Wireguard broken with ip rule due to missing address binding
Nico Schottelius
nico.schottelius at ungleich.ch
Wed Jun 19 10:12:49 UTC 2024
Hello Antonio,
Antonio Quartulli <a at unstable.cc> writes:
> Hi,
>
> On 19/06/2024 11:42, Nico Schottelius wrote:
>> I really hope the address binding issue can be solved soon, especially
>> giving there is already a patch for it available.
>
> Question: instead of implementing pure IP binding, may it help to
> implement some logic so that messages to a peer are always sent using
> the IP where previous packets were received?
This would fix the problem of replying with the incorrect address, yes.
However it does not fix the issue of selecting the right ip address on
systems with multiple IP addresses ("Originating / initial ip address
wrong").
Adding this option sounds rather reasonable, but it does not fix the
whole issue.
Note that both issues would be fixed with IP address binding.
BR,
Nico
-------------- next part --------------
--
Sustainable and modern Infrastructures by ungleich.ch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20240619/03e6c422/attachment.sig>
More information about the WireGuard
mailing list