[WireGuard] Using wireguard link as a proxy?

Bruno Wolff III bruno at wolff.to
Fri Jul 22 11:09:13 CEST 2016

On Fri, Jul 22, 2016 at 10:18:21 +0200,
  Baptiste Jonglez <baptiste at bitsofnetworks.org> wrote:
>Yes, the notion of "immediate next destinaton" does not make sense for
>Wireguard.  It encapsulates plain IP, not Ethernet.

I thought that the next IP address might have been available for wireguard 
to see as the information seems to be available for routing. But as you 
mention below and I realized, that doesn't help with the return packets 
since they can have (almost) any source address.

>You need "allowed ips" here.  Your situation is just a regular
>client/server tunneling setup, there's nothing special about "proxying",
>whatever that means.

Yeah I realized that when thinking about this some more. "Proxy" in this 
case means source nat will be used on the outgoing packets.


More information about the WireGuard mailing list