[lug] Security - Wireguard
Bucky Carr
bcarr at purgatoire.org
Sat Jun 29 11:56:16 MDT 2019
On 6/29/2019 11:20 AM, Zan Lynx wrote:
> On 6/29/2019 10:58 AM, Bucky Carr wrote:
>> Okay, thanks for the update. I didn't know there is a GUI for
>> OpenVPN. One thing especially I don't like about OpenVPN is how
>> chatty it is. Sending those keeplive packets all the time. I don't
>> seem to need the keepalive packets with Wireguard.
>
> You might be surprised.
>
> It probably depends on your exact configuration, but if you're using
> NAT of any kind you're going to need keep-alive packets or the NAT
> hardware will close your connection.
Testing... I established a new VPN connection and ssh'd into the box.
Then left the ssh connection idle for 5 minutes and it was still alive
thereafter. One thing that Wireguard does in the background is
renegotiate a new, ephemeral, symmetric key: server <-> client :about
every 2 minutes.
Could that be obviating the need for a keepalive packet?
More information about the LUG
mailing list