From: em12345 <em12345@web.de>
To: wireguard@lists.zx2c4.com
Subject: Multiple Endpoints
Date: Sat, 7 Jan 2017 15:43:10 +0100 [thread overview]
Message-ID: <6d000312-635f-a361-200a-936da7ce7e17@web.de> (raw)
Hi,
I'm wondering how to setup a WG client when having multiple DynDNS names
for a single WG server using dynamic IP. Using multiple DynDNS services
for the same host is a common pattern to work around unreliable DynDNS
services.
As far as I see, only a single endpoint can be given in the configuration.
If there are no plans to support multiple endpoints, I guess this has to
be done via a cron job, since I don't see any explicit hook which could
be used instead.
In order to implement such a script I would have the following
additional questions:
1.) Is "wg setconf" returning/succeeding before the client-server
connection could be established? If so, would it be possible to add an
additional timeout option which waits up to the timeout for establishing
the connection and exits non zero if it failed to do so?
2.) Is "ip link up wg0" already returning/succeeding before the
client-server connection could be established?
3.) What is the best way to determine if a WG client-server connection
is currently alive/working/established? E.g.: wg show wg0
latest-handshakes? I assume that "ip link show wg0" will not show such info.
4.) Is it possible to use "wg set" and/or "wg setconf" while the link is
already up?
5.) Is it possible, using "wg set wg0 endpoint" to only change the
endpoint of an existing peer? Or is it necessary to use "wg setconf"
which replaces every setting for the link?
Similar problems have to be resolved when having Road Warrior PCs, which
may by sometimes directly connected inside the LAN, in which case the
tunnel should not be used. So:
1.) block server endpoint (e.g. via firewall) for crypted traffic
originating from a LAN client
2.) drop (or don't add in the first place) routes into tunnel when no
connection could be established
Thanks
Emmanuel
next reply other threads:[~2017-01-07 14:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-07 14:43 em12345 [this message]
2017-01-07 15:23 ` Jason A. Donenfeld
2017-01-07 16:45 ` em12345
2017-01-08 14:12 ` Baptiste Jonglez
2017-01-08 14:39 ` Jörg Thalheim
2017-01-08 21:22 ` Baptiste Jonglez
2017-01-08 22:19 ` Jason A. Donenfeld
2017-01-08 22:18 ` Jason A. Donenfeld
2017-01-08 22:57 ` Baptiste Jonglez
2017-01-08 23:00 ` Jason A. Donenfeld
2017-01-09 11:35 ` Varying source address and stateful firewalls (Was: Multiple Endpoints) Baptiste Jonglez
2017-01-10 4:32 ` Jason A. Donenfeld
2017-01-15 10:01 ` Multiple Endpoints Jason A. Donenfeld
2017-01-08 22:14 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6d000312-635f-a361-200a-936da7ce7e17@web.de \
--to=em12345@web.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).