Wireguard Identity Rotation

john walker john.lou.walker at gmail.com
Thu Jun 18 09:00:50 CEST 2020

I'm looking for a nice way to rotate keypairs with Wireguard. How much time
do you have to update the initiator and responder with new keypairs before
handshakes fail?

If I understood the whitepaper correctly, sessions aren't immediately invalid
when you change a peers identity. Instead, you have up to 5 minutes to update
both sides, or else the session keys are exhausted. Is this correct?


More information about the WireGuard mailing list