Jump to content
TorGuard

wireguard conf files EXPIRE!

Rate this topic


Recommended Posts

I've noticed that unless you use the Torguard apps for wireguard all the wireguard conf files downloaded from the TG config generator and configured manually on a router or the Wireguard app (https://www.wireguard.com/install/) can only login once and will expire requiring a new conf file generated. So, if you disconect wireguard connection for more than 15 minutes you must download a new conf file and set it up again. 

Torguard explained to me that this permanent burden is for preventing man in the middle attacks.

I now use Mullvad wireguard (since OCt 3) and it is 10 times more reliable than TG wireguard and for me MUCH faster as well AND the conf files don't have this ridiculous TG expiring conf files!

Can someone explain why TG does this and no other wireguard services (that I have used) have this debilitating, onerous function? This is a game-changer for me.

Link to post
Share on other sites
19807409
7 hours ago, uNc said:

Torguard explained to me that this permanent burden is for preventing man in the middle attacks.

Wireguard was kinda incompatible to no log policy. Every time you connect to the server, your real IP is saved in RAM. There are also other issues, however, this should be the primary reason why at all they applied kinda firewall solution. After 15 minutes means, that your data is kept for 15 minutes. Some people might say, extend it to 24 hours or so, but this would mean that your personal data can be attacked and the easiest one is man in the middle where some from torguard could export your data.

 

8 hours ago, uNc said:

I now use Mullvad wireguard (since OCt 3) and it is 10 times more reliable than TG wireguard and for me MUCH faster as well AND the conf files don't have this ridiculous TG expiring conf files!

Different VPN's, different solutions. You can claim things about Mulllvad, I wont probably even check them as I do not use Mullvad, but claiming it is much more faster or more reliable is simply nonsense. TorGuard officially released Wiereguard client and you have features on it like port forwarding, TorGuard is not obliged to make it work for other platforms like OpenWRT, they actually have to deliver only TG client which works. They delivered it and they though about people using openwrt and other things, did not delete my guides and let people connect over wireguard without to enforce their own client. So please, do not talk nonsense about reliability of wireguard as example on openwrt as you are not using it. It did not disconnect once, speeds are very stable and port forwarding works. Nothing worked so flawless on torguard like wireguard. They might have issues with cogent maybe, I dont know.

Expiring TG conf files is much better than "You can not use router" like most of those VPN providers offer. If you are already Mullvad user and you are TorGuard user, then you probably can keep the one better for you and stop paying the other one, if it is Mullvad for you, then it is ok, just use it then on openwrt :) or dd-wrt etc..

Can someone explain why TG does this and no other wireguard services (that I have used) have this debilitating, onerous function? This is a game-changer for me.

I already explained it, hope you will check it too.

Link to post
Share on other sites
19 minutes ago, 19807409 said:

Wireguard was kinda incompatible to no log policy. Every time you connect to the server, your real IP is saved in RAM. There are also other issues, however, this should be the primary reason why at all they applied kinda firewall solution. After 15 minutes means, that your data is kept for 15 minutes. Some people might say, extend it to 24 hours or so, but this would mean that your personal data can be attacked and the easiest one is man in the middle where some from torguard could export your data.

 

Different VPN's, different solutions. You can claim things about Mulllvad, I wont probably even check them as I do not use Mullvad, but claiming it is much more faster or more reliable is simply nonsense. TorGuard officially released Wiereguard client and you have features on it like port forwarding, TorGuard is not obliged to make it work for other platforms like OpenWRT, they actually have to deliver only TG client which works. They delivered it and they though about people using openwrt and other things, did not delete my guides and let people connect over wireguard without to enforce their own client. So please, do not talk nonsense about reliability of wireguard as example on openwrt as you are not using it. It did not disconnect once, speeds are very stable and port forwarding works. Nothing worked so flawless on torguard like wireguard. They might have issues with cogent maybe, I dont know.

Expiring TG conf files is much better than "You can not use router" like most of those VPN providers offer. If you are already Mullvad user and you are TorGuard user, then you probably can keep the one better for you and stop paying the other one, if it is Mullvad for you, then it is ok, just use it then on openwrt :) or dd-wrt etc..

 

 

I already explained it, hope you will check it too.

