[WireGuard] Troubleshooting with WireGuard

[Maykel Moya]

On 12/07/16 22:20, Daniel Kahn Gillmor wrote:

Hi, all

First of all, I'd like to thank Jason for wireguard and those packagers
who are making wireguard more easy to install.

Easy and solid crypto for all is a good thing.

> On Tue 2016-07-12 19:55:50 +0200, JRason A. Donenfeld wrote:
>> Endpoint is a good name.
>> AllowedIPs is a horrible name. But I'm not sure what else to call it.
>> I'm open to all suggestions.
> 
> AllowedTunnelledIPs ?
> TunnelledCIDRs ?

Let's bikeshed.

I vote for 'AllowedTunnelledIPs' because:

* It's near to what we have now (AllowedIPs).
* It's simple (not technicisms in the name like 'vpn', 'cidr').
* It's reasonable concise (not like AllowedTunnelledSourceIPs or
AllowedIncomingSourceIPs or whatever).
* The name represents exactly what is under the hood. This value
represents those ips allowed to pop up from the wg iface and not
necessarily the subnets of the peer.

I don't subscribe Baptiste suggestions (VPNSubnets, PeerVPNSubnets,
InternalIPs) because considering the case when you're routing all ip4 or
ip6 through the tunnel, in the 'client' side you will have to allow
0.0.0.0/0 and ::/0 and those are neither internal ips nor subnets of the
peers.

mmoya