Re: wg showconf - Markus Woschank

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: Markus Woschank <markus.woschank@gmail.com>
To: Luis Ressel <aranea@aixah.de>
Cc: wireguard@lists.zx2c4.com
Subject: Re: wg showconf
Date: Sat, 4 Nov 2017 14:25:28 -0700	[thread overview]
Message-ID: <CAKUy5ayAzFtkLvagJN=m9Qk5Zuk1uwhHkj19=kCKDqNDj4jBxQ@mail.gmail.com> (raw)
In-Reply-To: <20171104212701.527fadc1@vega.skynet.aixah.de>

>> Having the output of showconf reflect the original configuration in a
>> deterministic way enables configuration/provisioning software to check
>> if the interface is in the desired state and only take action if it's
>> not - that would be very helpful at least to me.
>
> I'd suggest you set up your provisioning software to ignore the
> endpoints in "wg showconf"'s output if(f) the configuration file
> doesn't specify endpoints at all.
>
> If the config file does contain an endpoint, it's probably a good idea
> to compare it to the endpoint reported by wg showconf.

While searching for arguments I realised that wireguard will allow a
peer to connect with a different IP from the one set in the
configuration.
Not sure if this is the best behaviour (I understand that the peer
needs to know the secret key, anyway not sure).

Thanks,
Markus

next prev parent reply	other threads:[~2017-11-04 21:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-04 20:04 Markus Woschank
2017-11-04 20:27 ` Luis Ressel
2017-11-04 21:25   ` Markus Woschank [this message]
2017-11-04 23:01     ` Luis Ressel
2017-11-04 23:03       ` Luis Ressel
2017-11-05  0:05         ` Markus Woschank
2017-11-06 16:06           ` Bruno Wolff III

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKUy5ayAzFtkLvagJN=m9Qk5Zuk1uwhHkj19=kCKDqNDj4jBxQ@mail.gmail.com' \
    --to=markus.woschank@gmail.com \
    --cc=aranea@aixah.de \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).