Wireguard using wrong source IP and confusing NAT devices

[Martin Wagner]

One of my servers has two IPv4 addresses. When I try to connect to the
one that isn't configured as default route wireguard is still responding
on the other IP which is causing my NAT to drop the response. If I
change the Endpoint= in the client config to the default ip of the
server everything works fine.

Is this the expected behavior?

Traffic captured on the server:

    1 0.000000000 client_ip → server_ip_1  WireGuard 190 Handshake
Initiation, sender=0xF493E197
    2 0.000693930  server_ip_2 → client_ip WireGuard 134 Handshake
Response, sender=0x5A3B09B6, receiver=0xF493E197
    3 5.119191567 client_ip → server_ip_1  WireGuard 190 Handshake
Initiation, sender=0x4064907A
    4 5.119838133  server_ip_2 → client_ip WireGuard 134 Handshake
Response, sender=0xCAB5E13D, receiver=0x4064907A

Traffic captured on the client:

    1 0.000000000   nat_ip → server_ip_1  WireGuard 176 Handshake
Initiation, sender=0xBC6FCC0F
    2 5.116674624   nat_ip → server_ip_1  WireGuard 176 Handshake
Initiation, sender=0x87E999EA


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20191001/3f94af03/attachment.html>