AW: two client connections -> crash?

M. Dietrich mdt at emdete.de
Tue Jul 14 19:54:41 CEST 2020


Quotation from Joachim Lindenberg at Juli 14, 2020 15:43:
> didn´t find a good documentation on that.

Oh, there is, one doesnt recognize in the first place as a 
beginner. ;)

> And obviously with one connection it wasn´t that 
> important to get it right.

depends on your demand. so if you put your setting 0.0.0.0/0 
there all traffic goes into that tunnel. if the other end 
doesnt know how to react this wont work neither. it's a 
typical setup where you want to reach the internet via a VPN.

if you want to connect boxes into a network to be securly 
reachable to each other this is a completly different demand. 
you just give each box an IP and tell wiregard where to find 
it.

> What IP addresses or network 
> should AllowedIPs refer to? Client? Server? Tunnel?

there isnt really a client or server in wg. ;)

i typically use a star-topology for that. there is a box in 
the middle, all others connect to that middle box. all the 
boxes are in the network 172.16.0.0 and are numbered 
172.16.0.1, 172.16.0.2, ...

the middle box has entries for each peer like

[Peer]
PublicKey = <key of the connecting box>
AllowedIPs = 172.16.0.1/32
...

while the box itself has an entry

[Peer]
PublicKey = <key of the center box>
AllowedIPs = 172.16.0.0/12
...

for the peer and the IP configured for the interface:

[Interface]
Address = 172.16.0.1
...

that should do. i agree: the setup is a bit notchy to 
maintain but there are tools for that. i still do it manually 
but i dont have that much peers.

best regards, Michael
M. Dietrich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200714/bffa653b/attachment.asc>


More information about the WireGuard mailing list