Thanks These are good ideas to explore Regards, Nicolas 2017-02-20 13:48 GMT+01:00 Dan Lüdtke : > Hi Nicolas, > > > > On 17 Feb 2017, at 15:03, nicolas prochazka > wrote: > > I hope not to have misunderstood ip management with wireguard, > > in a "server mode operation" , as many peers -> one peer ( server ) , > > private ip configuration must be coherent. > > There is no need for private (assuming you mean RFC1918) addresses, but of > course it works with private IPs as well as with public IP addresses. > > > > In fact, as server / client example in contrib, server must delivery ip > to clients, there's no way for client to know good private_ip . > > Unless it is configured statically, which is what I suggest doing. There > is plenty of IP space to use. Think of ULA or subprefixes of you GU(s). A > single /64 should be sufficient to address all your clients uniquely per > "server wg interface". The situation for legacy IP is also not that bad. > RFC1918 space is huge, and there is also RFC6598 to pick from. Why don't > just roll out IP configurations the same way you roll out WireGuard > configuration? It's just a line more in the config when you use wg-quick. > > > > We cannot use dhcp, layer 3 , so ... > > That's true for legacy IP. It does not hold true for state-of-the-art IP. > > > > we need to implement a pool ip manager , is it correct ? > > I do not really know what you are referring to when you write "pool ip > manager", but if you want to distribute IP configuration data inside the wg > tunnel, you would need to configure static addresses to bootstrap that > from. This might change in the future, as Jason said to be working in OOB > features. IP management would then take place in user space mostly/entirely. > > Hope that helps! > > Cheers, > > Dan