[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
weiti at weiti.org
Mon Dec 17 08:44:23 CET 2018
On Mon, Dec 17, 2018 at 09:42:17AM +0800, KeXianbin(http://diyism.com) wrote:
> For example, my wg1.conf now:
> PrivateKey = uMoD1TRi+tRkEVF/B5VrXQwHMN3xC1eLVXNbLkkkkkk=
> Address = 10.1.0.1/32
> ListenPort = 21404
> PostUp = ip route add 10.1.0.0/24 dev wg1
> PostDown = ip route del 10.1.0.0/24
Why you add a routing to a /24 if you only want 1:1 links?
I think with this entry the routing decision isn't made by
wireguards "AllowedIPs" statement, it is accomplished by normal
routing lookups and get send through the tunnel.
Is there a reason for the /24 routing?
> PublicKey = Zd5jssxd4zj/4d6ZpOtClyD/8V2eGR7jpHM3jpppppp=
> EndPoint = 184.108.40.206:21403
> AllowedIPs = 10.1.0.3/32
This should normally do what you expected, but i think as stated above
the /24 routing is "disabling" the correct behaviour.
More information about the WireGuard