search for: wireguards

Hello everybody, I saw Guus already had contact with Jason over email. What do you guys tinc of wireguards, are there advantages? Jason seems to have a good grip of what he is talking about. https://fosdem.org/2017/schedule/event/wireguard/attachments/slides/1675/export/events/attachments/wireguard/slides/1675/wireguard_slides.pdf https://fosdem.org/2017/schedule/event/wireguard/ Kind regards, Jell...

On 5 February 2017 at 05:36, Jelle de Jong <jelledejong at powercraft.nl> wrote: > What do you guys tinc of wireguards, are there advantages? Jason seems to > have a good grip of what he is talking about. Well if it's kernel only, that rules out anything not Linux, at lest at the moment. I know that may have a big share, but I find that limit. I understand it being in the kernel is attractive because it...

Hi Jared, I've seen the same while testing on digital ocean, I think it's the context switching that happens when sending a packet. I've done some testing with wireguard and that has a lot better performance but it's still changing quite a lot and only does a subset of what tinc does so probably not a stable solution. Martin On Wed, 17 May 2017 at 18:05 Jared Ledvina <jared at

On Sat, Oct 15, 2022 at 12:21:41PM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: a1b6b102df03 Merge branch 'phylink_set_mac_pm' > git tree: net > console output: https://syzkaller.appspot.com/x/log.txt?x=179af0c2880000 > kernel config: https://syzkaller.appspot.com/x/.config?x=85495c44a2c25446 > dashboard

Solution is really simple. Since this server is dual-homed ( 2 nic's ), i suggest setup advanced routing tables. The short version of howto setup. edit /etc/iproute2/rt_tables and Add : 10 OfficeLan 20 InternetWan Lookup the routing tables: ip route show table OfficeLan ip route show table InternetWan The default gateway's is to the internet. ( change ethX to you network interface

Hello, I am trying to figure out, whether there are any best practices how to run a Samba AD DC in a container. First of all: why a container? Because obviously containers require less resources and are easier to update than multiple linux systems ? and I want to spend some of the savings into redundancy (multiple DCs, also distributed to serve different locations). Googling around I found

> * What are pros and cons of container vs. VMs? Same as any other containerized setup. We've been running our Samba DCs and file servers in nspawn containers (similar to LXC) for a couple of years, no container-specific issues yet. Though I'm not sure if docker is the right tool for the job; samba as a fat daemon running a bazillion subprocesses orchestrated by a persistent database

Hello, I need to build a VPN, and I am not sure if tinc is the right tool to use. I am more familiar with OpenVPN. I have a few boxes at home, behind a router with a dynamic IP address. Those boxes host some services, like web sites, for instance. I have a server hosted online, with a few IPv4 and IPv6 addresses. All addresses being static, of course. I am planning to use tinc on Debian, to

Niklas - Thanks! Yeah, your Github issue was very useful for me to understand what is probably causing our issue (the syscall chain done on every UDP packet). Very interesting that you're able to see around 90% of a Gig line on bare metal. Were you ever able to make any further progress on adjusting Tinc based on the investigation in https://github.com/gsliepen/tinc/issues/110 ? Martin -

Hey all, So I do some development based on openssh and I'm trying to think of some new projects that might extend the functionality, feature set, user workflow, performance, etc of ssh. So open ended question: Do any of you have a wish list of things you'd like to see in ssh? Mostly I'm just curious to see what the larger community is thinking of rather than being driven

Hello everybody, First a big thanks for tinc-vpn I am still using it next to wireguard and openvpn. I am having a setup where the tinc debian appliance is at 100% cpu load doing about 7.5MB/s. Compression = 9 PMTU = 1400 PMTUDiscovery = yes Cipher = aes-128-cbc How can I pick a cipher that is the fasted for my CPU and don't create a CPU bottleneck at 100%. Kind regards, Jelle de Jong

v5: - Break the btrfs patch out as a separate patch to be processed independently. - Update the commit log of patch 1 to make it less scary. - Add a kzfree backward compatibility macro in patch 2. v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary

I once filed this issue and did an investigation on high CPU load on cloud instances that might be relevant to this topic: https://github.com/gsliepen/tinc/issues/110 If I remember correctly I found that AWS EC2 instances have this problem less than DigitalOcean instances. On bare metal machines with tinc 1.0 and aes-128-cbc, I can get 90% of gigabit line speed over tinc. On 17/05/17 19:17,

Hi Andrê, So by nodes I assume you mean the "boxes". I would suggest each "box" gets it's own tinc node(with a static ip) and then on the server it should be a matter of pointing at the ip address of the appropriate box tinc ip address. I've done this myself with WireGuard and it works great. On Mon, Nov 25, 2019 at 7:14 AM André Rodier <andre at rodier.me>

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or

As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively detrimental, because maybe in the future we really _might_ want to use that "memfill(0xdeadbeef)" or

On Sun, 2020-06-21 at 16:47 -0400, mailist wrote: > On 2020-06-21 15:33, Chuck Campbell wrote: > > I'm running Centos 7.8.2003, with firewalld. > > > > I was getting huge numbers of ssh attempts per day from a few specific > > ip blocks. > > If you can control the ssh clients, switch your port number to a > non-standard > port. Pick one in

v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary memzero_explicit()" patch for now as there can be a bit more discussion on what is best. It will be introduced as a separate patch later on after this one is merged. This patchset makes a global rename of the kzfree()

v4: - Break out the memzero_explicit() change as suggested by Dan Carpenter so that it can be backported to stable. - Drop the "crypto: Remove unnecessary memzero_explicit()" patch for now as there can be a bit more discussion on what is best. It will be introduced as a separate patch later on after this one is merged. This patchset makes a global rename of the kzfree()