search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.58k stars 358 forks source link

Feature request: Mullvad post quantum #1513

Open mattdale77 opened 1 year ago

mattdale77 commented 1 year ago

What's the feature 🧐

Do you intend to implement Mullvad's post quantum wireguard connections? It looks like it uses the initial connection to exchange details for a more secure connection and then switches to that. Mullvad stuff is usually open source so I'm wondering if it's something that you intend to incorporate into the excellent Gluetun

Extra information and references

Further information on the Mullvad website

notDavid commented 1 year ago

Details here

( via source2 via source3 )

Gylesie commented 1 year ago

Additionally, technical details are in their architecture overview readme.

Unless Mullvad provides a maintained script to help with getting the wg pre-shared key along with the ephemeral wg keys for the post-quantum tunnel wg peer, I would not get my hopes up for implementing this soon, since it would take quite an effort, most likely reading their code.

I am not if the architecture of gluetun makes it feasible, but maybe it would be easier to use their mullvad-cli to create the encrypted tunnels?

raphpa commented 5 days ago

Just for reference. I got it working pretty easily with https://github.com/mullvad/wgephemeralpeer Maybe this can provide some ideas on how to implement it.