[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?

Jason A. Donenfeld Jason at zx2c4.com
Mon Dec 17 08:39:59 CET 2018


On Mon, Dec 17, 2018 at 2:42 AM KeXianbin(http://diyism.com)
<kexianbin at diyism.com> wrote:
> AllowedIPs = 10.1.0.3/32
> [...]
> If I want to limit the peer to a fixed IP 10.1.0.3, any wg1.conf
> OPTION to config it?
>
> Currently,  the peer can set any IP, for example 10.1.0.4, and can
> send packets to my http://10.1.0.1:80 from 10.1.0.4.

Setting that peer's allowedips to 10.1.0.3/32 should accomplish
exactly what you want; that peer is _only_ allowed to send packets as
that IP. If the peer attempts to send packets as 10.1.0.4, WireGuard
should reject those packets. If it doesn't, that sounds like a major
bug.


More information about the WireGuard mailing list