Source IP incorrect on multi homed systems

Nico Schottelius nico.schottelius at
Sun Feb 19 20:18:34 UTC 2023

tlhackque <tlhackque at> writes:
>> [...]
>> 4.1 <>. UDP
>> Source Address Selection
>>     ***To avoid these problems, servers when responding to queries
>> using UDP _must _cause the reply to be sent with the source address
>> field in the IP header set to the address that was in the
>> destination address field of the IP header of the packet containing
>> the query causing the response.** *

OMG, we really have seen everything already, haven't we?

Jason, what do you think about adopting the RFC2181 Source Address
Selection algorithm for wireguard?

If I am not mistaken that would mean in practice:

   if orignal_pkg.ip_dst == one_of_my_ips then
      return_pkg.ip.src = orignal_pkg.ip_dst
      return_pkg.ip.dst = orignal_pkg.ip_src

For me that sounds like a sane approach (aside from
my very simplified algorithm).

Best regards,


Sustainable and modern Infrastructures by

More information about the WireGuard mailing list