It is faster definatly and much more stable for me. The TG macOS app is buggy and freezes constantly so it's a right off for me. And I prefer to use external open source apps for vpn. This "stale dated' 15 minute conf file is a no brainer, why on earth do other vpn services not employ this process?? For me its about efficiency, security, fit for service, purpose designed vpn service and thats my objective. I am confiused by TG's policies after being a customer here for more than 3 years. Their wireguard whilest still in its infancy is beseiged with glitches at this time in my experience thus far and opinion. Hope it improves. Time will tell.

Link to post
Share on other sites
19807409
16 minutes ago, uNc said:

This "stale dated' 15 minute conf file is a no brainer, why on earth do other vpn services not employ this process??

Because some maybe do not care if your data is leaking? Some dont care about telling you at all about risks. I could go on and on, however, there is not much VPN's outside offering you wireguard and those who are, there are kinda only 2 available solutions where current from torguard is not perfect, but the other one would be even less user friendly.

18 minutes ago, uNc said:

The TG macOS app is buggy and freezes constantly so it's a right off for me. And I prefer to use external open source apps for vpn

Yes, wireguard by itself very short time ago became status of stable, however, it is unstable as most companies have to deal with it now and find their setups and as you can see on your Mac client, it has some bugs. Therefore, it is even more important to have capability to use orginal/3rd party clients, especially taken in mind that for android there is still no wireguard with TG app, but works greatly with original wireguard client. I also use mostly only open source, openwrt is open source as well ;).

 

20 minutes ago, uNc said:

For me its about efficiency, security, fit for service, purpose designed vpn service and thats my objective

Well, current TG setup is efficient, more or less secure ( it is insecure to let it for 15 minutes in RAM) and it offers great and stable VPN, more stable than any which I tried in last 10 years.

 

22 minutes ago, uNc said:

I am confiused by TG's policies after being a customer here for more than 3 years.

I am not in any way involved with TorGuard, what confuses you actually? I must have missed that point or simply failed to get it out of context.

 

23 minutes ago, uNc said:

Their wireguard whilest still in its infancy is beseiged with glitches at this time in my experience thus far and opinion. Hope it improves. Time will tell.

I partially agree, just not on one thing, it already works very well if you have set it up properly and to reduce the possibility to do it wrong, I wrote scratch scripts for openwrt so that logic and everything can be easily copied and used for own purpose. As you see, if torguard even releases luci-app-torguard for GUI, there will be still bunch of people actually wanting to use DD-WRT out of some mostly delusional reasons (except of course if there is no HW support) and claiming that torguard is bad because it does not offer it, then somebody with tomato will come too and start complaining etc..., in fact, only obligation of torguard is that their TG Client works, thats what they can guarantee and instruct you how to create log files which they need. Everything else is just a luxus if Support replies to it.

Link to post
Share on other sites
22 hours ago, uNc said:

I've noticed that unless you use the Torguard apps for wireguard all the wireguard conf files downloaded from the TG config generator and configured manually on a router or the Wireguard app (https://www.wireguard.com/install/) can only login once and will expire requiring a new conf file generated. So, if you disconect wireguard connection for more than 15 minutes you must download a new conf file and set it up again. 

Torguard explained to me that this permanent burden is for preventing man in the middle attacks.

I now use Mullvad wireguard (since OCt 3) and it is 10 times more reliable than TG wireguard and for me MUCH faster as well AND the conf files don't have this ridiculous TG expiring conf files!

Can someone explain why TG does this and no other wireguard services (that I have used) have this debilitating, onerous function? This is a game-changer for me.

 

If you use the dedicated WireGuard servers you will not have this issue.

 

Example: If you're on mobile and using the standard WireGuard App for Android, I can understand your frustration. For mobile it isn't practical to login and generate the WireGuard config every time. I suggest two alternatives for mobile. Install the TorGuard Android App or try the dedicated WireGuard servers. Those configs are static (for now) and work fine here either with OpenWrt + WireGuard and Android 10 + WireGuard.

 

Code.

Link to post
Share on other sites
9 hours ago, Code said:

 

If you use the dedicated WireGuard servers you will not have this issue.

