Roaming Mischief

Lonnie Abelbeck lists at
Tue Nov 14 14:53:23 CET 2017

On Nov 14, 2017, at 4:30 AM, Kalin KOZHUHAROV <me.kalin at> wrote:

> On Tue, Nov 14, 2017 at 10:59 AM, Jason A. Donenfeld <Jason at> wrote:
>> The other approach would be to add an optional exclamation
>> mark to the end of an endpoint specification
>> (!), that would prevent
>> servers from roaming; the client would still roam in the eyes of the
>> server, but the server, would no longer roam in the eyes of the
>> client. In other words, an option -- gasp, a nob! -- to disable
>> roaming on a per-by-peer one-sided basis. As you know, I don't really
>> like nobs. And I'd hate to add this, and then for people to use it,
>> and then loose some nice aspects of roaming, if it's not really even
>> required.
> I have been wondering along those lines of roaming...
> There are certain use cases that require no roaming at all, e.g. a
> small set of servers that don't change IP.
> Anyway, a somewhat limited "roaming" can be achieved via DNS/hosts, if
> one trusts that system.
> While seamless roaming is a feature you use often I guess, my personal
> preference is to have it optional and explicitly specified, e.g. I
> have a few mobile devices (laptop, tablet), that only talk to 1 (or
> few at most) fixed IP (or DNS at least) "servers" (yes I know WG is
> P2P) and via those to the rest of the fixed hosts. So in this scenario
> (somewhat hard to achieve by {ip,nf}tables), I'd rather spec who is
> talking to whom, who can roam, etc.
> As for the syntax, and I hate to suggest that, adding a new option
> (breaking compatibility) like "AllowRoaming=yes|1" with default
> AllowRoaming=no is what I would like, instead of somewhat vague "!" at
> the end.

Kalin, I don't care for the somewhat vague "!"  notation either ... reads NOT to me.

But, I would not break compatibility, I suggest adding a "paranoid option" EndpointFixed ...
EndpointFixed - Optional, defaults to 0|no, endpoint roaming is enabled by default,. Set EndpointFixed to 1|yes to disable endpoint roaming.  Ignored if Endpoint is not defined.

As a side-benefit, the documentation of this option provides some quick-reference documentation to the operation of WireGuard.


