wirehub - decentralized, peer-to-peer and secure overlay networks built with WireGuard
Rene 'Renne' Bartsch, B.Sc. Informatics
ml at bartschnet.de
Wed Jan 30 17:55:37 CET 2019
Am 30.01.19 um 16:46 schrieb Gawen ARAB:
> Hey Rene,
>
> > I suggest to use a cryptographically generated IPv6 address (128-bit hash of Wiregurad public key with first n bits replaced by a Wireguard-specific IPv6 prefix)
> > for routing and management purposes. Adding a reverse-lookup IPv6-address -> Wireguard public key via DHT would allow a public IPv6 overlay network
> > with authorization via firewall rules. Nodes should also be able to announce their subnets via DHT.
>
> I agree. I plan to use the subnet ORCHID as defined by RFC 4843.
> See command `wh orchid`.
>
Great! :-)
RFC 4843 has been obsoleted by RFC 7343. Please use RFC 7343 instead and re-use as much cryptographic code of Wireguard as possible to reduce possible bugs and weaknesses.
I suggest to omit the custom UDP protocol and libpcap by adding an ORCHIDv2 address to the wireguard network device and run the DHT via a port of the ORCHIDv2 address.
That way you can easily calculate the ORCHIDv2 address of a peer from the public key and connect the DHT.
Regards,
Renne
More information about the WireGuard
mailing list