wg showconf

Markus Woschank markus.woschank at gmail.com
Sat Nov 4 22:25:28 CET 2017


>> Having the output of showconf reflect the original configuration in a
>> deterministic way enables configuration/provisioning software to check
>> if the interface is in the desired state and only take action if it's
>> not - that would be very helpful at least to me.
>
> I'd suggest you set up your provisioning software to ignore the
> endpoints in "wg showconf"'s output if(f) the configuration file
> doesn't specify endpoints at all.
>
> If the config file does contain an endpoint, it's probably a good idea
> to compare it to the endpoint reported by wg showconf.

While searching for arguments I realised that wireguard will allow a
peer to connect with a different IP from the one set in the
configuration.
Not sure if this is the best behaviour (I understand that the peer
needs to know the secret key, anyway not sure).

Thanks,
Markus


More information about the WireGuard mailing list