* do a client behind NAT needs to define listening port?
@ 2017-04-30 11:43 Rostislav Belotserkovski
2017-04-30 12:07 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Rostislav Belotserkovski @ 2017-04-30 11:43 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 574 bytes --]
Hi!
Wanted to ask you a question: do a client behind the NAT needs to declare a
listening port?
here is my conf w/o listening port and it obviously works (I guess the
server-2-client connection works because of PersistentKeepalive )
server:
[Interface]
PrivateKey = *********
ListenPort = 500
[Peer]
PublicKey = *********
AllowedIPs = 192.168.4.2
PersistentKeepalive = 25
client:
[Interface]
PrivateKey = *********
[Peer]
PublicKey = *********
Endpoint = serverip:500
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Thanks in advance.
--
Rostislav Belotserkovski
[-- Attachment #2: Type: text/html, Size: 1021 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
2017-04-30 11:43 do a client behind NAT needs to define listening port? Rostislav Belotserkovski
@ 2017-04-30 12:07 ` Jason A. Donenfeld
2017-04-30 12:33 ` Rostislav Belotserkovski
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-04-30 12:07 UTC (permalink / raw)
To: Rostislav Belotserkovski; +Cc: WireGuard mailing list
If you don't specify a listening port, it will be picked at random for you.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
2017-04-30 12:07 ` Jason A. Donenfeld
@ 2017-04-30 12:33 ` Rostislav Belotserkovski
2017-04-30 12:35 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Rostislav Belotserkovski @ 2017-04-30 12:33 UTC (permalink / raw)
Cc: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 241 bytes --]
But, how would it work w/o port forwarding? Thanks in advance
On Sun, 30 Apr 2017 at 15:07 Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> If you don't specify a listening port, it will be picked at random for you.
>
--
Sent from my iPhone
[-- Attachment #2: Type: text/html, Size: 734 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
2017-04-30 12:33 ` Rostislav Belotserkovski
@ 2017-04-30 12:35 ` Jason A. Donenfeld
2017-04-30 14:53 ` Rostislav Belotserkovski
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-04-30 12:35 UTC (permalink / raw)
To: Rostislav Belotserkovski; +Cc: WireGuard mailing list
If you're the client, you're already connecting _up_ to a server,
which means ordinary stateful NAT takes care of that.
Comparison: do you manually specify a source port when making an
outgoing HTTP connection?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
2017-04-30 12:35 ` Jason A. Donenfeld
@ 2017-04-30 14:53 ` Rostislav Belotserkovski
2017-04-30 14:54 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Rostislav Belotserkovski @ 2017-04-30 14:53 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 653 bytes --]
I understand your example, but then another question is up - if we don't
specify PersistentKeepalive on one of the sides, after a while both client
and server become silent, and session effectively ends by routers udp
timeout (30 sec on mine), and if server needs to talk to a client which is
behind NAT w/o listening port forwarded, it will fail, right?
On Sun, 30 Apr 2017 at 15:35 Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> If you're the client, you're already connecting _up_ to a server,
> which means ordinary stateful NAT takes care of that.
>
> Comparison: do you manually specify a source port when making an
> outgoing HTTP connection?
>
[-- Attachment #2: Type: text/html, Size: 964 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
2017-04-30 14:53 ` Rostislav Belotserkovski
@ 2017-04-30 14:54 ` Jason A. Donenfeld
0 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-04-30 14:54 UTC (permalink / raw)
To: Rostislav Belotserkovski; +Cc: WireGuard mailing list
Yes.
If you're behind NAT, and want a server to be able to establish a
connection to you, enable PersistentKeepalive.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-04-30 14:45 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-30 11:43 do a client behind NAT needs to define listening port? Rostislav Belotserkovski
2017-04-30 12:07 ` Jason A. Donenfeld
2017-04-30 12:33 ` Rostislav Belotserkovski
2017-04-30 12:35 ` Jason A. Donenfeld
2017-04-30 14:53 ` Rostislav Belotserkovski
2017-04-30 14:54 ` Jason A. Donenfeld
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.