Allowed IPs Toggling

Samuel Holland samuel at
Thu Mar 15 19:51:45 CET 2018


On 03/15/18 13:39, Steve Gilberd wrote:
>> Allowed IPs is like a routing table; you can't have two routes for the same
> set of IPs
> If this is the case, then wireguard does not have proper routing support.
> Normally, routing tables allow both multiple and overlapping routes present.
> When making routing decisions, the most-specific route is chosen (e.g. a /29 is
> higher priority than a /24 which overlaps with it). If there are two identical
> routes of the same size, then the one with the lowest routing metric is used.
> I can understand not allowing identical routes of the same size, as wireguard
> doesn't really have a concept of metric (although it could be useful for backup
> links). However, it really should allow overlapping routes of different sizes.
> There's no ambiguity with routing decisions, and it's a standard feature that I
> would normally expect any IP routing stack to have.

WireGuard *does* support overlapping ranges of AllowedIPs on different peers. It
doesn't support having *identical* ranges of AllowedIPs on different peers,
which was the situation here. (You're correct, there's no concept of a metric.)

> Cheers,
> Steve


More information about the WireGuard mailing list