 

Example: If you're on mobile and using the standard WireGuard App for Android, I can understand your frustration. For mobile it isn't practical to login and generate the WireGuard config every time. I suggest two alternatives for mobile. Install the TorGuard Android App or try the dedicated WireGuard servers. Those configs are static (for now) and work fine here either with OpenWrt + WireGuard and Android 10 + WireGuard.

 

Code.

No, your statement "If you use the **dedicated WireGuard servers** you will not have this issue" is incorrect.

The dedicated IP's AND 10 GB wireguard servers both suffer the same conf file expiration issue I have described previously. I have tested this on macOS and confirmed it numerous times for all shared servers, my dedicated IP's and the 10 GB servers on the wireguard app (https://www.wireguard.com/install/). This anomaly however is not manifested in the TG desktop apps, and wireguard to my knowledge is NOT available on Torguard's android app at this time.

**edit: if by "dedicated wireguard servers" you are referring to the 5 original wireguard servers (Singapore, Toronto, UK, NL, and NY) available under Servers / Wireguard Networks, then yes they seem to allow multiple logins without expiring. That being the case why do the shared servers, dedicated & residentia IP's, 10 GB servers addons using wireguard protocol prohibit multiple logins due to torguard "security concerns and policies" but this security policy DOES NOT apply to these 5 other wireguard locations?

Seems intellectually incoherent to me, creating confusion and suspicion and torguard is being unclear about the MiTM security threats of their config generated wireguard conf files. OR... there is some underlying and possibly underhanded reasons for this policy and maybe forcing users to utilize the desktop apps for wireguard which do not have this restriction, under the guise of enhanced security. I am skeptical at this point until such time torguard address's this bringing clarity to this situation.

Link to post
Share on other sites
19807409
4 hours ago, uNc said:

**edit: if by "dedicated wireguard servers" you are referring to the 5 original wireguard servers (Singapore, Toronto, UK, NL, and NY) available under Servers / Wireguard Networks, then yes they seem to allow multiple logins without expiring. That being the case why do the shared servers, dedicated & residentia IP's, 10 GB servers addons using wireguard protocol prohibit multiple logins due to torguard "security concerns and policies" but this security policy DOES NOT apply to these 5 other wireguard locations?

NO, it does not apply to those other 5 wireguard locations. YES, shared servers and premium shared servers do have different protocols as well as different settings as well as security. I guess it is the same as to explain that a car is not a train, one might claim it is stupid that the train is not a car where at the same time you can take a car and nobody forces you to drive the train. I think this is easier explanation to understand as you were explained it several times, you simply would like to have that product working in the logic which you seem to accept regardless of all other points which are important for torguard. Users were pointed several times that there are fixed servers for wireguard, make sure your configs work there, then use those which have higher security and do require api usage.

You then claimed that all IP's suffer on same issue, just to edit it later and all of that after it was told several times. So far about you asking questions and actually ignoring the answers.

5 hours ago, uNc said:

Seems intellectually incoherent to me, creating confusion and suspicion and torguard is being unclear about the MiTM security threats of their config generated wireguard conf files

Then you probably should catch up on that topic and read more about it, just if you do not know something does not mean that it is intellectually incoherent, even not to you, there is not much intelligence required to read, probably best for you would be simply to goolge issues like why wireguard is not compatible with no-log policy as well as how exactly MITM attack can be performed. After you have done your research, then you maybe should ask torguard, mullvad and other questions about their systems and why something is working exactly that way.

As last, nobody forced or forces you to use wireguard at all, you are free to use any other protocol as well as you are free to use wireguard servers without the api as well as you are free to use shared, dedicated, streaming, sports, ... 10Gbit ips with the API.

You actually did not even try it properly and by that I guess for me it is a waste of time if I actually continue on that conversation where everything was clearly said and explained, there is not much to be added to it. I also dislike your expression "Seems intellectually incoherent to me, creating confusion and suspicion...", as it seems that you implicating that torguard devs seem to be intellectually incoherent which in fact could be replied same way to you, if it is intellectually incoherent, then either leave it or train your intelligence for ability to deal with given information.

