From: Aaron Jones <aaronmdjones@gmail.com>
To: Markus Woschank <markus.woschank@gmail.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Roaming Mischief
Date: Fri, 17 Nov 2017 17:36:26 +0000 [thread overview]
Message-ID: <cdf48a39-3d81-5269-dbb4-93929cdf081f@gmail.com> (raw)
In-Reply-To: <CAKUy5axo5jO=6qv1XEsHvOUkcm6z7r4UW1hV+Oeomq_dJqQXJg@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 17/11/17 17:23, Markus Woschank wrote:
> Please prove me wrong and supply an example where it makes sense
> to have a roaming peer's endpoint set, where the roaming peer
> _really_ roams (changes it's IP) and where on
> reboot/reset/whatsoever the originally set endpoint IP in the
> configuration magically makes any sense again.
>
> Markus
"Originally" is the fallacy. wg-quick(8) can persist the current state
of the interface to the configuration file on shutdown, and restore it
on reboot. This is precisely what you would enable in an actual roaming
scenario.
Roaming means that the current endpoint (at shutdown time) would be
persisted, and if the reboot doesn't take very long, it is highly
likely that the (new) endpoint does still make sense, particularly
because UDP is used which means new sessions can usually resume as if
nothing happened, even through a NAT (though if you are also behind a
NAT, source port randomisation may trip you up if you don't have it
forwarded through the remote one, but that's beside the point).
- --
Aaron Jones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJaDx4MAAoJEIrwc3SIqzAS36sQAK6RCyxC1QZROnrGT40YxjUq
cu/2yY/jUvyhN+O7vaPslw74A+DQGCmFyjSYjr7bw6zzS1fV0nH9IKa+3gRUmPke
Q9qEIdw+z39bNbpqWewBFYkIEBXj00/M50+CzWEKncrnbbAG8oUKxtM3sgjuNTpd
uDBe2yzxeYORkUt/WhFz4GR9bggmyNR8AzHBZ8MedSuceLgQQ+65G7+LZ2jixna+
3jpO7BGdQxM4hv+oTgHJ2IlTjK+LjCJ0HnR2j+sFas9KvZFXbNEi46bS3/+HZ8w5
fncVTZyh8Ez+GC6lCX4UfdMyTKc3U72XdL42LaoW+biketJ9S5GyY1MeDMVhtBWR
h/rO4aiRGZMUkxdpS4geUQ1tIPnLzIDN42tORrszE80o8Fd5iF/mj2IyXVRLkvj2
iyaERFeyTgKw3jvjPFKXeRjgUgGfwFtqpdA+ycXtI8heO/8GxZIqlrVwgpRyD/iA
JuCAucCF1HQtLJp51QfvJ3eEH2JmZvGgDk2COLhKt0hH6Wr4p/nDRasA9NS2HJEe
xJKKvERPTNSsmA+0a/WLRGrSPDxJJVLy0nQW9c/9dtwUZspUGJ7DHfSutCuShy6r
OSkTITSuZk7fjtEfVF1X7nV8F6GIVq8Xu7gk4B7EkekW6Z/QD9x7+PniLhjTkha7
+uGtIXqsnKaQ6miBKduu
=PxWC
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2017-11-17 17:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-14 9:59 Jason A. Donenfeld
2017-11-14 10:30 ` Kalin KOZHUHAROV
2017-11-14 13:53 ` Lonnie Abelbeck
2017-11-14 14:08 ` Kalin KOZHUHAROV
2017-11-14 13:25 ` Bruno Wolff III
2017-11-14 13:50 ` Kalin KOZHUHAROV
2017-11-15 18:38 ` Markus Woschank
2017-11-15 22:03 ` Aaron Jones
2017-11-17 17:23 ` Markus Woschank
2017-11-17 17:36 ` Aaron Jones [this message]
2017-11-17 18:38 ` Markus Woschank
2017-11-17 18:46 ` Markus Woschank
2017-11-17 21:29 ` Aaron Jones
2017-11-17 22:06 ` Markus Woschank
2017-11-17 22:11 ` Markus Woschank
2017-11-18 9:38 ` Matthias Urlichs
2017-11-18 15:01 ` Markus Woschank
2017-11-18 15:11 ` Markus Woschank
2017-11-16 17:45 ` Stephen Major
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cdf48a39-3d81-5269-dbb4-93929cdf081f@gmail.com \
--to=aaronmdjones@gmail.com \
--cc=markus.woschank@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).