From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Multiple Endpoints
Date: Sun, 8 Jan 2017 23:18:01 +0100 [thread overview]
Message-ID: <CAHmME9p0wV=cVME+3vQ5tenWOBc5SQWicKevXOwf2N7O2R225Q@mail.gmail.com> (raw)
In-Reply-To: <20170108141216.GB6421@tuxmachine.polynome.dn42>
On Sun, Jan 8, 2017 at 3:12 PM, Baptiste Jonglez
<baptiste@bitsofnetworks.org> wrote:
> I am also interested in multiple endpoints support, and I am preparing a
> proposal that I will send soon.
Cool. Any details? Probably best to discuss it casually before putting
too much work into it.
Have you read that Mosh multipath paper? I just ran into this the
other night and put it on my reading list. If so, is it any good or
relavent to this?
> So, if a client is connected to the server and the server changes its IP
> address, the client will keep trying to use the old IP address forever.
No. If the server sends a packet to the client using the same UDP
src/dst, then it will make it to the client, and the client will learn
the new server IP.
> You would need to destroy the wireguard interface on the client and
> recreate it, so that `wg` configures the kernel module with the new IP
> address associated with the hostname.
No. And even in the worst possible case, no destruction of the wg
interface would be necessary. wg(8) can reconfigure all attributes on
the fly.
> You're right, in your case, you would need to setup port forwarding on
> your client, so that wireguard on your client device can be reached from
> any IP address.
No. In the vast majority of cases I've seen, both stateful firewalls
and NAT do not do the mapping based on the remote IP.
next prev parent reply other threads:[~2017-01-08 22:08 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-07 14:43 em12345
2017-01-07 15:23 ` Jason A. Donenfeld
2017-01-07 16:45 ` em12345
2017-01-08 14:12 ` Baptiste Jonglez
2017-01-08 14:39 ` Jörg Thalheim
2017-01-08 21:22 ` Baptiste Jonglez
2017-01-08 22:19 ` Jason A. Donenfeld
2017-01-08 22:18 ` Jason A. Donenfeld [this message]
2017-01-08 22:57 ` Baptiste Jonglez
2017-01-08 23:00 ` Jason A. Donenfeld
2017-01-09 11:35 ` Varying source address and stateful firewalls (Was: Multiple Endpoints) Baptiste Jonglez
2017-01-10 4:32 ` Jason A. Donenfeld
2017-01-15 10:01 ` Multiple Endpoints Jason A. Donenfeld
2017-01-08 22:14 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9p0wV=cVME+3vQ5tenWOBc5SQWicKevXOwf2N7O2R225Q@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=baptiste@bitsofnetworks.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).