Roaming Mischief

Kalin KOZHUHAROV me.kalin at gmail.com
Tue Nov 14 11:30:56 CET 2017


On Tue, Nov 14, 2017 at 10:59 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> The other approach would be to add an optional exclamation
> mark to the end of an endpoint specification
> (Endpoint=my.server.whatever.zx2c4.com:51820!), that would prevent
> servers from roaming; the client would still roam in the eyes of the
> server, but the server, would no longer roam in the eyes of the
> client. In other words, an option -- gasp, a nob! -- to disable
> roaming on a per-by-peer one-sided basis. As you know, I don't really
> like nobs. And I'd hate to add this, and then for people to use it,
> and then loose some nice aspects of roaming, if it's not really even
> required.
>
I have been wondering along those lines of roaming...
There are certain use cases that require no roaming at all, e.g. a
small set of servers that don't change IP.
Anyway, a somewhat limited "roaming" can be achieved via DNS/hosts, if
one trusts that system.

While seamless roaming is a feature you use often I guess, my personal
preference is to have it optional and explicitly specified, e.g. I
have a few mobile devices (laptop, tablet), that only talk to 1 (or
few at most) fixed IP (or DNS at least) "servers" (yes I know WG is
P2P) and via those to the rest of the fixed hosts. So in this scenario
(somewhat hard to achieve by {ip,nf}tables), I'd rather spec who is
talking to whom, who can roam, etc.

As for the syntax, and I hate to suggest that, adding a new option
(breaking compatibility) like "AllowRoaming=yes|1" with default
AllowRoaming=no is what I would like, instead of somewhat vague "!" at
the end.

Just my 2 (EUR) cents.

Cheers,
Kalin.


More information about the WireGuard mailing list