[WireGuard] Troubleshooting with WireGuard
mmoya at mmoya.org
Wed Jul 13 09:19:09 CEST 2016
On 12/07/16 22:20, Daniel Kahn Gillmor wrote:
First of all, I'd like to thank Jason for wireguard and those packagers
who are making wireguard more easy to install.
Easy and solid crypto for all is a good thing.
> On Tue 2016-07-12 19:55:50 +0200, JRason A. Donenfeld wrote:
>> Endpoint is a good name.
>> AllowedIPs is a horrible name. But I'm not sure what else to call it.
>> I'm open to all suggestions.
> AllowedTunnelledIPs ?
> TunnelledCIDRs ?
I vote for 'AllowedTunnelledIPs' because:
* It's near to what we have now (AllowedIPs).
* It's simple (not technicisms in the name like 'vpn', 'cidr').
* It's reasonable concise (not like AllowedTunnelledSourceIPs or
AllowedIncomingSourceIPs or whatever).
* The name represents exactly what is under the hood. This value
represents those ips allowed to pop up from the wg iface and not
necessarily the subnets of the peer.
I don't subscribe Baptiste suggestions (VPNSubnets, PeerVPNSubnets,
InternalIPs) because considering the case when you're routing all ip4 or
ip6 through the tunnel, in the 'client' side you will have to allow
0.0.0.0/0 and ::/0 and those are neither internal ips nor subnets of the
More information about the WireGuard