[WireGuard] [PATCH] persistent keepalive: start sending immediately
Jason A. Donenfeld
Jason at zx2c4.com
Fri Jul 8 16:30:58 CEST 2016
On Fri, Jul 8, 2016 at 4:28 PM, Baptiste Jonglez
<baptiste at bitsofnetworks.org> wrote:
> Yes, this is good to have, for the reasons mentioned by others (immediate
> reachability in the reverse direction).
Will merge this then.
>
> Does the first handshake occurs when the interface is up or when data is
> first sent on the interface?
Only when data is sent. WireGuard is as silent as possible by default.
>
> Just a random thought, though: are keepalive packets in only one direction
> (client to server) enough to maintain a mapping in a NAT or stateful
> firewall? Aren't there edge cases where you would need keepalives in both
> directions?
If you send an outgoing packet behind nat to a certain IP, that IP is
expected to be able to reply to you right afterward. That's the
characteristic we depend on.
If both sides are behind odd firewalls, then both sides could enable
the feature. But I suspect in most cases only one side will use it.
More information about the WireGuard
mailing list