* [wireguard-devel] About ip management
@ 2017-02-17 14:03 nicolas prochazka
2017-02-20 12:48 ` Dan Lüdtke
0 siblings, 1 reply; 3+ messages in thread
From: nicolas prochazka @ 2017-02-17 14:03 UTC (permalink / raw)
To: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 442 bytes --]
Hello,
I hope not to have misunderstood ip management with wireguard,
in a "server mode operation" , as many peers -> one peer ( server ) ,
private ip configuration must be coherent. In fact, as server / client
example in contrib, server must delivery ip to clients, there's no way for
client to know good private_ip .
We cannot use dhcp, layer 3 , so ...
we need to implement a pool ip manager , is it correct ?
Regards,
Nicolas Prochazka.
[-- Attachment #2: Type: text/html, Size: 1197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [wireguard-devel] About ip management
2017-02-17 14:03 [wireguard-devel] About ip management nicolas prochazka
@ 2017-02-20 12:48 ` Dan Lüdtke
2017-02-21 7:41 ` nicolas prochazka
0 siblings, 1 reply; 3+ messages in thread
From: Dan Lüdtke @ 2017-02-20 12:48 UTC (permalink / raw)
To: nicolas prochazka; +Cc: WireGuard mailing list
Hi Nicolas,
> On 17 Feb 2017, at 15:03, nicolas prochazka =
<prochazka.nicolas@gmail.com> wrote:
> I hope not to have misunderstood ip management with wireguard,=20
> in a "server mode operation" , as many peers -> one peer ( server ) ,
> private ip configuration must be coherent.
There is no need for private (assuming you mean RFC1918) addresses, but =
of course it works with private IPs as well as with public IP addresses.
> In fact, as server / client example in contrib, server must delivery =
ip to clients, there's no way for client to know good private_ip .
Unless it is configured statically, which is what I suggest doing. There =
is plenty of IP space to use. Think of ULA or subprefixes of you GU(s). =
A single /64 should be sufficient to address all your clients uniquely =
per "server wg interface". The situation for legacy IP is also not that =
bad. RFC1918 space is huge, and there is also RFC6598 to pick from. Why =
don't just roll out IP configurations the same way you roll out =
WireGuard configuration? It's just a line more in the config when you =
use wg-quick.
> We cannot use dhcp, layer 3 , so ...=20
That's true for legacy IP. It does not hold true for state-of-the-art =
IP.
> we need to implement a pool ip manager , is it correct ?
I do not really know what you are referring to when you write "pool ip =
manager", but if you want to distribute IP configuration data inside the =
wg tunnel, you would need to configure static addresses to bootstrap =
that from. This might change in the future, as Jason said to be working =
in OOB features. IP management would then take place in user space =
mostly/entirely.
Hope that helps!
Cheers,
Dan=
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [wireguard-devel] About ip management
2017-02-20 12:48 ` Dan Lüdtke
@ 2017-02-21 7:41 ` nicolas prochazka
0 siblings, 0 replies; 3+ messages in thread
From: nicolas prochazka @ 2017-02-21 7:41 UTC (permalink / raw)
To: Dan Lüdtke; +Cc: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 1889 bytes --]
Thanks
These are good ideas to explore
Regards,
Nicolas
2017-02-20 13:48 GMT+01:00 Dan Lüdtke <mail@danrl.com>:
> Hi Nicolas,
>
>
> > On 17 Feb 2017, at 15:03, nicolas prochazka <prochazka.nicolas@gmail.com>
> wrote:
> > I hope not to have misunderstood ip management with wireguard,
> > in a "server mode operation" , as many peers -> one peer ( server ) ,
> > private ip configuration must be coherent.
>
> There is no need for private (assuming you mean RFC1918) addresses, but of
> course it works with private IPs as well as with public IP addresses.
>
>
> > In fact, as server / client example in contrib, server must delivery ip
> to clients, there's no way for client to know good private_ip .
>
> Unless it is configured statically, which is what I suggest doing. There
> is plenty of IP space to use. Think of ULA or subprefixes of you GU(s). A
> single /64 should be sufficient to address all your clients uniquely per
> "server wg interface". The situation for legacy IP is also not that bad.
> RFC1918 space is huge, and there is also RFC6598 to pick from. Why don't
> just roll out IP configurations the same way you roll out WireGuard
> configuration? It's just a line more in the config when you use wg-quick.
>
>
> > We cannot use dhcp, layer 3 , so ...
>
> That's true for legacy IP. It does not hold true for state-of-the-art IP.
>
>
> > we need to implement a pool ip manager , is it correct ?
>
> I do not really know what you are referring to when you write "pool ip
> manager", but if you want to distribute IP configuration data inside the wg
> tunnel, you would need to configure static addresses to bootstrap that
> from. This might change in the future, as Jason said to be working in OOB
> features. IP management would then take place in user space mostly/entirely.
>
> Hope that helps!
>
> Cheers,
>
> Dan
[-- Attachment #2: Type: text/html, Size: 2544 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-21 7:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-17 14:03 [wireguard-devel] About ip management nicolas prochazka
2017-02-20 12:48 ` Dan Lüdtke
2017-02-21 7:41 ` nicolas prochazka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.