[WireGuard] [PATCH] persistent keepalive: start sending immediately

Bruno Wolff III bruno at wolff.to
Fri Jul 8 15:39:59 CEST 2016

On Fri, Jul 08, 2016 at 15:03:20 +0200,
  William <william at undefined.re> wrote:
>On Fri, Jul 08, 2016 at 02:34:12PM +0200, Jason A. Donenfeld wrote:
>> Rather than only start sending the persistent keepalive packets when the
>> device first sends data, this changes it to send the packets immediately
>> on `ip link set up`. This makes things generally seem more stateless,
>> since the administrator does not have to manually ping the endpoint.

>> I haven't merged this yet, and I'm debating whether it's something we want.
>> I'm open to all opinions here, so feed back would be most welcome.

>just to have a trace here of what I pointed out on IRC:
>In the case of making a peer accessible through a NAT "I don't want to
>have to manually ping things from the client I'm trying to ssh to in the
>first place".

If you want to save people from sending data through the tunnel using 
pings (or whatever), you need to start holding the tunnel open when 
the device comes up. The whole point is to make the end point available 
to remotely initiated connections. Waiting for manually entered data 
does work. (Though you could just send one ping packet to start things 
rather than send them continuously as before this feature was added.)

More information about the WireGuard mailing list