Posts

  • The Cloud Computing Era is now

    I’ve been impressed by how the Cloud Computing landscape changed in the past two years. I totally agree with this quote from Cloudflare:

    “And yet, with many serverless offerings today, the first thing they do is the thing that they promised you they wouldn’t — they make you think about servers.”

    A solution isn’t serverless if it makes the user think about how much computing resources they need or where these will be located. A truly serverless offer will figure everything that is needed to run a service, in a declarative, not imperative, way. I’ve been amazed by how it’s now easy to combine different services to achieve use cases that simply wouldn’t be possible just a couple of years ago.

    One thing that I’ve been doing in the past weeks is to automate some of the manual steps in the tool about water distribution restrictions I wrote. For instance, the page where they post the interruption schedule doesn’t offer an RSS feed. This forced me to bookmark the link and visit it every week, waiting for the new schedule to be published - something that can happen any day between Wednesday and Friday. So I started to wonder: “what if I crawl that page and create an RSS feed for that? This way I can put it in Feedly and be actively informed about new publications”.

    Been playing with different HTML parsers recently, like cheerio and goquery - both inspired by the nice, easy-to-use and battle-tested jQuery API, crawling the web page would be the easiest part. The problem is: how was it going to be hosted - and worse, updated frequently? I could set up a cron job in one of my machines, generate the files and publish it with any HTTP server, but that looked like too much of a hassle: one shouldn’t need a server to host and regularly update a static web page in 2020.

    I began to think if it would be possible to use the two services that were already in place, Cloudflare Workers Sites and GitHub Actions, the CI/CD solution, to achieve this goal. I mean, of course, the hosting part was already solved, but by the time I didn’t know that it’s possible to schedule events in GitHub Actions, down to 5-minute intervals, in a cron-like syntax:

    on:
      schedule:
        - cron:  '*/5 * * * *'
    

    I’m truly astonished by what can we do these days without thinking about servers at all - it’s like IFTTT on steroids. I didn’t have to choose in which region those services are located, nor specify how much CPU/memory/disk/other hardware resources should be allocated to them: I only asked for well-defined tasks, like building the project and deploying it, to be executed on a scheduled basis. And in the GitHub Actions case, there wasn’t even a need to pay for it.

    Thinking about how straightforward the whole process have been, I’m inclined to not host anything on a server owned by me ever again.

  • Running a single test (or a subset of tests) in Go

    In the very beginning of the Go documentation about tests in the standard library, there’s a section about subtests. The idea is that with the -run argument of go test it’s possible to choose which tests are going to be executed in a single run of a project’s test suite. That doesn’t just makes it possible to focus on tests which are relevant to the parts of the code which are being worked on, but it’s specially useful when there’s a need to avoid slow tests or a big suite full of them.

    The following code uses the standard testing package:

    package main
    
    import (
    	"testing"
    )
    
    func TestA(t *testing.T) {
    	want := 2
    	got := 2
    	if got != want {
    		t.Fatal("Wrong result!")
    	}
    }
    
    func TestB(t *testing.T) {
    	want := 4
    	got := 4
    	if got != want {
    		t.Fatal("Wrong result!")
    	}
    }
    

    These tests can be filtered as expected:

    $ go test -v .
    === RUN   TestA
    --- PASS: TestA (0.00s)
    === RUN   TestB
    --- PASS: TestB (0.00s)
    PASS
    ok      github.com/myhro/go-tests-example       0.181s
    $ go test -run TestA -v .
    === RUN   TestA
    --- PASS: TestA (0.00s)
    PASS
    ok      github.com/myhro/go-tests-example       0.188s
    

    When using the standard testing package, -run is all that is needed. The problem is that this doesn’t work for third-party test suites, like gocheck:

    package main
    
    import (
    	"testing"
    
    	. "gopkg.in/check.v1"
    )
    
    func Test(t *testing.T) {
    	TestingT(t)
    }
    
    type MainSuite struct{}
    
    var _ = Suite(&MainSuite{})
    
    func (s *MainSuite) TestA(c *C) {
    	want := 2
    	got := 2
    	c.Assert(got, Equals, want)
    }
    
    func (s *MainSuite) TestB(c *C) {
    	want := 4
    	got := 4
    	c.Assert(got, Equals, want)
    }
    