Link to post
Share on other sites
5 hours ago, uNc said:

**edit: if by "dedicated wireguard servers" you are referring to the 5 original wireguard servers (Singapore, Toronto, UK, NL, and NY) available under Servers / Wireguard Networks, then yes they seem to allow multiple logins without expiring. That being the case why do the shared servers, dedicated & residentia IP's, 10 GB servers addons using wireguard protocol prohibit multiple logins due to torguard "security concerns and policies" but this security policy DOES NOT apply to these 5 other wireguard locations?

 

Correct, I meant those 5 original dedicated WireGuard server locations.

 

I'd ask TorGuard staff why the policy is different from the other WireGuard servers. It could be multiple things.

 

Code.

Link to post
Share on other sites
52 minutes ago, 19807409 said:

NO, it does not apply to those other 5 wireguard locations. YES, shared servers and premium shared servers do have different protocols as well as different settings as well as security. I guess it is the same as to explain that a car is not a train, one might claim it is stupid that the train is not a car where at the same time you can take a car and nobody forces you to drive the train. I think this is easier explanation to understand as you were explained it several times, you simply would like to have that product working in the logic which you seem to accept regardless of all other points which are important for torguard. Users were pointed several times that there are fixed servers for wireguard, make sure your configs work there, then use those which have higher security and do require api usage.

You then claimed that all IP's suffer on same issue, just to edit it later and all of that after it was told several times. So far about you asking questions and actually ignoring the answers.

Then you probably should catch up on that topic and read more about it, just if you do not know something does not mean that it is intellectually incoherent, even not to you, there is not much intelligence required to read, probably best for you would be simply to goolge issues like why wireguard is not compatible with no-log policy as well as how exactly MITM attack can be performed. After you have done your research, then you maybe should ask torguard, mullvad and other questions about their systems and why something is working exactly that way.

As last, nobody forced or forces you to use wireguard at all, you are free to use any other protocol as well as you are free to use wireguard servers without the api as well as you are free to use shared, dedicated, streaming, sports, ... 10Gbit ips with the API.

You actually did not even try it properly and by that I guess for me it is a waste of time if I actually continue on that conversation where everything was clearly said and explained, there is not much to be added to it. I also dislike your expression "Seems intellectually incoherent to me, creating confusion and suspicion...", as it seems that you implicating that torguard devs seem to be intellectually incoherent which in fact could be replied same way to you, if it is intellectually incoherent, then either leave it or train your intelligence for ability to deal with given information.

I declare then this is now a case of MYOFB-f-s as no one, especially me, cares what you like or dislike, totally irrelevant and filed under "who give's a flying fook"

You act like king shit of torguard. You must affiliated with TG, nothing else can explain your indifference.

Get a life.

Link to post
Share on other sites
19807409
5 hours ago, uNc said:

I declare then this is now a case of MYOFB-f-s as no one, especially me, cares what you like or dislike, totally irrelevant and filed under "who give's a flying fook"

You act like king shit of torguard. You must affiliated with TG, nothing else can explain your indifference.

Get a life.

Indeed, you have not only intellectual problems, you are a full retard. MYOFB-f-s is probably the shit in your brain letting you act as an idiot, just move on to your Mullvad, its right VPN choice for retards like you. I did see that you kinda have social problems and difficulties with expression, but did not believe that you are actually disabled by your non intelligence which you admitted not to be the highest and now you proved it again :)

Link to post
Share on other sites
BeanJr

lmao. The comments above me are pure GOLD!

 

In all seriousness though, I recently tried out the config generator yesterday and noticed that my configs also "expire" after 1 connection. Hopefully TG has a solution in the works

Link to post
Share on other sites
19807409
4 minutes ago, BeanJr said:

lmao. The comments above me are pure GOLD!

 

In all seriousness though, I recently tried out the config generator yesterday and noticed that my configs also "expire" after 1 connection. Hopefully TG has a solution in the works

Thats gold for you? I truly believe there will be some users around who can top it.

Who prevents you from using servers which do not have this extended security measure? Can you login to your account and see: grafik.png?

Is it possible to click on "Wireguard Network", then click enable and Download? grafik.png

As next, you even did not bother to read nor you did bother to test it, as it has nothing to do with how many times you connect, you can stay connected for a year and reconnect, the only limitation which you got is that if you are not connected for over 15 minutes, you will not be able to connect with same settings.

