Development discussion of WireGuard
 help / color / mirror / Atom feed
* wg set fail to update endpoint if traffic is flowing
@ 2020-03-31  8:36 xtus
  2020-04-10  8:01 ` Luis Ressel
  0 siblings, 1 reply; 2+ messages in thread
From: xtus @ 2020-03-31  8:36 UTC (permalink / raw)
  To: wireguard

Hi,

I was trying to update dynamically the endpoint for an interface, using `reresolve-dns.sh` or something like the following:

# wg set <interface> peer "<publickey>" endpoint "<FQDN>:<port>"

But the endpoint did not change, even if the `wg set` returns successfully, with retcode `0`.

Changing something like `persistent-keepalive` does work.

I debugged a bit, and I saw that if traffic is flowing throw the wireguard interface, then the endpoint change via `wg set` does not take effect.

The set endpoint works only if no traffic is flowing.

Is this expected behavior?

Thanks,
xtus


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: wg set fail to update endpoint if traffic is flowing
  2020-03-31  8:36 wg set fail to update endpoint if traffic is flowing xtus
@ 2020-04-10  8:01 ` Luis Ressel
  0 siblings, 0 replies; 2+ messages in thread
From: Luis Ressel @ 2020-04-10  8:01 UTC (permalink / raw)
  To: xtus; +Cc: wireguard

On Tue, Mar 31, 2020 at 08:36:52AM +0000, xtus wrote:
> The set endpoint works only if no traffic is flowing.
> 
> Is this expected behavior?

Yes, it is. It's not that wg set fails to update the endpoint; rather,
the endpoint you've set is immediately overwritten again -- to support
seamless roaming, wg updates the endpoint every time it receives an
authenticated packet from a peer.


Luis

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-04-10  8:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-31  8:36 wg set fail to update endpoint if traffic is flowing xtus
2020-04-10  8:01 ` Luis Ressel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).