    When running this test suite with -run, all that it yields is no tests to run:

    $ go test -v .
    === RUN   Test
    OK: 2 passed
    --- PASS: Test (0.00s)
    PASS
    ok      github.com/myhro/go-tests-example       0.270s
    $ go test -run TestA -v .
    testing: warning: no tests to run
    PASS
    ok      github.com/myhro/go-tests-example       0.187s [no tests to run]
    

    This happens because gocheck needs a different parameter to filter tests out. The right way to do it is with -check.f:

    $ go test -check.f TestA -v .
    === RUN   Test
    OK: 1 passed
    --- PASS: Test (0.00s)
    PASS
    ok      github.com/myhro/go-tests-example       0.687s
    

    Another test library that needs a different parameter is Testify. With this example:

    package main
    
    import (
    	"testing"
    
    	"github.com/stretchr/testify/assert"
    	"github.com/stretchr/testify/suite"
    )
    
    type MainSuite struct {
    	suite.Suite
    }
    
    func TestMainSuite(t *testing.T) {
    	suite.Run(t, new(MainSuite))
    }
    
    func (s *MainSuite) TestA() {
    	want := 2
    	got := 2
    	assert.Equal(s.T(), want, got)
    }
    
    func (s *MainSuite) TestB() {
    	want := 4
    	got := 4
    	assert.Equal(s.T(), want, got)
    }
    

    Tests are filtered with -testify.m:

    $ go test -v .
    === RUN   TestMainSuite
    === RUN   TestMainSuite/TestA
    === RUN   TestMainSuite/TestB
    --- PASS: TestMainSuite (0.00s)
        --- PASS: TestMainSuite/TestA (0.00s)
        --- PASS: TestMainSuite/TestB (0.00s)
    PASS
    ok      github.com/myhro/go-tests-example       0.762s
    $ go test -testify.m TestA -v .
    === RUN   TestMainSuite
    === RUN   TestMainSuite/TestA
    --- PASS: TestMainSuite (0.00s)
        --- PASS: TestMainSuite/TestA (0.00s)
    PASS
    ok      github.com/myhro/go-tests-example       0.220s
    

    I wasn’t able to find the exact explanation why -run doesn’t work for third-party test suites. My reasoning is that the regular go test command is only aware of Test* functions, not methods that are tied to a particular test suite struct. The later have to be properly loaded, and filtered if needed, by their own libraries. Hence the need for a different argument.

    And what about running more than one test? All of the mentioned test libraries accept regular expressions when specifying test names, so both TestA and TestB can be selected with Test[AB].

  • Migrating "Tem Água Hoje?" to Cloudflare Workers

    Last year I mentioned how some small dynamic parts of my main website - Myhro.info - were migrated to Cloudflare Workers. This time I did a similar move, but instead of migrating just a couple parts, I moved a whole webapp, including both backend and frontend, to there. Before mentioning how much better Cloudflare Workers are one and a half years later - and they already rocked in the first time! - let’s go through all the iterations “Tem Água Hoje?”, a website created to better inform people about water distribution restrictions, went through its lifetime.

    Debut

    The first iteration of the website came in form of an all-JavaScript application running in the browser. Literally everything was JavaScript in one form or another: the frontend, parser and even the database itself was structured in a JSON format. This happened for two reasons: first, I wanted to practice a bit of JavaScript. The second reason - and maybe the most import one - is that in this way, there was no backend whatsoever, no server-side part which I would have to worry about. The whole webapp was served as a static site straight from S3, which absurdly simplified its deployment and maintenance.

    This version was good enough for the start. It was a bit annoying to generate the database dump, as I had to manually go to the browser and save it as a file, but as the water restrictions were lifted less than two months after starting the project, I wasn’t worried about it anymore. Then in the beginning of November this year, it was announced that water restrictions would be again in place for the next months. I had to decide to either just feed the new data to the webapp or rewrite a good chunk of it.

