[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
KeXianbin(http://diyism.com)
kexianbin at diyism.com
Mon Dec 17 10:02:46 CET 2018
It's my fault, sorry.
I didn't use the AllowedIPs option, i'm using "ip route add" in my script.
On Mon, Dec 17, 2018 at 4:54 PM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> On Mon, Dec 17, 2018 at 9:49 AM KeXianbin(http://diyism.com)
> <kexianbin at diyism.com> wrote:
> > I found the definition in manual:
> > AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks
> > from which incoming traffic for this peer is allowed and to which
> > outgoing traffic for this peer is directed
> >
> > from: https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html
>
> Yes, that is indeed what the man page says and it is the expected
> behavior. You've reported here, however, "Currently, the peer can set
> any IP, for example 10.1.0.4, and can send packets to my
> http://10.1.0.1:80 from 10.1.0.4," which sounds bad and like something
> worth taking seriously, if I'm interpreting that correctly. Would you
> take the time to create a reproducer similar to what I posted in my
> last email?
>
> Thanks,
> Jason
More information about the WireGuard
mailing list