[WireGuard] Using wireguard link as a proxy?

Baptiste Jonglez baptiste at bitsofnetworks.org
Fri Jul 22 11:32:11 CEST 2016


On Fri, Jul 22, 2016 at 04:09:13AM -0500, Bruno Wolff III wrote:
> On Fri, Jul 22, 2016 at 10:18:21 +0200,
>  Baptiste Jonglez <baptiste at bitsofnetworks.org> wrote:
> >
> >Yes, the notion of "immediate next destinaton" does not make sense for
> >Wireguard.  It encapsulates plain IP, not Ethernet.
> 
> I thought that the next IP address might have been available for wireguard
> to see as the information seems to be available for routing. But as you
> mention below and I realized, that doesn't help with the return packets
> since they can have (almost) any source address.
> 
> >You need "allowed ips 0.0.0.0/0" here.  Your situation is just a regular
> >client/server tunneling setup, there's nothing special about "proxying",
> >whatever that means.
> 
> Yeah I realized that when thinking about this some more. "Proxy" in this
> case means source nat will be used on the outgoing packets.

Ok, excellent!  Wireguard really doesn't care or even know about the
source NAT you may apply on the server (well, at least when thinking about
it at a high level).

If you had used a public IP addresses on the client side (instead of
192.168.7.2), and simply forwarded packets on the server without applying
any NAT, it would be exactly the same from the perspective of Wireguard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20160722/4fe79070/attachment.asc>


More information about the WireGuard mailing list