Better Output

Hendrik Friedel hendrik at
Mon Apr 18 08:40:02 UTC 2022

Hello Aaron,

thanks for your reply.

>This would be technically achievable, but note that WireGuard
>uses UDP, which has no concept of "connections". See also
That is understood. But one can distinguish between a situation where a 
(not sure about an alternative word) "connection" was established and 
where not.

By the way: What does the Green Symbol today in the windows-client tell 
me? Currently, I find it totally mis-leading. I think today it only 
shows that:
1) the domain could be resolved to an IP
2) data was sent to it
That seems not very useful.

> > 2) If a wireguard server responds, but the key is not valid
>WireGuard does not respond if the keys are not valid. See
>section 5.1 ("Silence is a Virtue") in the WireGuard
>whitepaper [1].
Then, Silence is also a sign of a failed connection, no? --> red symbol. 
But ok, it cannot show the reason "key invalid".

> > 3) If the connection fails, the Windows Client should show
> >    a RED symbol under status.
>This could only be determined by a previously-in-use session
>having had no packets received for greater than the maximum
>rekey interval (2 minutes).
Why? If a connection is established, data is received, in my experience 
--> green Symbol. If no data is received --> red.
Sorry, but having to check the "bytes received" and ignoring the green 
symbol is hardly intuitive (a bit geeky, if I may say that). The 99% 
user does not know the backgrounds and/or the whitepaper.

>However, WireGuard itself will not send any data if it has no
>data to send (same section of the whitepaper), and so if you
>are not using the tunnel for 2 minutes, this would be
>indistinguishable from a failed tunnel.
Well, I was only thinking about the esablishing of a connection, not the 
situation while a tunnel is up (but not used).
So, I understand that an icon that was turned green once may have to 
stay green (as one cannot distinguish between no data *intended* to be 
transmitted and no data transmitted *unintendedly*/failed connection.

>An exception is if you enable keepalives; they are 0-length
>data packets.
In that case, the Icon would always be able to reflect the real status.

Now, would that not be something for the ToDo List?

Best regards,

>Aaron Jones

More information about the WireGuard mailing list