From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: em12345 <em12345@web.de>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Multiple Endpoints
Date: Sat, 7 Jan 2017 16:23:08 +0100 [thread overview]
Message-ID: <CAHmME9p4WOB96v6P1E2yGZcpEXdRfG7e=vK1nUwCE953tx1SSA@mail.gmail.com> (raw)
In-Reply-To: <6d000312-635f-a361-200a-936da7ce7e17@web.de>
Hello,
Keep in mind that WireGuard's roaming property means that while the
two peers are communicating, they'll automatically be updating to each
others' latest IP addresses. One way to ensure that they _keep_
communicating is by using the PersistentKeepalive feature. This then
shifts the problem to "how do they start communicating", in which case
you can just use a little resolve,ping,resolve,ping loop on your
various dyndns services.
But, in case you want a different architecture, I'll directly answer
your questions:
- wg setconf/addconf/set can be run at any time, before or after the
link is up, and before or after peers are communicating. It returns
and succeeds immediately, leaving the actual negotiation to be done
whenever data needs to be sent.
- The same goes for `ip link up`, with the sole exception that `ip
link up` may fail if the UDP port is already in use by a different
program.
- The best way to determine if a wireguard link is up is if you can
send a ping through the tunnel.
- Your syntax doesn't make sense for endpoint setting. What you want
is: `wg set wg0 peer ABCDEFG... endpoint 1.2.3.4:1234`. So, yes, you
can individually set the endpoint of a peer.
Jason
next prev parent reply other threads:[~2017-01-07 15:13 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-07 14:43 em12345
2017-01-07 15:23 ` Jason A. Donenfeld [this message]
2017-01-07 16:45 ` em12345
2017-01-08 14:12 ` Baptiste Jonglez
2017-01-08 14:39 ` Jörg Thalheim
2017-01-08 21:22 ` Baptiste Jonglez
2017-01-08 22:19 ` Jason A. Donenfeld
2017-01-08 22:18 ` Jason A. Donenfeld
2017-01-08 22:57 ` Baptiste Jonglez
2017-01-08 23:00 ` Jason A. Donenfeld
2017-01-09 11:35 ` Varying source address and stateful firewalls (Was: Multiple Endpoints) Baptiste Jonglez
2017-01-10 4:32 ` Jason A. Donenfeld
2017-01-15 10:01 ` Multiple Endpoints Jason A. Donenfeld
2017-01-08 22:14 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9p4WOB96v6P1E2yGZcpEXdRfG7e=vK1nUwCE953tx1SSA@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=em12345@web.de \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).