    Component decoupling

    Being a full-time Go programmer for a while made me biased towards rewriting the parser in Go and separating the actual logic about the water availability from the frontend, moving it to a real backend. With a bit of Gin - my favourite web framework - and SQLite, I was able to offer a REST API, powered by a small-but-full-featured relational database. The result was nice and delightful to build. All of that while teaching my nephew, who is studying Informatics, about all these components and how they play along together at the same time - a win-win for both him and me.

    I really liked the result: a vanilla JavaScript frontend, fetching information from a Go API, backed by SQLite. There was just one problem: I would still have to deploy, host, maintain and care about the backend availability - otherwise the whole webapp would become useless. It was hosted in a server that I use as a developer workstation from time to time, but that was too fragile. I contemplated deploying it to a Kubernetes cluster, but that would be too much. I had to find a better and easier - preferable cheaper - alternative.

    Workers to the rescue

    As I mentioned, Cloudflare Workers have evolved considerably after its launch. I’ve been following the new features being offered, but wasn’t playing with them - something which bothered me a bit, as I’m in love for the platform since day one. This seemed like a perfect opportunity for me to try new things out, like their key-value store, Workers KV. By being a somewhat limited storage solution, as literally only string keys and values are available, I had to come up with a new modeling for the database, as no relational features like columns or queries would be available.

    To be honest, I actually liked the limitations. There’s beauty in how simple the environment is, where one can use basically one language - JavaScript, if you don’t consider the WebAssembly option - and what is almost literally a hash table as storage layer. In the end, that actually simplified the logic to check for water interruption intervals, without forcing us to get back to the first JSON-based database format - which wouldn’t be supported anyway, as it wasn’t based only in strings.

    Bonus points and conclusion

    One interesting thing is that Cloudflare Workers can now also host static files in the form of Cloudflare Workers Sites - although not literally. What they do is to offer some logic to store file contents as strings in the KV store and fetch them from HTTP requests. A really clever usage of two simple features that can be used together to form a new one. By also deploying the frontend to Cloudflare Workers, S3 wasn’t needed anymore at all, simplifying the infrastructure and deployment procedures even further.

    So, now we have temagua.myhro.info in a much more simple, faster, resilient - and also cheap - platform. I don’t have to care about it being up and running all the time - there are way more competent Engineers at Cloudflare doing that for me. And, by being free from the maintenance hassle, I was able to invest time in much more interesting things, like porting the frontend to React, something I did for the first time in my life.

    Keep rocking, Cloudflare!

  • Local DNS-over-TLS (DoT) forwarder with CoreDNS

    The first time I heard about DNS-over-TLS (DoT) was about a year ago, when Cloudflare launched their 1.1.1.1 public resolver. It immediately appeared to be a more natural successor to regular plain-text DNS than DNS-over-HTTPS (DoH). The problem is that, back then, it was not so easy to use. Pages like the client list in the DNS Privacy Project mention lengthy configuration options for forwarders like Bind/Knot DNS/Unbound, which aren’t exactly known for being user-friendly. What I wanted was something like Simple DNSCrypt on Windows, but for Linux/macOS and supporting DoT instead of DNSCrypt, which is a different protocol.

    After a while I realized that CoreDNS supported DoT in its forward plugin. By then, the only use-case I knew for CoreDNS was that it is commonly used for service discovery inside Kubernetes clusters. Starting from this point, I began investigating how hard would be to use it on my laptop, running macOS, and a couple remote servers that I use as workstations, running Linux. A DoT proxy/forwarder that supported caching seemed exactly what I was looking for.

    The architecture goes like:

    Applications
        |
    127.0.0.1:53 (forwarder, plain text)
        |
    1.1.1.1:853 (upstream, TLS-encrypted)
    

    And the needed configuration is, literally, four lines:

    . {
        cache
        forward . tls://1.1.1.1 tls://1.0.0.1
    }
    

    In this case, CoreDNS will forward all (.) DNS queries to 1.1.1.1 and 1.0.0.1 over TLS, load-balancing between them. It will also cache the responses, respecting their time-to-live (TTL), answering repeated queries in sub-millisecond latency.

