Multiple Endpoints

em12345 em12345 at
Sat Jan 7 15:43:10 CET 2017


I'm wondering how to setup a WG client when having multiple DynDNS names
for a single WG server using dynamic IP. Using multiple DynDNS services
for the same host is a common pattern to work around unreliable DynDNS
As far as I see, only a single endpoint can be given in the configuration.

If there are no plans to support multiple endpoints, I guess this has to
be done via a cron job, since I don't see any explicit hook which could
be used instead.

In order to implement such a script I would have the following
additional questions:

1.) Is "wg setconf" returning/succeeding before the client-server
connection could be established? If so, would it be possible to add an
additional timeout option which waits up to the timeout for establishing
the connection and exits non zero if it failed to do so?
2.) Is "ip link up wg0" already returning/succeeding before the
client-server connection could be established?
3.) What is the best way to determine if a WG client-server connection
is currently alive/working/established? E.g.: wg show wg0
latest-handshakes? I assume that "ip link show wg0" will not show such info.
4.) Is it possible to use "wg set" and/or "wg setconf" while the link is
already up?
5.) Is it possible, using "wg set wg0 endpoint" to only change the
endpoint of an existing peer? Or is it necessary to use "wg setconf"
which replaces every setting for the link?

Similar problems have to be resolved when having Road Warrior PCs, which
may by sometimes directly connected inside the LAN, in which case the
tunnel should not be used. So:
1.) block server endpoint (e.g. via firewall) for crypted traffic
originating from a LAN client
2.) drop (or don't add in the first place) routes into tunnel when no
connection could be established



More information about the WireGuard mailing list