
> IPv6 fixes everything. IPv6 pure once fully deployed by all carriers
> should reduce the number of NAT you have to cross on the internet.
> The big elephant in the room is that IPv6 is only going to reduce the
> number of NAT in the internet not remove them all.
>
> So working out how to handle the case that end user has found
> themselves on the wrong side of deployed NATs applies to IPv4 and IPv6
> with IPv6 hopefully being less glitch due to lower numbers of NAT in
> the mix.
>
> Think if a company can use an accounts that is behind a Symmetric NAT
> without having to pay extra or do extra government regulation for a
> static public internet IP address might reduce their costs of doing
> business. Also consider the ones most commonly going to be stuck
> behind Symmetric NAT are also the places that will have massive
> amounts of government regulation that can forbid having private keys
> on overseas servers and and using overseas vpn servers. Using a
> Relay/TURN server is hair splitting as it not a overseas VPN server
> its only an overseas relay at worst.
>
> Reality Dan look out side your small conner of the earth. New
> standards does not change how messed up world internet regulations by
> different governments are or different carriers stunts to make more
> money.
>
> .
> Peter Dolding
More information about the WireGuard
mailing list