[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?

Jason A. Donenfeld Jason at zx2c4.com
Mon Dec 17 09:54:03 CET 2018


On Mon, Dec 17, 2018 at 9:49 AM KeXianbin(http://diyism.com)
<kexianbin at diyism.com> wrote:
> I found the definition in manual:
> AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks
> from which incoming traffic for this peer is allowed and to which
> outgoing traffic for this peer is directed
>
> from: https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html

Yes, that is indeed what the man page says and it is the expected
behavior. You've reported here, however, "Currently,  the peer can set
any IP, for example 10.1.0.4, and can send packets to my
http://10.1.0.1:80 from 10.1.0.4," which sounds bad and like something
worth taking seriously, if I'm interpreting that correctly. Would you
take the time to create a reproducer similar to what I posted in my
last email?

Thanks,
Jason


More information about the WireGuard mailing list