<html><head><style>#x93406428d40e43d5be476ffb5412c83f #x70fb53580d9c415c9d6c4afe5251441b{
font-family:'Segoe UI';
font-size:12pt;
}
#x93406428d40e43d5be476ffb5412c83f{
font-family:'Segoe UI';
font-size:12pt;
}#x70fb53580d9c415c9d6c4afe5251441b
{font-family: 'Segoe UI'; font-size: 12pt;}
</style>
<style id="css_styles" type="text/css">blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
a img { border: 0px; }
li[style='text-align: center;'], li[style='text-align: right;'] { list-style-position: inside;}
body { font-family: Segoe UI; font-size: 12pt; }</style></head><body class="plain"><div>Hello,</div><div><br /></div><div id="x1378faaa1981473"><blockquote type="cite" class="cite2"><blockquote type="cite" class="cite"><div class="plain_line"> that seems not to be the intended behaviour:</div>
<div class="plain_line"> If I understand correctly, the current behaviour is:</div>
<div class="plain_line"> </div>
<div class="plain_line"> At tunnel start the IP is resolved</div>
<div class="plain_line"> This IP is used for ever, namingly for re-connects.</div>
</blockquote>
<div class="plain_line">This is only partly correct. The remote endpoint can unconditionally</div>
<div class="plain_line">roam and is updated by any valid packet from a given IP (if I remember</div>
<div class="plain_line">correctly).</div></blockquote><div id="x1378faaa1981473">What does that mean?</div><div id="x1378faaa1981473">Does that mean, that traffic will update the IP so that the problem will not appear?</div><blockquote type="cite" class="cite2"><div class="plain_line"><br /></div></blockquote><br /><blockquote type="cite" class="cite2"><div class="plain_line"><br /></div>
<blockquote type="cite" class="cite2">
<div class="plain_line"> The probably intended behaviour would be:</div>
<div class="plain_line"> At tunnel start and at any re-connect the IP is resolved.</div>
<div class="plain_line"> </div>
<div class="plain_line"> Do you agree that this behaviour should be changed?</div>
<div class="plain_line"> Apart from that: Can you suggest an automatable workaround?</div>
</blockquote>
<div class="plain_line"> </div>
<div class="plain_line">In some circumstances a similar behavior would be a desired.</div></blockquote><div id="x1378faaa1981473"><br /></div><div id="x1378faaa1981473">That's ambigous.</div><div id="x1378faaa1981473">In what circumstances, what behaviour would be desired?</div><div id="x1378faaa1981473"><br /></div><blockquote type="cite" class="cite2"><div class="plain_line"><br /></div>
<div class="plain_line">Wireguard design and implementation is layered (which seems good).</div>
<div class="plain_line">The secure* tunnel, including the kernel module and wg tool seem</div>
<div class="plain_line">to be in a reasonable state, but automation, DNS, key exchange are</div>
<div class="plain_line">out of scope for them. It is meant to be provided by tooling, which is</div>
<div class="plain_line">currently very raw.</div></blockquote><div id="x1378faaa1981473"><br /></div><div id="x1378faaa1981473">I don't understand... </div><div id="x1378faaa1981473">When I am on my way in a roadwarrier scenario with my mobile, with a changing IP and a changing connection that works very well.</div><div id="x1378faaa1981473">If the IP of my Server is changing, it's not working well at all. I don't think that this should be declared as 'works as intended'.</div><blockquote type="cite" class="cite2"><div class="plain_line"><br /></div></blockquote><br /><blockquote type="cite" class="cite2"><div class="plain_line"><br /></div>
<div class="plain_line">As a workaround you could</div>
<div class="plain_line"> - unconditionally periodically update the endpoint</div></blockquote></div><div id="x1378faaa1981473"><div id="x93406428d40e43d5be476ffb5412c83f"><div class="plain"><div id="x1378faaa1981473"><div id="x70fb53580d9c415c9d6c4afe5251441b"><div class="plain"><div id="x1378faaa1981473">This would break existing transfers without reason.</div></div></div></div></div></div><blockquote type="cite" class="cite2"><div class="plain_line"> - monitor last handshake time, when large update endpoint or restart</div>
<div class="plain_line"> tunnel</div></blockquote>That could be an option.<br /><blockquote type="cite" class="cite2"><div class="plain_line"> - add keepalive to server - it might reduce your downtime</div></blockquote>How would that help?</div><div id="x1378faaa1981473"><br /></div><div id="x1378faaa1981473">Greetings,</div><div id="x1378faaa1981473">Hendrik</div><div id="x1378faaa1981473"><br /></div><div id="x1378faaa1981473"><br /><blockquote type="cite" class="cite2"><div class="plain_line"><br /></div></blockquote><div id="x1378faaa1981473"><br /></div><div id="x1378faaa1981473"></div><div id="x1378faaa1981473"><br /></div><div id="x1378faaa1981473"><br /></div><br /><blockquote type="cite" class="cite2"><div class="plain_line"><br /></div>
</blockquote></div>
</body></html>