From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: nicolas.prochazka@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id d5fef679 for ; Tue, 21 Feb 2017 07:40:16 +0000 (UTC) Received: from mail-lf0-f45.google.com (mail-lf0-f45.google.com [209.85.215.45]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 1c5034b0 for ; Tue, 21 Feb 2017 07:40:16 +0000 (UTC) Received: by mail-lf0-f45.google.com with SMTP id z127so59764207lfa.2 for ; Mon, 20 Feb 2017 23:41:04 -0800 (PST) MIME-Version: 1.0 Sender: nicolas.prochazka@gmail.com In-Reply-To: <11EB84FE-DEE6-4E3A-BEB2-FFCE80BA0524@danrl.com> References: <11EB84FE-DEE6-4E3A-BEB2-FFCE80BA0524@danrl.com> From: nicolas prochazka Date: Tue, 21 Feb 2017 08:41:01 +0100 Message-ID: Subject: Re: [wireguard-devel] About ip management To: =?UTF-8?Q?Dan_L=C3=BCdtke?= Content-Type: multipart/alternative; boundary=94eb2c1cb94a7368ab0549058057 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --94eb2c1cb94a7368ab0549058057 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thanks These are good ideas to explore Regards, Nicolas 2017-02-20 13:48 GMT+01:00 Dan L=C3=BCdtke : > Hi Nicolas, > > > > On 17 Feb 2017, at 15:03, nicolas prochazka > wrote: > > I hope not to have misunderstood ip management with wireguard, > > in a "server mode operation" , as many peers -> one peer ( server ) , > > private ip configuration must be coherent. > > There is no need for private (assuming you mean RFC1918) addresses, but o= f > course it works with private IPs as well as with public IP addresses. > > > > In fact, as server / client example in contrib, server must delivery ip > to clients, there's no way for client to know good private_ip . > > Unless it is configured statically, which is what I suggest doing. There > is plenty of IP space to use. Think of ULA or subprefixes of you GU(s). A > single /64 should be sufficient to address all your clients uniquely per > "server wg interface". The situation for legacy IP is also not that bad. > RFC1918 space is huge, and there is also RFC6598 to pick from. Why don't > just roll out IP configurations the same way you roll out WireGuard > configuration? It's just a line more in the config when you use wg-quick. > > > > We cannot use dhcp, layer 3 , so ... > > That's true for legacy IP. It does not hold true for state-of-the-art IP. > > > > we need to implement a pool ip manager , is it correct ? > > I do not really know what you are referring to when you write "pool ip > manager", but if you want to distribute IP configuration data inside the = wg > tunnel, you would need to configure static addresses to bootstrap that > from. This might change in the future, as Jason said to be working in OOB > features. IP management would then take place in user space mostly/entire= ly. > > Hope that helps! > > Cheers, > > Dan --94eb2c1cb94a7368ab0549058057 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thanks
These are good ideas = to explore
Regards,
Nicolas

2017-02-20 13:48 GMT+01:00= Dan L=C3=BCdtke <mail@danrl.com>:
Hi Nicolas,


> On 17 Feb 2017, at 15:03, nicolas prochazka <prochazka.nicolas@gmail.com> wrote:
> I hope not to have misunderstood ip management with wireguard,
> in a "server mode operation" , as many peers -> one peer = ( server ) ,
> private ip configuration must be coherent.

There is no need for private (assuming you mean RFC1918) addresses, = but of course it works with private IPs as well as with public IP addresses= .


> In fact, as server / client example in contrib, server must delivery i= p to clients, there's no way for client to know good private_ip .

Unless it is configured statically, which is what I suggest doing. T= here is plenty of IP space to use. Think of ULA or subprefixes of you GU(s)= . A single /64 should be sufficient to address all your clients uniquely pe= r "server wg interface". The situation for legacy IP is also not = that bad. RFC1918 space is huge, and there is also RFC6598 to pick from. Wh= y don't just roll out IP configurations the same way you roll out WireG= uard configuration? It's just a line more in the config when you use wg= -quick.


> We cannot use dhcp, layer 3 , so ...

That's true for legacy IP. It does not hold true for state-of-th= e-art IP.


> we need to implement a pool ip manager , is it correct ?

I do not really know what you are referring to when you write "= pool ip manager", but if you want to distribute IP configuration data = inside the wg tunnel, you would need to configure static addresses to boots= trap that from. This might change in the future, as Jason said to be workin= g in OOB features. IP management would then take place in user space mostly= /entirely.

Hope that helps!

Cheers,

Dan

--94eb2c1cb94a7368ab0549058057--