Development discussion of WireGuard
 help / color / Atom feed
* wg set fail to update endpoint if traffic is flowing
@ 2020-03-31  8:36 xtus
  2020-04-10  8:01 ` aranea
  0 siblings, 1 reply; 2+ messages in thread
From: xtus @ 2020-03-31  8:36 UTC (permalink / raw)


Hi,

I was trying to update dynamically the endpoint for an interface, using `reresolve-dns.sh` or something like the following:

# wg set <interface> peer "<publickey>" endpoint "<FQDN>:<port>"

But the endpoint did not change, even if the `wg set` returns successfully, with retcode `0`.

Changing something like `persistent-keepalive` does work.

I debugged a bit, and I saw that if traffic is flowing throw the wireguard interface, then the endpoint change via `wg set` does not take effect.

The set endpoint works only if no traffic is flowing.

Is this expected behavior?

Thanks,
xtus



^ permalink raw reply	[flat|nested] 2+ messages in thread

* wg set fail to update endpoint if traffic is flowing
  2020-03-31  8:36 wg set fail to update endpoint if traffic is flowing xtus
@ 2020-04-10  8:01 ` aranea
  0 siblings, 0 replies; 2+ messages in thread
From: aranea @ 2020-04-10  8:01 UTC (permalink / raw)


On Tue, Mar 31, 2020 at 08:36:52AM +0000, xtus wrote:
> The set endpoint works only if no traffic is flowing.
> 
> Is this expected behavior?

Yes, it is. It's not that wg set fails to update the endpoint; rather,
the endpoint you've set is immediately overwritten again -- to support
seamless roaming, wg updates the endpoint every time it receives an
authenticated packet from a peer.


Luis


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-31  8:36 wg set fail to update endpoint if traffic is flowing xtus
2020-04-10  8:01 ` aranea

Development discussion of WireGuard

Archives are clonable: git clone --mirror http://inbox.vuxu.org/wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git