    Understanding how simple the needed CoreDNS configuration is, the next step is to install it and configure its service to start on boot. The problem is that, being a relatively new project, it isn’t available on most package managers:

    $ brew search coredns
    No formula or cask found for "coredns".
    $ brew info coredns
    Error: No available formula with the name "coredns"
    
    $ apt search coredns
    Sorting... Done
    Full Text Search... Done
    $ apt show coredns
    N: Unable to locate package coredns
    E: No packages found
    

    But there’s a bright side: CoreDNS is a Go project. Having all its dependencies statically-linked, installing it is a matter of downloading the corresponding release for the target Operating System/Architecture in the project GitHub release page - in exchange for a slightly large binary (> 40MB). Putting it under /usr/local/bin/coredns, it can be easily configured to be treated as a service on both macOS and Linux (systemd):

    macOS: /Library/LaunchDaemons/coredns.plist

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
      <dict>
        <key>Label</key>
        <string>coredns</string>
        <key>ProgramArguments</key>
        <array>
          <string>/usr/local/bin/coredns</string>
          <string>-conf</string>
          <string>/usr/local/etc/coredns/coredns.conf</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>KeepAlive</key>
        <true/>
      </dict>
    </plist>
    

    Linux (systemd): /lib/systemd/system/coredns.service

    [Unit]
    Description=CoreDNS
    After=network-online.target
    Wants=network-online.target
    
    [Service]
    ExecStart=/usr/local/bin/coredns -conf /etc/coredns.conf
    Type=simple
    
    [Install]
    WantedBy=multi-user.target
    

    After starting it with sudo launchctl load -w /Library/LaunchDaemons/coredns.plist on macOS, or sudo service coredns start on Linux, we can confirm it’s working by analysing the DNS packets that go over the network. It’s a matter of creating a tcpdump session on one terminal:

    $ sudo tcpdump -n 'host 1.1.1.1 or host 1.0.0.1'
    tcpdump: data link type PKTAP
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
    

    And running dig on another:

    $ dig blog.myhro.info @1.1.1.1
    (...)
    $ dig blog.myhro.info @127.0.0.1
    (...)
    

    The first request, done straight to the upstream server, can be literally seen on the wire together with its response:

    15:29:43.200468 IP 192.168.0.2.56184 > 1.1.1.1.53: 23554+ [1au] A? blog.myhro.info. (56)
    15:29:43.215999 IP 1.1.1.1.53 > 192.168.0.2.56184: 23554$ 2/0/1 A 104.27.179.51, A 104.27.178.51 (76)
    

    While the second one, which goes through CoreDNS, can’t be sniffed:

    15:33:41.238099 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [S], seq 2286465987, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 464696127 ecr 0,sackOK,eol], length 0
    15:33:41.251513 IP 1.1.1.1.853 > 192.168.0.2.55911: Flags [S.], seq 1040019771, ack 2286465988, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
    15:33:41.251607 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [.], ack 1, win 4096, length 0
    15:33:41.251863 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [P.], seq 1:192, ack 1, win 4096, length 191
    15:33:41.267167 IP 1.1.1.1.853 > 192.168.0.2.55911: Flags [.], ack 192, win 30, length 0
    15:33:41.267608 IP 1.1.1.1.853 > 192.168.0.2.55911: Flags [.], seq 1:1461, ack 192, win 30, length 1460
    15:33:41.268328 IP 1.1.1.1.853 > 192.168.0.2.55911: Flags [P.], seq 1461:2667, ack 192, win 30, length 1206
    15:33:41.268392 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [.], ack 2667, win 4077, length 0
    15:33:41.284748 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [P.], seq 192:285, ack 2667, win 4096, length 93
    15:33:41.297023 IP 1.1.1.1.853 > 192.168.0.2.55911: Flags [P.], seq 2667:2718, ack 285, win 30, length 51
    15:33:41.297104 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [.], ack 2718, win 4095, length 0
    15:33:41.297403 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [P.], seq 285:316, ack 2718, win 4096, length 31
    15:33:41.297495 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [P.], seq 316:401, ack 2718, win 4096, length 85
    15:33:41.308614 IP 1.1.1.1.853 > 192.168.0.2.55911: Flags [.], ack 401, win 30, length 0
    15:33:41.311106 IP 1.1.1.1.853 > 192.168.0.2.55911: Flags [P.], seq 2718:2877, ack 401, win 30, length 159
    15:33:41.311178 IP 192.168.0.2.55911 > 1.1.1.1.853: Flags [.], ack 2877, win 4093, length 0
    

