[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
KeXianbin(http://diyism.com)
kexianbin at diyism.com
Mon Dec 17 09:00:03 CET 2018
>>>> Is there a reason for the /24 routing?
For example,
i want to enable the peers 10.1.0.3 and 10.1.0.4 to connect
10.1.0.1(my machine),
but i want to refuse 10.1.0.3 to pretend to be 10.1.0.4 while the real
10.1.0.4 is offline occasionally
On Mon, Dec 17, 2018 at 3:50 PM Tim Weippert <weiti at weiti.org> wrote:
>
> Hi,
>
> On Mon, Dec 17, 2018 at 09:42:17AM +0800, KeXianbin(http://diyism.com) wrote:
> > For example, my wg1.conf now:
> >
> > [Interface]
> > PrivateKey = uMoD1TRi+tRkEVF/B5VrXQwHMN3xC1eLVXNbLkkkkkk=
> > Address = 10.1.0.1/32
> > ListenPort = 21404
> > MTU=1300
> > PostUp = ip route add 10.1.0.0/24 dev wg1
> > PostDown = ip route del 10.1.0.0/24
>
> Why you add a routing to a /24 if you only want 1:1 links?
> I think with this entry the routing decision isn't made by
> wireguards "AllowedIPs" statement, it is accomplished by normal
> routing lookups and get send through the tunnel.
>
> Is there a reason for the /24 routing?
>
> > [Peer]
> > PublicKey = Zd5jssxd4zj/4d6ZpOtClyD/8V2eGR7jpHM3jpppppp=
> > EndPoint = 162.243.2.2:21403
> > AllowedIPs = 10.1.0.3/32
>
> This should normally do what you expected, but i think as stated above
> the /24 routing is "disabling" the correct behaviour.
>
> regards,
> tim
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
More information about the WireGuard
mailing list