wg set allowed ip confusion

wg set allowed ip confusion

[jens]

hi,

after playing around with more than 1 peer i got in trouble ... i
realized that a endpoint itself it is not needed "server"side. so i set
none, but allowed-ips is ! but if i set one,the other one is deleted.
What do i miss?
thx so far.


i set up a second peer on a server like this (or in config file it is
the same)
a@freifunk # wg set wg0 peer abcdefsomenicekey=3D allowed-ips 0.0.0.0/0  =
   =20
a@freifunk # wg set wg0 peer abcdefothernicekey=3D allowed-ips 0.0.0.0/0

than the first peers allowed IP fields become empty and connection from
peer1 is no longer possible, same vice versa

some more notes..
the peers are running on different uplinks on small embedded devices,
single (wireguard) used - no problem so far.
the wg"server" is running on a VM and port 10099 is NATted there. so
both incoming connection (with different IPv4) are on the same port like
this ...

# wg
=2E..
  endpoint: 111.123.123.100:10099
=2E..
  endpoint: 222.321.321.200:10099
=2E..


--=20
make the world nicer, please use PGP encryption

Re: wg set allowed ip confusion

[Jason A. Donenfeld]

Hi Jens,

One peer, one IP. The routing enforces a 1:1 relationship. So no, you
can't do this. But I sincerely doubt you would even want to do this.

On your server, each peer's allowed IPs should probably be a /32 of
the actual internal IP address of the peer.

The front page of wireguard.io has an illustrative example
configuration of a client-server topology:
https://www.wireguard.io/#cryptokey-routing

Jason

Re: wg set allowed ip confusion

[jens]

for some reason i was confused , that this should be the real incoming
ip , not the given ip for the wg if.

thx


On 04.01.2017 22:15, Jason A. Donenfeld wrote:
> On your server, each peer's allowed IPs should probably be a /32 of
> the actual internal IP address of the peer.

-- 
make the world nicer, please use PGP encryption