Explanation of multiple addresses in config

Michael Brookes mgsb81 at gmail.com
Mon Dec 30 11:16:32 CET 2019


Hello

The manpage for wg-quick states one can use Address multiple times in
the Interface section of a config.  I've tried this but it yields
unexpected results.  Here is my config which I'm using on my Ubuntu
laptop:

[Interface]
PrivateKey = <key>
Address = 10.19.49.103/24
Address = 10.88.118.166/16

[Peer]
PublicKey = FgVLScjX29jwnXXbHStFpNKcFqbaiNK6LuSWFglrWCo=
AllowedIPs = 172.18.1.0/24, 10.19.49.0/24
Endpoint = endpoint1:51820
PersistentKeepalive = 10

[Peer]
PublicKey = itXrReVj+wuecrSs+VNnEEkpc7wHb8QhXQtMQUBrOj8=
AllowedIPs = 172.27.0.0/16,10.88.0.0/16
Endpoint = endpoint2:51820
PersistentKeepalive = 25

wg-quick up <config> gives me an interface with both addresses
assigned, 10.19.49.103 is listed first, 10.88.118.166 listed second in
the ip addr output.
Running tcpdump in parallel on both peer endpoints and my latop, I
ping an address in the ranges the second peer lists in its AllowedIPs,
for example 172.27.3.141.
tcpdump on the wireguard interfaces shows the following:

10.19.49.103 -> 172.27.3.141: : ICMP echo request

I can see the peer itXrReV... receiving the echo request but it's
coming from the first Address listed in the config and endpoint2 only
has 10.88/16 addresses in it's AllowedIPs.

Any insight into what's happening would be gratefully received, I've
tried asking a couple of times but not had any feedback, I suspect I
am fundamentally misunderstanding something here.

Regards and thanks.


More information about the WireGuard mailing list