[WireGuard] [PATCH 3/4] Explain the optional nature of Peer.EndPoint more clearly

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jul 1 14:13:26 CEST 2016


On Thu 2016-06-30 22:08:08 -0400, Jason A. Donenfeld wrote:
> I'm merging a commit with some of these suggested changes for 1,2,4.
> Thanks for those.

Thanks for the update, and for your improvements to my text.

> But the changes here are simply not correct.
>
> The endpoint is simply the initial endpoint used to contact the peer.
> If the peer sends legit traffic from a different endpoint, it will be
> updated to that new endpoint. So, specifying an endpoint doesn't bind
> traffic to that endpoint. It's simply an initial specifier of it.

Great, thanks for this explanation!

> Otherwise, how does traffic get started flowing?

Well, the traffic could get flowing because the peer initiates it,
right?  A novice admin who is trying to understand whether they should
put an "Endpoint" field in their config needs to know how to make that
decision.

What do you think of the following update:

diff --git a/src/tools/wg.8 b/src/tools/wg.8
index 67b4cf7..3f255e7 100644
--- a/src/tools/wg.8
+++ b/src/tools/wg.8
@@ -130,8 +130,12 @@ to which outgoing traffic for this peer is directed. The catch-all
 \fI0.0.0.0/0\fP may be specified for matching all IPv4 addresses, and
 \fI::/0\fP may be specified for matching all IPv6 addresses. Required.
 .IP \(bu
-Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
-port number. Optional.
+Endpoint \(em an endpoint IP or hostname, followed by a colon, and
+then a port number.  This is necessary to know where to direct
+outbound traffic if no inbound traffic has been received from the
+peer.  If the peer sends authenticated traffic from a different remote
+address and/or port, it will be updated to that new information
+automatically.  Optional.
 
 .SH CONFIGURATION FILE FORMAT EXAMPLE
 This example may be used as a model for writing configuration files.




      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20160701/d5650977/attachment.asc>


More information about the WireGuard mailing list