From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: nicolas.prochazka@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 1eb85e03 for ; Thu, 21 Sep 2017 12:47:23 +0000 (UTC) Received: from mail-io0-f170.google.com (mail-io0-f170.google.com [209.85.223.170]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b80d48f8 for ; Thu, 21 Sep 2017 12:47:23 +0000 (UTC) Received: by mail-io0-f170.google.com with SMTP id d16so10673695ioj.3 for ; Thu, 21 Sep 2017 06:14:46 -0700 (PDT) MIME-Version: 1.0 Sender: nicolas.prochazka@gmail.com In-Reply-To: References: From: nicolas prochazka Date: Thu, 21 Sep 2017 15:14:45 +0200 Message-ID: Subject: Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces To: "Jason A. Donenfeld" Content-Type: text/plain; charset="UTF-8" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , internal dev = hack your code for our specifiq use, to multiplex listening udp port . I agree with you about configuration, it is possible, but we are using "historical" private software, and it's difficult to deal with. It is not a wireguard issue. Regards, Nicolas 2017-09-21 14:54 GMT+02:00 Jason A. Donenfeld : > Perhaps I'm not understanding your last message, but it's most > certainly possible to bind to a particular IP address with a service. > It's also possible to bind to _all_ IP addresses, and then use > iptables to control which source networks have access to a particular > port. Finally, within a service, if you only allow input from wg0 > since allowed-ips gives strong cryptographic binding, you can > explicitly filter on the IP addresses you get from recvfrom. > > I don't understand your meaning of "internal dev".