<div dir="ltr"><div><div><span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">Thanks<br>These are good ideas to explore</span></span></div>Regards, <br></div>Nicolas<br></div><div class="gmail_extra"><br><div class="gmail_quote">2017-02-20 13:48 GMT+01:00 Dan Lüdtke <span dir="ltr"><<a href="mailto:mail@danrl.com" target="_blank">mail@danrl.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Nicolas,<br>
<span class=""><br>
<br>
> On 17 Feb 2017, at 15:03, nicolas prochazka <<a href="mailto:prochazka.nicolas@gmail.com">prochazka.nicolas@gmail.com</a>> wrote:<br>
> I hope not to have misunderstood ip management with wireguard,<br>
> in a "server mode operation" , as many peers -> one peer ( server ) ,<br>
> private ip configuration must be coherent.<br>
<br>
</span>There is no need for private (assuming you mean RFC1918) addresses, but of course it works with private IPs as well as with public IP addresses.<br>
<span class=""><br>
<br>
> In fact, as server / client example in contrib, server must delivery ip to clients, there's no way for client to know good private_ip .<br>
<br>
</span>Unless it is configured statically, which is what I suggest doing. There is plenty of IP space to use. Think of ULA or subprefixes of you GU(s). A single /64 should be sufficient to address all your clients uniquely per "server wg interface". The situation for legacy IP is also not that bad. RFC1918 space is huge, and there is also RFC6598 to pick from. Why don't just roll out IP configurations the same way you roll out WireGuard configuration? It's just a line more in the config when you use wg-quick.<br>
<span class=""><br>
<br>
> We cannot use dhcp, layer 3 , so ...<br>
<br>
</span>That's true for legacy IP. It does not hold true for state-of-the-art IP.<br>
<span class=""><br>
<br>
> we need to implement a pool ip manager , is it correct ?<br>
<br>
</span>I do not really know what you are referring to when you write "pool ip manager", but if you want to distribute IP configuration data inside the wg tunnel, you would need to configure static addresses to bootstrap that from. This might change in the future, as Jason said to be working in OOB features. IP management would then take place in user space mostly/entirely.<br>
<br>
Hope that helps!<br>
<br>
Cheers,<br>
<br>
Dan</blockquote></div><br></div>