use wireguard for tunnels

bmx-routing / bmx7

BMX7 / SEMTOR Securely Entrusted Mesh Routing Protocol

GNU General Public License v2.0

63 stars 15 forks source link

use wireguard for tunnels #39

Open aparcar opened 5 years ago

aparcar commented 5 years ago

connections between nodes are mostly via unencrypted wireless connections. to add some security it would be reasonable to encrypt tunnel connections. these happen mostly between a node and a uplink gateway the client trusts.

the current tunnel plugin could be rewritten to use wireguard or an addition plugin is used, as wireguard slows throughput on devices with low resources

the public keys should be announced via descriptive messages

generally it could be worth some research to change the current crypto keys to the ones used by wireguard

aparcar commented 5 years ago

@axn what cryptographic primitives are you currently using?

luserx0 commented 5 years ago

This issue is handled by me for the purposes of Google Summer of Code 2019.

An overview can be found at: Freifunk Blog: WG tunnelling on BMX7

For any clarification on the approach, tips for the implementation or requested functionality, please comment on this thread.

aparcar commented 5 years ago

I assigned the issue to you, make us proud!

luserx0 commented 5 years ago

Progress Update:

Currently two bmx7 nodes that run the wg_tun_plugin are able to automatically exchange keys and configuration details and establish a connection between them.

luserx0 commented 5 years ago

For GSoC purposes, the final report lies here
More info and continuation of the project, here.