Source IP incorrect on multi homed systems
Roman Mamedov
rm at romanrm.net
Sun Feb 19 20:42:52 UTC 2023
On Sun, 19 Feb 2023 21:18:34 +0100
Nico Schottelius <nico.schottelius at ungleich.ch> wrote:
> If I am not mistaken that would mean in practice:
>
> if orignal_pkg.ip_dst == one_of_my_ips then
> return_pkg.ip.src = orignal_pkg.ip_dst
> return_pkg.ip.dst = orignal_pkg.ip_src
> fi
>
> For me that sounds like a sane approach (aside from
> my very simplified algorithm).
Except there is no request and response in WG, and as such no original or
return packet. Another peer contacts you, then some time later you contact the
other peer. Or the other way round.
WG-wise what will need to be done is to store in the each peer's information
structure the local IP that we are supposed to use for communication with that
peer; and updating it when receiving packets from the peer, using the
destination of those. So you would see a "Local IP" in each "peer" section
when doing a "wg show".
Also, until there is such IP initially stored, it will have to be some default
outgoing IP of the system towards that peer. BTW, how would this work in your
setup, what if not the peer contacts you first, but your machine needs to
contact the peer?
--
With respect,
Roman
More information about the WireGuard
mailing list