nat traversal / userspace impl
Jason E. Aten
j.e.aten at gmail.com
Mon Apr 17 23:28:47 CEST 2017
On Mon, Apr 17, 2017 at 12:55 PM, Jason A. Donenfeld <Jason at zx2c4.com>
> On Mon, Apr 17, 2017 at 7:45 PM, Jason E. Aten <j.e.aten at gmail.com> wrote:
> > 1. If it uses UDP only, how does NAT traversal (firewall punch through)
> > work?
> The same way UDP punching works every place else.
Thanks, Jason, for the quick reply.
If I read through the wikipedia article on UDP hole punching, it (
https://en.wikipedia.org/wiki/UDP_hole_punching) suggests that a public 3rd
party is needed.
> S is a public server with a well-known, globally reachable IP address.
...which makes total sense. Conversely, I don't see described anywhere a
public 3rd party protocol for wireguard clients to rendezvous.
I found this post:
makes rendezvous seem like an after thought.
Should I conclude that addressing NAT-ed clients is not something that
WireGuard itself plans to address?
The "number of security problems" with the approach mentioned in passing in
the 2016-August message would need enumeration and addressing. Is anybody
thinking about those? Is this on the roadmap for future plans?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WireGuard