Networking

Plain WireGuard is simple and fast. AmneziaWG adds obfuscation to the handshake. When do you need which? Plain WireGuard is enough when You control both endpoints, no DPI is filtering your traffic, and the main concern is performance and simplicity. WireGuard shines for: Site-to-site VPN between your own servers Remote access to a home lab Point-to-point tunnels on a LAN The handshake is small, fast, and provably secure. It uses Noise framework primitives and 1 RTT. ...

Every time a packet leaves your Linux machine, it travels through a surprisingly long sequence of stages. Understanding this path helps enormously when debugging network issues. The socket layer When your application calls send() or write() on a socket, the kernel’s socket layer takes over. For a TCP socket this means handing the data to tcp_sendmsg(), which in turn enqueues it into the socket’s send buffer. You can observe the send queue depth with ss -tipm: ...