    Now it’s a matter of configuring the system to use 127.0.0.1 as the DNS server.

    P.S.: it’s important to notice that using DNS-over-TLS together with regular HTTPS connections is still not enough to guarantee total browsing privacy. The target hostname is still sent in plain text during the TLS handshake. That will change when the encrypted SNI extension to the TLS 1.3 protocol becomes widely available. Given this particularity, Cloudflare offers a page to check how secure/private your browsing experience is.

    Update: As pointed out by Miek Gieben, CoreDNS author, the manual installation steps mentioned here can be avoided. The coredns/deployment repository contains utilities for deploying it on different platforms, like macOS and Debian-like systems.

  • Quick and easy VPNs with WireGuard

    WireGuard is the new kid on the block in the world of VPNs. It has been receiving a lot of attention lately, especially after Linus Torvalds himself praised the project last month, resulting in in-depth guides about its characteristics being published. The problem is that practical guides about its setup, including the official one, doesn’t show how quick and easy it is to do that. They are full of lengthy, complex and unneeded commands, when everything that is needed are simple configuration files.

    This guide won’t describe how to actually install WireGuard, as this is thoroughly covered by the official documentation for every supported platform. It consists of a loadable kernel module that allows virtual WireGuard network interfaces to be created. In here, an EC2 instance located in Ireland and a virtual machine (based on Vagrant/VirtualBox) in Germany, both running Ubuntu, will be connected.

    The first step is to generate a pair of keys for every machine. WireGuard authentication system doesn’t rely passwords or certificates that includes hard-to-maintain Certification Authorities (CAs). Everything is done using private/public keys, like SSH authentication:

    $ wg genkey | tee privatekey | wg pubkey > publickey
    $ ls -lh
    total 8.0K
    -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 privatekey
    -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 publickey
    

    In the server, the /etc/wireguard/wg0.conf configuration file will look like:

    [Interface]
    PrivateKey = 4MtNd3vq/Zb5tc8VgoigLyuONWoCQmnzLKFNuSYLiFY=
    Address = 192.168.255.1/24
    ListenPort = 51820
    PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sysctl net.ipv4.ip_forward=1
    PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; sysctl net.ipv4.ip_forward=0
    
    [Peer]
    PublicKey = 0+/w1i901TEFRmEcUECqWab/nwmq0dZLehMzSOKUo04=
    AllowedIPs = 192.168.255.2/32
    

    Here’s an explanation of its fields:

    • PrivateKey is the server private key. It proves that the server is who it says it is, and the same will be valid for the clients on the other end. One will be able to validate the identity of the other.
    • Address is the IP and network mask for the VPN network.
    • ListenPort tells in which UDP port the server will listen for connections.
    • PostUp are firewall rules and system commands that are needed for the server to act as a gateway, forwarding all network traffic. PostDown will disable them when the VPN is deactivated. eth0 is the name of the main network interface, which can be something different like ens5 if systemd’s Predictable Network Interface Names are being used.
    • PublicKey and AllowedIPs defines which peers can connect to this server through a combination of IPs/key pairs. It’s important to notice that the IPs defined here are within the VPN network range. Those are not the actual IPs which the client will use to connect to the server over the internet.