I guess, either you use those configs which you can download under Wireguard Network, or you write/copy scripts which do it for you on each autoconnect so that you actually do not bother about it, as that is exactly what TorGuard application on Windows, Windows  etc. does.

TG does not need a solution, they offer you decent amount of services and options and clients, you probably have no issues if you ask support to raise that timeout for your dedicated ip, it might be possible. However, nobody who uses a router will EVER NEED CHANGING IPS ON WIREGUARD, especially not on a router. As you can add different interface for every single of them, the only problem in which you can run is if your ISP is not stable and you get disconnected, but that again only on IP's with higher security.

Link to post
Share on other sites
Support
On 10/5/2020 at 5:14 AM, uNc said:

I've noticed that unless you use the Torguard apps for wireguard all the wireguard conf files downloaded from the TG config generator and configured manually on a router or the Wireguard app (https://www.wireguard.com/install/) can only login once and will expire requiring a new conf file generated. So, if you disconect wireguard connection for more than 15 minutes you must download a new conf file and set it up again. 

Torguard explained to me that this permanent burden is for preventing man in the middle attacks.

I now use Mullvad wireguard (since OCt 3) and it is 10 times more reliable than TG wireguard and for me MUCH faster as well AND the conf files don't have this ridiculous TG expiring conf files!

Can someone explain why TG does this and no other wireguard services (that I have used) have this debilitating, onerous function? This is a game-changer for me.

 

Hey there,

Im sorry you felt the need to move elsewhere - we know this is not ideal and do have an API you can query against to keep the connection alive via cron if you wish to try it but we are working on a better solution, this was to get the generator out there for the time being as we had a massive amount of requests for it.

In regards to reliability - other than the 15 minute handshake, what other issues did you face? we don't have many complaints about reliability to be honest, overall it seems good, we can’t promise everyone it will be plain sailing though, it never works out like that but we always looking or ways to improve and rest assured we are doing that.

Regards

Link to post
Share on other sites
19807409
1 hour ago, Support said:

we know this is not ideal and do have an API you can query against to keep the connection alive via cron if you wish to try it but we are working on a better solution, this was to get the generator out there for the time being as we had a massive amount of requests for it.

Well, actually torguard never published the information about API and how to use and therefore I would assume that torguard did not release the API for the purpose to tell users how to connect, the API seems to be cruical point of enabling WireGuard on TG client, it never was mentioned by anybody that this API should or could be used, in fact, I even asked when you released v4 client when users started to explain how to dump their TG keys where they might run into issue that same public key is used and not allowed, then I posted simply findings from the debug.log in simply simulating the same elsewhere and by that that making it possible to connect. When I did it, I asked you about the API, if it is public to be used as well as if there is any documentation for it. I assume that I never got a reply not because you did not want, but because you did not know as actually it was not meant for such usage but if everybody is already using it.

cron is what I currently use, but not during I am connected, just on every reboot and I parse json file on the fly editing/deleting previous peers/interface. In openwrt, it works perfectly. Actually. tginstall script is just a helper script which can be run and you can use it already now in cron as it will read the settings from /etc/config/torguard.

You say now that you are working on other solution, this might maybe scare some who already adapted to current changes as they might believe that you actually will change/restrict API functionality. However, like once stated, I doubt you will change anything on the api itself as long as official client uses it.

2 hours ago, Support said:

In regards to reliability - other than the 15 minute handshake, what other issues did you face?

Actually there was one quite serious problem, where isolation did not work and all clients within the network could be accessed which I verified. You said later that it was fixed and after that isolation seemed to work. However, from torguard's IP I get connection attempts to money honeytrap device, last one was yesterday (for last 24 hours), using your 37.120.155.34 , it clearly abuses your network. I might start today again full scan of torguard network and it's IP's for vulnerabilities.

 

Link to post
Share on other sites
Support
1 hour ago, 19807409 said:

Well, actually torguard never published the information about API and how to use and therefore I would assume that torguard did not release the API for the purpose to tell users how to connect, the API seems to be cruical point of enabling WireGuard on TG client, it never was mentioned by anybody that this API should or could be used, in fact, I even asked when you released v4 client when users started to explain how to dump their TG keys where they might run into issue that same public key is used and not allowed, then I posted simply findings from the debug.log in simply simulating the same elsewhere and by that that making it possible to connect. When I did it, I asked you about the API, if it is public to be used as well as if there is any documentation for it. I assume that I never got a reply not because you did not want, but because you did not know as actually it was not meant for such usage but if everybody is already using it.

