wg addconf :: AllowedIPs gets deleted with the additions of peers

Toke Høiland-Jørgensen toke at toke.dk
Mon Jun 25 22:37:14 CEST 2018


Adrian Sevcenco <adrian.sev at gmail.com> writes:

> On 06/25/2018 10:55 PM, Toke Høiland-Jørgensen wrote:
>> Adrian Sevcenco <adrian.sev at gmail.com> writes:
>> 
>>> Hi! It seems that AllowedIPs declaration gets erased when peers are
>>> added with addconf
>> 
>> You can't have the same AllowedIPs for two different peers... :)
>
> Err... so, it's a bug or a feature?

A feature. The AllowedIPs controls which IP addresses will be routed to
that peer. They refer to addresses inside the tunnel. So depending on
your setup you'd specify the single IP you assign each peer, or possibly
any subnets behind that peer you want routed through the tunnel.

> If it is a feature how can i make server accept whatever ip get the 
> client(s) in various networks?

Changing IPs *on the outside* of the tunnel will be accepted
automatically. The Endpoint specifier is only the initial address; if a
device changes its IP, it'll just keep sending packets from the new IP,
and because they are authenticated by the crypto, the other peer will
accept them and change its notion of what IP the other peer is
reachable at automatically. So as long as only one peer changes its IP
at a time, roaming mostly just works :)

-Toke


More information about the WireGuard mailing list