Development discussion of WireGuard
 help / color / mirror / Atom feed
* NAT to NAT peers - 'EndPoint' IP data sharing among peers of the same key?
@ 2021-04-03  4:27 Giovanni Francesco
  2021-04-06 22:15 ` Roman Mamedov
  0 siblings, 1 reply; 3+ messages in thread
From: Giovanni Francesco @ 2021-04-03  4:27 UTC (permalink / raw)
  To: wireguard

Hi, I am looking to understand if "EndPoint" IP data may be shared among peers within the tunnel?

The question may sound confusing, let me explain my setup.

I have a static IPv4 wireguard server (let's call it "A" peer) which has two downstream WG clients peers "B" and "C" on remote networks with dynamic WAN IPs (roaming).
In my current configuration all my clients "B" and "C" have a single peer "A" - therefore all traffic must always go to "A" - "A" is in a datacenter in another country.

"B" and "C" have dynamic every changing IP "EndPoint" information, in my current setup this is not a problem because "A" is a static host.

If "B" and "C" are connected to "A" - is it possible for me to make B and C peers of eachother without "EndPoint" ?
In other words, if B public key is a peer of C and vise versa would its connection to "A" share the IP addresses ("EndPoint" or where to go) downstream to "B" and "C" so they can establish direct connectivity or would traffic always need to continue to traverse via "A"?

Thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: NAT to NAT peers - 'EndPoint' IP data sharing among peers of the same key?
  2021-04-03  4:27 NAT to NAT peers - 'EndPoint' IP data sharing among peers of the same key? Giovanni Francesco
@ 2021-04-06 22:15 ` Roman Mamedov
  2021-04-07  7:50   ` Ole-Morten Duesund
  0 siblings, 1 reply; 3+ messages in thread
From: Roman Mamedov @ 2021-04-06 22:15 UTC (permalink / raw)
  To: Giovanni Francesco; +Cc: wireguard

On Sat, 3 Apr 2021 06:27:40 +0200
Giovanni Francesco <thelinuxguy@mail.com> wrote:

> Hi, I am looking to understand if "EndPoint" IP data may be shared among peers within the tunnel?
> 
> The question may sound confusing, let me explain my setup.
> 
> I have a static IPv4 wireguard server (let's call it "A" peer) which has two downstream WG clients peers "B" and "C" on remote networks with dynamic WAN IPs (roaming).
> In my current configuration all my clients "B" and "C" have a single peer "A" - therefore all traffic must always go to "A" - "A" is in a datacenter in another country.
> 
> "B" and "C" have dynamic every changing IP "EndPoint" information, in my current setup this is not a problem because "A" is a static host.
> 
> If "B" and "C" are connected to "A" - is it possible for me to make B and C peers of eachother without "EndPoint" ?
> In other words, if B public key is a peer of C and vise versa would its connection to "A" share the IP addresses ("EndPoint" or where to go) downstream to "B" and "C" so they can establish direct connectivity or would traffic always need to continue to traverse via "A"?

No, peer A will not tell peer B the current IP/port of peer C.

Check out other tools, for instance Tinc can do this, but not WG.

-- 
With respect,
Roman

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: NAT to NAT peers - 'EndPoint' IP data sharing among peers of the same key?
  2021-04-06 22:15 ` Roman Mamedov
@ 2021-04-07  7:50   ` Ole-Morten Duesund
  0 siblings, 0 replies; 3+ messages in thread
From: Ole-Morten Duesund @ 2021-04-07  7:50 UTC (permalink / raw)
  To: wireguard

On 07.04.2021 00:15, Roman Mamedov wrote:

> On Sat, 3 Apr 2021 06:27:40 +0200
> Giovanni Francesco <thelinuxguy@mail.com> wrote:
>
>> Hi, I am looking to understand if "EndPoint" IP data may be shared among peers within the tunnel?
>>
>> The question may sound confusing, let me explain my setup.
>>
>> I have a static IPv4 wireguard server (let's call it "A" peer) which has two downstream WG clients peers "B" and "C" on remote networks with dynamic WAN IPs (roaming).
>> In my current configuration all my clients "B" and "C" have a single peer "A" - therefore all traffic must always go to "A" - "A" is in a datacenter in another country.
>>
>> "B" and "C" have dynamic every changing IP "EndPoint" information, in my current setup this is not a problem because "A" is a static host.
>>
>> If "B" and "C" are connected to "A" - is it possible for me to make B and C peers of eachother without "EndPoint" ?
>> In other words, if B public key is a peer of C and vise versa would its connection to "A" share the IP addresses ("EndPoint" or where to go) downstream to "B" and "C" so they can establish direct connectivity or would traffic always need to continue to traverse via "A"?
> No, peer A will not tell peer B the current IP/port of peer C.
>
> Check out other tools, for instance Tinc can do this, but not WG.

There is also https://tailscale.com/blog/how-tailscale-works/ which does 
a bunch of magic to overcome NAT-problems.

My experience is that it works absolutely stunningly well.


- OM


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-04-07  7:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-03  4:27 NAT to NAT peers - 'EndPoint' IP data sharing among peers of the same key? Giovanni Francesco
2021-04-06 22:15 ` Roman Mamedov
2021-04-07  7:50   ` Ole-Morten Duesund

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git