[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?

Jason A. Donenfeld Jason at zx2c4.com
Mon Dec 17 09:54:03 CET 2018

On Mon, Dec 17, 2018 at 9:49 AM KeXianbin(http://diyism.com)
<kexianbin at diyism.com> wrote:
> I found the definition in manual:
> AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks
> from which incoming traffic for this peer is allowed and to which
> outgoing traffic for this peer is directed
> from: https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html

Yes, that is indeed what the man page says and it is the expected
behavior. You've reported here, however, "Currently,  the peer can set
any IP, for example, and can send packets to my from," which sounds bad and like something
worth taking seriously, if I'm interpreting that correctly. Would you
take the time to create a reproducer similar to what I posted in my
last email?


More information about the WireGuard mailing list