Bruno Wolff III
bruno at wolff.to
Mon Nov 6 17:06:14 CET 2017
On Sun, Nov 05, 2017 at 01:05:18 +0100,
Markus Woschank <markus.woschank at gmail.com> wrote:
>I imaging specifying an endpoint IP for a peer and than discovering
>that it connected from a different IP may be surprising to some. I
>generally prefer for things to break if I configure them the wrong way
>and not work "sometimes" (wrong endpoint IP on one side but the other
>first initiating the connection most of the time).
Perhaps, but I think you are thinking about the function incorrectly. The
peer address shouldn't be looked at as a restriction, but rather as a hint
of where to send traffic to reach the peer if no traffic has been received
from it. In that light, wg's behavior makes sense. The last IP address
the peer was seen at, is normally the best place to look for it later.
More information about the WireGuard