Android and Manjaro road warriors behind dynamic IP addresses/Carrier Grade NAT?

Rene 'Renne' Bartsch, B.Sc. Informatics ml at
Sat Dec 29 14:49:56 CET 2018

Hi Markus,

that's what I thought about, too. It means to add another authentication system (SSH) and fiddle around on Android smartphones.

Is there any way for Wireguard peers with static IP addresses to push endpoint information of all connected peers to all other peers?
Or at least a hook which allows to dump changing endpoints into a file in real-time?

The optimal solution would be to integrate something like (DHT + hole punching techniques) into Wireguard itself.

Addressing by public keys and resolving IP-addresses/ports by a DHT would even make Wireguard John-Doe-compatible. ;-)



Am 29.12.18 um 13:53 schrieb Markus Grundmann:
> Hi Renne,
> for this reason I use a jump server based on SSH in the middle of the
> nodes.
> <snip>
> [authorized_keys]
> no-port-forwarding,no-X11-forwarding,command="~/bin/poll .my-ip ; cat
> ~/.remote-ip" ssh-rsa AAAAB3N ...
> </snap>
> After you have received the IP addresses you can use "wg" to set the new
> endpoint address on both nodes. The small script named "/bin/poll" uses
> the environment variables of SSH to wrote the current IP into a file.
> Best regards,
> Markus
> On 29.12.18 13:16, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
>> Hi,
>> we have Android and Manjaro road warriors which are often behind
>> internet sockets with dynamic IP addresses AND Carrier Grade NAT.
>> Does anyone know a trick how to initiate a direct Wireguard connection
>> between to road warriors without knowing their endpoint IP addresses/ports?
>> Regards,
>> Renne
>> _______________________________________________
>> WireGuard mailing list
>> WireGuard at
> _______________________________________________
> WireGuard mailing list
> WireGuard at

More information about the WireGuard mailing list