I am not sure if this is secure or if the public and private keys are being leaked by being sent backdoor to another server.
Do you have some kind of proof of this? (sending the keys)
If I understand it correctly, those IP addresses you were suspecting were incoming connections, and not the destination.
Well in the firewall it shows those as incoming connections, but it is accepted from the firewall, however the wg-easy edit history does not show any connections coming from those public IPs and I do not share those peers with anyone. anyone else because only certain WAN IPs are allowed to access, and that IP is definitely not a WAN IP on my allowed list.
Post the rule 21 config. I’m not convinced that’s setup correctly otherwise if you say you’re only allowing certain CIDRs only then this is not a WG issue but rather the config on the Fortigate.
if the public and private keys are being leaked by being sent backdoor to another server
Why not audit it yourself? Read the code. If you're so paranoid about deploying an open source app, why not take the time to read the code itself? It's open source, read it.
And I did the job you're supposed to do and searched through the source code myself. It doesn't create the IP you mentioned and the only IP it reserves is in the 10.8.0.x range by default which it reserves for itself and its peers. You would know that if you actually checked the code yourself.
wg-easy is open-source and audited by many.
Of course you can never be entirely sure, but I haven't noticed any incoming connections on my end.
First!
Sorry, I don’t have anything to add. I clicked on the post because I have used wg-easy in the past and then jumped at the chance to be the first comment. I hope you find the answers you’re looking for.
Actually, maybe I can add something. Looking at those IP addresses, they are CGNAT which you would typically get from a mobile carrier.
Do you have some kind of proof of this? (sending the keys)
If I understand it correctly, those IP addresses you were suspecting were incoming connections, and not the destination.
Well in the firewall it shows those as incoming connections, but it is accepted from the firewall, however the wg-easy edit history does not show any connections coming from those public IPs and I do not share those peers with anyone. anyone else because only certain WAN IPs are allowed to access, and that IP is definitely not a WAN IP on my allowed list.
More replies More replies
This IP range is given to ISPs for CGNAT.
Great to know. Didn’t realize there was a net between my net and the ‘net.
More replies
Post the rule 21 config. I’m not convinced that’s setup correctly otherwise if you say you’re only allowing certain CIDRs only then this is not a WG issue but rather the config on the Fortigate.
You linked to the GitHub repo, didn't you?
Why not audit it yourself? Read the code. If you're so paranoid about deploying an open source app, why not take the time to read the code itself? It's open source, read it.
And I did the job you're supposed to do and searched through the source code myself. It doesn't create the IP you mentioned and the only IP it reserves is in the
10.8.0.xrange by default which it reserves for itself and its peers. You would know that if you actually checked the code yourself.wg-easy is open-source and audited by many.
Of course you can never be entirely sure, but I haven't noticed any incoming connections on my end.
First!
Sorry, I don’t have anything to add. I clicked on the post because I have used wg-easy in the past and then jumped at the chance to be the first comment. I hope you find the answers you’re looking for.
Actually, maybe I can add something. Looking at those IP addresses, they are CGNAT which you would typically get from a mobile carrier.
Do you have any clients connecting via 4G/5G?
More replies
More replies