From: "M. Dietrich" <mdt@emdete.de>
To: Joachim Lindenberg <wireguard@lindenberg.one>
Cc: wireguard@lists.zx2c4.com
Subject: Re: AW: two client connections -> crash?
Date: Tue, 14 Jul 2020 19:54:41 +0200 [thread overview]
Message-ID: <1594747549.w4i9fibrno.astroid@morple.none> (raw)
In-Reply-To: <09a201d659e4$c6e01c80$54a05580$@lindenberg.one>
[-- Attachment #1: Type: text/plain, Size: 1600 bytes --]
Quotation from Joachim Lindenberg at Juli 14, 2020 15:43:
> didn´t find a good documentation on that.
Oh, there is, one doesnt recognize in the first place as a
beginner. ;)
> And obviously with one connection it wasn´t that
> important to get it right.
depends on your demand. so if you put your setting 0.0.0.0/0
there all traffic goes into that tunnel. if the other end
doesnt know how to react this wont work neither. it's a
typical setup where you want to reach the internet via a VPN.
if you want to connect boxes into a network to be securly
reachable to each other this is a completly different demand.
you just give each box an IP and tell wiregard where to find
it.
> What IP addresses or network
> should AllowedIPs refer to? Client? Server? Tunnel?
there isnt really a client or server in wg. ;)
i typically use a star-topology for that. there is a box in
the middle, all others connect to that middle box. all the
boxes are in the network 172.16.0.0 and are numbered
172.16.0.1, 172.16.0.2, ...
the middle box has entries for each peer like
[Peer]
PublicKey = <key of the connecting box>
AllowedIPs = 172.16.0.1/32
...
while the box itself has an entry
[Peer]
PublicKey = <key of the center box>
AllowedIPs = 172.16.0.0/12
...
for the peer and the IP configured for the interface:
[Interface]
Address = 172.16.0.1
...
that should do. i agree: the setup is a bit notchy to
maintain but there are tools for that. i still do it manually
but i dont have that much peers.
best regards, Michael
M. Dietrich
[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2020-07-14 17:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-13 18:53 wireguard
2020-07-13 23:51 ` Jason A. Donenfeld
2020-07-14 10:11 ` M. Dietrich
2020-07-14 13:43 ` AW: " Joachim Lindenberg
2020-07-14 13:50 ` Xand Meaden
2020-07-20 14:23 ` AW: " wireguard
2020-07-14 17:54 ` M. Dietrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1594747549.w4i9fibrno.astroid@morple.none \
--to=mdt@emdete.de \
--cc=wireguard@lindenberg.one \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).