bmx7 icon indicating copy to clipboard operation
bmx7 copied to clipboard

Published 20 hours ago verified publisher icon bmx-routing

use wireguard for tunnels

Open aparcar opened this issue 6 years ago • 5 comments

connections between nodes are mostly via unencrypted wireless connections. to add some security it would be reasonable to encrypt tunnel connections. these happen mostly between a node and a uplink gateway the client trusts.

the current tunnel plugin could be rewritten to use wireguard or an addition plugin is used, as wireguard slows throughput on devices with low resources

the public keys should be announced via descriptive messages

generally it could be worth some research to change the current crypto keys to the ones used by wireguard

aparcar avatar Jan 12 '19 13:01 aparcar

@axn what cryptographic primitives are you currently using?

aparcar avatar Jan 12 '19 13:01 aparcar

This issue is handled by me for the purposes of Google Summer of Code 2019.

For any clarification on the approach, tips for the implementation or requested functionality, please comment on this thread.

luserx0 avatar Jun 12 '19 17:06 luserx0

I assigned the issue to you, make us proud!

aparcar avatar Jun 13 '19 15:06 aparcar

Progress Update:

  • Currently two bmx7 nodes that run the wg_tun_plugin are able to automatically exchange keys and configuration details and establish a connection between them.

luserx0 avatar Jul 21 '19 13:07 luserx0

  • For GSoC purposes, the final report lies here
  • More info and continuation of the project, here.

luserx0 avatar Aug 26 '19 18:08 luserx0