home tags events about login
one honk maybe more

hikhvar@norden.socia.. replied 09 Dec 2024 16:57 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/h6Lf25VHgjPHy3Tnyc

@benjojo Sounds like a sane approach. The KEX/Auth part in OpenVPN is much more complex than the single encryption algorithm in Wireguard. That approach will solve some problems we currently have, as the user space OpenVPN server will stop forwarding traffic if it get stuck. Our auth plugin blocks sometimes and then impact OpenVPN forwarding for all logged in users.

equinox@chaos.social replied 09 Dec 2024 22:16 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/h6Lf25VHgjPHy3Tnyc

@benjojo very curious to see how they ended up handling the P2MP peer selection. I talked to them at netdevconf in Portugal and recommended they look at how GRE/NHRP and app_solicit works, but no idea if that's viable for them.

There's also lwt on routes, but then the routing system has to deal with it... (app_solicit would allow for a full separation, it's like ARP in that installing a route with a nexthop triggers MAC resolution automatically)