From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b25b0c5f for ; Mon, 29 May 2017 20:49:22 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 1f367fea for ; Mon, 29 May 2017 20:49:22 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id fde389e5 for ; Mon, 29 May 2017 21:00:47 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 04a2dbd2 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Mon, 29 May 2017 21:00:47 +0000 (UTC) Received: by mail-oi0-f41.google.com with SMTP id b204so89900289oii.1 for ; Mon, 29 May 2017 14:02:18 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <3aee46648bd2d8c49fd13e1fd140d3d3@nickmaleao.stream> References: <3aee46648bd2d8c49fd13e1fd140d3d3@nickmaleao.stream> From: "Jason A. Donenfeld" Date: Mon, 29 May 2017 23:02:16 +0200 Message-ID: Subject: Re: TCP traffic in ipip tunnel inside wireguard connection To: Ivan Leonardo Content-Type: text/plain; charset="UTF-8" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi Ivan, I'll try to reproduce in order to determine whether or not there's a checksum bug with nested tunnels. However, all of this seems quite unnecessary: Just set allowed-ips to be your /30 for each peer. If you need one to be 0.0.0.0/0 at one time or another, you can change these at runtime. Alternatively, if you _must_ have multiple 0.0.0.0/0 just use two different wireguard interfaces running on different UDP ports, and then you'll have the full power of the ordinary linux routing table for this sort of craziness. Jason