Ability to enable catch all allowed-ips on all peers
Damian Kaczkowski
damian.kaczkowski at gmail.com
Fri May 5 20:00:10 CEST 2017
Hello Jason.
I would like to enable allowed-ips 0.0.0.0/0 on all peers, cause I have a
scenario with multi-homed hosts where I would like to rely on firewall and
routes only instead of additional wireguard acls. Traffic is routed forth
and back via different interfaces thus I have to know which interface it's
gona come back and allow remote ips on few/all interfaces. Currently
wireguard applys catch all 0.0.0.0/0 allowed-ips only on one peer under wg
interface which is a no-go in such scenario.
This I think is also needed if one wants to build some dynamic routing on
top of wireguard connected nodes, isn't it?
Example wg output:
interface: wg2
public key: <blank>
private key: (hidden)
preshared key: (hidden)
listening port: 51821
peer: <blank>
endpoint: <blank>
allowed ips: (none) <-------------------------------------------
latest handshake: 34 seconds ago
transfer: 1.16 KiB received, 736 B sent
peer: <blank>
endpoint: <blank>
allowed ips: (none) <-------------------------------------------
latest handshake: 34 seconds ago
transfer: 888 B received, 552 B sent
peer: <blank>
endpoint: <blank>
allowed ips: (none) <-------------------------------------------
latest handshake: 34 seconds ago
transfer: 1.16 KiB received, 736 B sent
peer: <blank>
endpoint: <blank>
allowed ips: 0.0.0.0/0 <----------------------------------------
latest handshake: 1 day, 18 hours, 41 minutes, 34 seconds ago
transfer: 4.30 KiB received, 3.12 KiB sent
Greets.
Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170505/79c3ed4f/attachment.html>
More information about the WireGuard
mailing list