    The client will also have a /etc/wireguard/wg0.conf configuration file, but it will be a little bit different:

    [Interface]
    PrivateKey = yDZjYQwYdsgDmySbUcR0X7b+rdwfZ91rFYxz6m/NT08=
    Address = 192.168.255.2/24
    
    [Peer]
    PublicKey = e1HJ0ed/lUmCDRUGjCwFZ9Qm2Lt14jNE77TKXyIS1yk=
    AllowedIPs = 0.0.0.0/0
    Endpoint = ec2-34-253-52-138.eu-west-1.compute.amazonaws.com:51820
    

    The PrivateKey and Address fields here have the same meaning as in the server. The difference is that the Interface section won’t contain the server parts, like the listening ports and firewall commands. The Peer section contains the following fields:

    • PublicKey is the public key of the server which the client will connect to.
    • AllowedIPs is interesting here. It means the networks in which their traffic will be forwarded to the server. 0.0.0.0/0 means that all traffic, including connections that goes to the internet, will use the server as a gateway. Using the same VPN network, like 192.168.255.0/24, would create a P2P VPN, where the client and server will be able to reach each other, but any other traffic (e.g. to the internet) wouldn’t be forwarded through this connection.
    • Endpoint is the hostname or IP and port which the client will use to reach the server in order to establish the VPN connection.

    With both machines configured, the VPN interface can be enabled on the server:

    [ubuntu@ip-172-31-14-254:~]$ sudo wg-quick up wg0
    [#] ip link add wg0 type wireguard
    [#] wg setconf wg0 /dev/fd/63
    [#] ip address add 192.168.255.1/24 dev wg0
    [#] ip link set mtu 8921 dev wg0
    [#] ip link set wg0 up
    [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sysctl net.ipv4.ip_forward=1
    net.ipv4.ip_forward = 1
    

    If a message like the following is shown in this step:

    Warning: `/etc/wireguard/wg0.conf' is world accessible
    

    This means that the configuration file permissions are too broad - and they shouldn’t, as there’s a private key in there. This can be fixed with sudo chmod 600 /etc/wireguard/wg0.conf.

    The command sudo wg shows the VPN status:

    [ubuntu@ip-172-31-14-254:~]$ sudo wg
    interface: wg0
      public key: e1HJ0ed/lUmCDRUGjCwFZ9Qm2Lt14jNE77TKXyIS1yk=
      private key: (hidden)
      listening port: 51820
    
    peer: 0+/w1i901TEFRmEcUECqWab/nwmq0dZLehMzSOKUo04=
      allowed ips: 192.168.255.2/32
    

    From this point, the VPN can be enabled on the client using the same commands:

    [vagrant@ubuntu-xenial:~]$ sudo wg-quick up wg0
    [#] ip link add wg0 type wireguard
    [#] wg setconf wg0 /dev/fd/63
    [#] ip address add 192.168.255.2/24 dev wg0
    [#] ip link set mtu 1420 dev wg0
    [#] ip link set wg0 up
    [#] wg set wg0 fwmark 51820
    [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
    [#] ip -4 rule add not fwmark 51820 table 51820
    [#] ip -4 rule add table main suppress_prefixlength 0
    [vagrant@ubuntu-xenial:~]$ sudo wg
    interface: wg0
      public key: 0+/w1i901TEFRmEcUECqWab/nwmq0dZLehMzSOKUo04=
      private key: (hidden)
      listening port: 47603
      fwmark: 0xca6c
    
    peer: e1HJ0ed/lUmCDRUGjCwFZ9Qm2Lt14jNE77TKXyIS1yk=
      endpoint: 34.253.52.138:51820
      allowed ips: 0.0.0.0/0
      latest handshake: 1 second ago
      transfer: 92 B received, 292 B sent
    [vagrant@ubuntu-xenial:~]$ curl https://myhro.info/ip
    curl/7.47.0
    
    34.253.52.138
    
    IE
    

    The most impressive part is how quickly the connection is done. There are no multi-second handshakes like any other VPN solution and it can be used instantly. After playing with it, it becomes easier to understand why WireGuard is attracting so much attention. Specially because it’s so unobtrusive that one can use it without even realizing it’s turned on.

Subscribe via RSS