[RFC] Replace WireGuard AllowedIPs with IP route attribute
Daniel Gröber
dxld at darkboxed.org
Fri Sep 29 13:12:57 UTC 2023
Hi Ivan,
> IMO, a good tunnel solution may be if what is now called AllowedIPs,
> were functionally split into:
> - AcceptIPS (to be different from AllowedIPs)
> - RouteIPs
> Perhaps with a default shorthand of, say, IPs, setting both, as
> AllowedIPs historically caused confusion wrt. it's meaning.
That would be one way to paint the shed, yes.
This alone doesn't really address the crux of the problem though:
scalability.
> Wireguard API is a bit clunky, but I think one could dynamically manage
> routes in reasonably efficient ways without extra interfaces and layers.
The entire idea with the new route attribute is to put this functionality
into the right (pre-existing) layer and not invent a new way of expressing
this. We even get scalability for free. Win-Win.
--Daniel
PS: Your mail didn't reach my inbox for some reason, I randomly found it
while looking at the wg list archives. Consider configuring your mail
client to To/CC people you're replying to in order to better handle flaky
list servers.
More information about the WireGuard
mailing list