[WireGuard] [PATCH 3/4] Explain the optional nature of Peer.EndPoint more clearly

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jul 1 00:55:22 CEST 2016

In the [Peer] stanza, i think the EndPoint represents an (optional)
additional constraint on where the remote peer is coming from.  If
EndPoint isn't specified, then the assumption is that anyone who can
prove posession of that public key can act as the given peer.

Clarify this in wg(8).
 src/tools/wg.8 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/tools/wg.8 b/src/tools/wg.8
index 77e9b0d..ae2ff1e 100644
--- a/src/tools/wg.8
+++ b/src/tools/wg.8
@@ -130,7 +130,9 @@ all IPv4 addresses, and \fI::/0\fP may be specified for matching all
 IPv6 addresses. Required.
 .IP \(bu
 Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
-port number. Optional.
+port number.  If an Endpoint field is not provided, then any remote address
+that can prove posession of the secret corresponding to the given PublicKey
+can claim addresses in the AllowedIPs range.  Optional.
 This example may be used as a model for writing configuration files.

More information about the WireGuard mailing list