[WireGuard] [PATCH] persistent keepalive: start sending immediately
Bruno Wolff III
bruno at wolff.to
Fri Jul 8 15:39:59 CEST 2016
On Fri, Jul 08, 2016 at 15:03:20 +0200,
William <william at undefined.re> wrote:
>On Fri, Jul 08, 2016 at 02:34:12PM +0200, Jason A. Donenfeld wrote:
>> Rather than only start sending the persistent keepalive packets when the
>> device first sends data, this changes it to send the packets immediately
>> on `ip link set up`. This makes things generally seem more stateless,
>> since the administrator does not have to manually ping the endpoint.
>> I haven't merged this yet, and I'm debating whether it's something we want.
>> I'm open to all opinions here, so feed back would be most welcome.
>just to have a trace here of what I pointed out on IRC:
>In the case of making a peer accessible through a NAT "I don't want to
>have to manually ping things from the client I'm trying to ssh to in the
>first place".
If you want to save people from sending data through the tunnel using
pings (or whatever), you need to start holding the tunnel open when
the device comes up. The whole point is to make the end point available
to remotely initiated connections. Waiting for manually entered data
does work. (Though you could just send one ping packet to start things
rather than send them continuously as before this feature was added.)
More information about the WireGuard
mailing list