[ wireguard-devel] Purge old peer
jens
jens at viisauksena.de
Wed Mar 1 15:04:12 CET 2017
On 01.03.2017 14:47, Nicolas Prochazka wrote:
> Hello,
> we hare using wireguard with a lot of client, with a lot of
> dynamically generated peer key.
> So we have, server side, a lot of peers that are become obsoletes
> At this time, we delete peer , based on latest handshake > delta time
> , with wg command.
> Is the best thing to do ? is it possible to implement an auto purge of
> old peer ?
>
>
user handling, somehow "user-state" is something which may better
parseable in terms of "wg" output - but to implement it in wireguard
itself opens a whole lot of topics. And i prefer solutions build around
the kernel modul itself and keep it quite impossible to trigger an
invalidation of any peer (by manipulating time servers or exploiting
some strange timeissues like leap seconds, timezones etc.) - especially
since this is the special usecase for many2one connections, like your
Serverexample.
--
make the world nicer, please use PGP encryption
More information about the WireGuard
mailing list