Re: wg addconf :: AllowedIPs gets deleted with the additions of peers

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Adrian Sevcenco <adrian.sev@gmail.com>,
	WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: wg addconf :: AllowedIPs gets deleted with the additions of peers
Date: Mon, 25 Jun 2018 22:37:14 +0200	[thread overview]
Message-ID: <87woummwlh.fsf@toke.dk> (raw)
In-Reply-To: <ff54875a-3630-52bd-5f45-1b8e8a182ae7@gmail.com>

Adrian Sevcenco <adrian.sev@gmail.com> writes:

> On 06/25/2018 10:55 PM, Toke H=C3=B8iland-J=C3=B8rgensen wrote:
>> Adrian Sevcenco <adrian.sev@gmail.com> writes:
>>=20
>>> Hi! It seems that AllowedIPs declaration gets erased when peers are
>>> added with addconf
>>=20
>> You can't have the same AllowedIPs for two different peers... :)
>
> Err... so, it's a bug or a feature?

A feature. The AllowedIPs controls which IP addresses will be routed to
that peer. They refer to addresses inside the tunnel. So depending on
your setup you'd specify the single IP you assign each peer, or possibly
any subnets behind that peer you want routed through the tunnel.

> If it is a feature how can i make server accept whatever ip get the=20
> client(s) in various networks?

Changing IPs *on the outside* of the tunnel will be accepted
automatically. The Endpoint specifier is only the initial address; if a
device changes its IP, it'll just keep sending packets from the new IP,
and because they are authenticated by the crypto, the other peer will
accept them and change its notion of what IP the other peer is
reachable at automatically. So as long as only one peer changes its IP
at a time, roaming mostly just works :)

-Toke

next prev parent reply	other threads:[~2018-06-25 20:31 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-25 19:51 Adrian Sevcenco
2018-06-25 19:55 ` Toke Høiland-Jørgensen
2018-06-25 20:00   ` Adrian Sevcenco
2018-06-25 20:37     ` Toke Høiland-Jørgensen [this message]
2018-06-26  7:34       ` Adrian Sevcenco
2018-06-26  7:44         ` Eric Light
2018-06-26  8:13         ` Matthias Urlichs
2018-06-26 10:56         ` Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87woummwlh.fsf@toke.dk \
    --to=toke@toke.dk \
    --cc=adrian.sev@gmail.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).