 

We haven't at the time released any info about the API no but we do plan to - it was just not ready at the time,  sorry I did not see a previous response about this otherwise I would have answered it - we will not change to a different approach we will just tweak the current approach, this will not affect current users, im happy to explain to you what we are trying to do with our new approach.

1 hour ago, 19807409 said:

Actually there was one quite serious problem, where isolation did not work and all clients within the network could be accessed which I verified. You said later that it was fixed and after that isolation seemed to work. However, from torguard's IP I get connection attempts to money honeytrap device, last one was yesterday (for last 24 hours), using your 37.120.155.34 , it clearly abuses your network. I might start today again full scan of torguard network and it's IP's for vulnerabilities.

 

There was indeed a firewall issue for a very short period of time - rules were not being applied correctly with our server side service (java issue) but we corrected that before you mentioned it here we just had to roll out with further changes and fixes.

In regards to the IP: 37.120.155.34 - can you send me more info about this? im happy to look into it. [email protected]

Regards

Link to post
Share on other sites
19807409
22 hours ago, Support said:

In regards to the IP: 37.120.155.34 - can you send me more info about this? im happy to look into it. [email protected]

its just authentification attempt in logs, ssh over standard port (=> honeytrap).

I actually found out that there are some more IP's which are used and taken in mind that Australians get issue with amazon and captcha, it could be because of users here who actually abuse your service, I guess you should take a look.

Taken in mind that you can not do a lot, I just hope that you do not ban immediately IP's which are caught doing it as I will repel attacks, I simply love to flash ram's and bioses with zero's.

Link to post
Share on other sites
cluster
On 10/7/2020 at 3:22 PM, 19807409 said:

cron is what I currently use, but not during I am connected, just on every reboot and I parse json file on the fly editing/deleting previous peers/interface. In openwrt, it works perfectly. Actually. tginstall script is just a helper script which can be run and you can use it already now in cron as it will read the settings from /etc/config/torguard.

 

I have poor scripting skills but learning from the openwrt script, I've managed to cobble something together (generate keys, fetch API info and parse the json to produce a new wg-quick.wg0 config). Better than logging in and manually specifying/fetching a config as my device is frequently off for more than 15 minutes.

I'm in a minority here. There's no Torguard app for my rooted ARM Chromebook running Arch Linux. I was happily using unsupported Wireguard for months until the expiration kicked in. I wasn't happy returning to OpenConnect.

 

Link to post
Share on other sites
19807409
3 hours ago, cluster said:

I have poor scripting skills but learning from the openwrt script, I've managed to cobble something together (generate keys, fetch API info and parse the json to produce a new wg-quick.wg0 config). Better than logging in and manually specifying/fetching a config as my device is frequently off for more than 15 minutes.

I'm in a minority here. There's no Torguard app for my rooted ARM Chromebook running Arch Linux. I was happily using unsupported Wireguard for months until the expiration kicked in. I wasn't happy returning to OpenConnect.

yes, the script which is online was first written to do work in the background, where some had difficulties to preset username/password, for that simple question was added, you can delete/mark out that part as well as the question if you want to continue. I guess there is no need to explain uci commands as well as you can see them in script, maybe one, you can create any file in folder /etc/config, lets say /etc/config/mytg . Then use uci [command] mytg. If you need to save something in a file, lets say private/public keys then you can easily edit/remove add them by uci.

most of my devices running tg are on aarch64 (Ubuntu) and there is no client. For arm/arm64 TorGuard released it: https://torguard.net/downloads/torguard-latest-amd64-arch.tar.gz

However, that amd64 arch release has to be manually installed and I get missing librabries (x86_64) which actually are not available, to make it work, it has to be recompiled but the sources are not publicly available. By that, I do believe that quite soon full support will be given for arm/aarch64, especially as there is a release.

I believe that I am minority too as most of my devices use wireguard on aarch64.

If you use cron, you can add

@reboot 

which will run the script on each reboot if you are disconnected due to switching the device off. If script runs every 15 minutes it can check if preset settings (be it as config file or simply in ram as a variable) are good and then connect.

