[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?

Tim Weippert weiti at weiti.org
Mon Dec 17 08:44:23 CET 2018


Hi, 

On Mon, Dec 17, 2018 at 09:42:17AM +0800, KeXianbin(http://diyism.com) wrote:
> For example, my wg1.conf now:
> 
> [Interface]
> PrivateKey = uMoD1TRi+tRkEVF/B5VrXQwHMN3xC1eLVXNbLkkkkkk=
> Address = 10.1.0.1/32
> ListenPort = 21404
> MTU=1300
> PostUp = ip route add 10.1.0.0/24 dev wg1
> PostDown = ip route del 10.1.0.0/24

Why you add a routing to a /24 if you only want 1:1 links?
I think with this entry the routing decision isn't made by
wireguards "AllowedIPs" statement, it is accomplished by normal 
routing lookups and get send through the tunnel.

Is there a reason for the /24 routing?

> [Peer]
> PublicKey = Zd5jssxd4zj/4d6ZpOtClyD/8V2eGR7jpHM3jpppppp=
> EndPoint = 162.243.2.2:21403
> AllowedIPs = 10.1.0.3/32

This should normally do what you expected, but i think as stated above
the /24 routing is "disabling" the correct behaviour.

regards, 
tim


More information about the WireGuard mailing list