wirehub - decentralized, peer-to-peer and secure overlay networks built with WireGuard

Rene 'Renne' Bartsch, B.Sc. Informatics ml at bartschnet.de
Wed Jan 30 17:55:37 CET 2019



Am 30.01.19 um 16:46 schrieb Gawen ARAB:
> Hey Rene,
> 
>  > I suggest to use a cryptographically generated IPv6 address (128-bit hash of Wiregurad public key with first n bits replaced by a Wireguard-specific IPv6 prefix)
>  > for routing and management purposes. Adding a reverse-lookup IPv6-address -> Wireguard public key via DHT would allow a public IPv6 overlay network
>  > with authorization via firewall rules. Nodes should also be able to announce their subnets via DHT.
> 
> I agree. I plan to use the subnet ORCHID as defined by RFC 4843.
> See command `wh orchid`.
> 

Great! :-)

RFC 4843 has been obsoleted by RFC 7343. Please use RFC 7343 instead and re-use as much cryptographic code of Wireguard as possible to reduce possible bugs and weaknesses.

I suggest to omit the custom UDP protocol and libpcap by adding an ORCHIDv2 address to the wireguard network device and run the DHT via a port of the ORCHIDv2 address.
That way you can easily calculate the ORCHIDv2 address of a peer from the public key and connect the DHT.


Regards,

Renne


More information about the WireGuard mailing list