On android I do use wireguard and my device is mobile and constantly connected, if I disconnect on it for longer than 15 minutes or need new IP (which happened actually only twice in last month), then I can simply refresh the api page in my browser, which you can add to bookmarks too if you use it often and disconnect often. It takes few seconds to copy and paste, takes just few clicks and few seconds. I would like to keep using wireguard client as I do not need whole overlay which includes all the options and features related to other protocols. Meaning, that even if torguard would release a client and changes nothing on expiration time or even reduces it, I would still use wireguard with api. At least for android with a battery.

As I pointed out in another thread, I had conversation with torguard support which does recognize importance to offer those for now unsupported platforms, but before that happens, let them first deploy wireguard on all servers as there are still bunch of them which are not enabled, at least it wasnt when I last time checked.

 

Link to post
Share on other sites

also caught out with this 15min timeout

non expiring configs would also suit me best. dont want to go back to openvpn  or have to switch to a different vpn

Link to post
Share on other sites
Support
7 hours ago, BusyJ said:

also caught out with this 15min timeout

non expiring configs would also suit me best. dont want to go back to openvpn  or have to switch to a different vpn

 

We are working on a solution, it won't be too long, we will have a temp fix for this shortly.

Regards

  • Thanks 1
Link to post
Share on other sites
19807409
7 hours ago, Support said:

We are working on a solution, it won't be too long, we will have a temp fix for this shortly.

Is there a question if new one will be adapted or the old one used?

I get a feeling, that expiry time is raised to 1 hour because some users who do not use torguard client complained about it. However, it actually does not matter if it is 15 minutes or 1 hour, as in both cases one needs scripts to ensure that in this timeframe new valid connection is created if another expired.

I already adapted to current settings as well as I shared some of scripts doing so for openwrt which in fact can be used on any linux, even on windows with unix support installed.

There seems to be also some confusion by many who actually say they do not want it to expire. But I see it as a problem if you raise that limitation, in fact, I would like the connection to actually become invalid immediately after connecting where next disconnect would require new credentials. I have no way to verify or audit what happens on torguard servers, but current 1 hour is not something that makes me happy, firewall solution for wireguard was the approach taken by torguard which is good and works but still keeps some/all of my data somewhere (probably in RAM). 15 minutes was acceptable for me, 1 hour is already something that is probably not as then you can disable expiration at all and say there is no possibility to offer wireguard with no log policy which would kinda kill my wish to use it.

I am confused by that which approach it is which torguard is wanting to apply, as for me as a user, the only difference to raised timeout is simply privacy/security issue which by raising it raises the issue, doing it was done only for users which do not want to use torguard client and actually do not care if there is no log policy or not. In that case, you maybe can offer everybody to create/get some public and private key which never expires and if those users want to use it that way and show full trust or do not care about privacy, then they would be able to use it that way, however, if you already apply new solutions, I would like to keep current one and best would be if second reconnect with same keys is not possible at all as they should expire after connection is established until the point it breaks. That would be my wish.

TorGuard client works also properly and gets new keys on each reconnect if it expired, same do the scripts. For users on androind or some other OS's which have no shell, there other scripts doing the same can be provided.

Link to post
Share on other sites
Destination

Hey, TorGuard Support: have you performed changes regarding wireguard keys expiration. One of my WG keys is still working after being all night long unused. Can you confirm if I'm right and give detail of the changes?

Thank you.

Link to post
Share on other sites
19807409
7 hours ago, Destination said:

Hey, TorGuard Support: have you performed changes regarding wireguard keys expiration. One of my WG keys is still working after being all night long unused. Can you confirm if I'm right and give detail of the changes?

Thank you.

hello, keys do not expire, or at least not since the change but the config does. Keys are now whitelisted/whitelabeled.

Change was also done in a way that only whitelabeld expiring keys can be used, you can not use non whitelisted keys with the api and therefore API can only be used with keys created from TG-client or wireguard config.

It looks to me more like a bug, expiration is good, but breaking connection is not (Connection does not break). TorGuard for now did not share any info on API and API changed too, where = sign is replaced by suffix 3D, by that all what I wrote is simply what I've found yesterday when looking into changes of API

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...