* wg set allowed ip confusion
@ 2017-01-04 21:10 jens
2017-01-04 21:15 ` Jason A. Donenfeld
0 siblings, 1 reply; 3+ messages in thread
From: jens @ 2017-01-04 21:10 UTC (permalink / raw)
To: WireGuard mailing list
hi,
after playing around with more than 1 peer i got in trouble ... i
realized that a endpoint itself it is not needed "server"side. so i set
none, but allowed-ips is ! but if i set one,the other one is deleted.
What do i miss?
thx so far.
i set up a second peer on a server like this (or in config file it is
the same)
a@freifunk # wg set wg0 peer abcdefsomenicekey=3D allowed-ips 0.0.0.0/0 =
=20
a@freifunk # wg set wg0 peer abcdefothernicekey=3D allowed-ips 0.0.0.0/0
than the first peers allowed IP fields become empty and connection from
peer1 is no longer possible, same vice versa
some more notes..
the peers are running on different uplinks on small embedded devices,
single (wireguard) used - no problem so far.
the wg"server" is running on a VM and port 10099 is NATted there. so
both incoming connection (with different IPv4) are on the same port like
this ...
# wg
=2E..
endpoint: 111.123.123.100:10099
=2E..
endpoint: 222.321.321.200:10099
=2E..
--=20
make the world nicer, please use PGP encryption
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: wg set allowed ip confusion
2017-01-04 21:10 wg set allowed ip confusion jens
@ 2017-01-04 21:15 ` Jason A. Donenfeld
2017-01-04 21:21 ` jens
0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2017-01-04 21:15 UTC (permalink / raw)
To: jens; +Cc: WireGuard mailing list
Hi Jens,
One peer, one IP. The routing enforces a 1:1 relationship. So no, you
can't do this. But I sincerely doubt you would even want to do this.
On your server, each peer's allowed IPs should probably be a /32 of
the actual internal IP address of the peer.
The front page of wireguard.io has an illustrative example
configuration of a client-server topology:
https://www.wireguard.io/#cryptokey-routing
Jason
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: wg set allowed ip confusion
2017-01-04 21:15 ` Jason A. Donenfeld
@ 2017-01-04 21:21 ` jens
0 siblings, 0 replies; 3+ messages in thread
From: jens @ 2017-01-04 21:21 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
for some reason i was confused , that this should be the real incoming
ip , not the given ip for the wg if.
thx
On 04.01.2017 22:15, Jason A. Donenfeld wrote:
> On your server, each peer's allowed IPs should probably be a /32 of
> the actual internal IP address of the peer.
--
make the world nicer, please use PGP encryption
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-01-04 21:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-04 21:10 wg set allowed ip confusion jens
2017-01-04 21:15 ` Jason A. Donenfeld
2017-01-04 21:21 ` jens
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).