All of lore.kernel.org
 help / color / mirror / Atom feed
* do a client behind NAT needs to define listening port?
@ 2017-04-30 11:43 Rostislav Belotserkovski
  2017-04-30 12:07 ` Jason A. Donenfeld
  0 siblings, 1 reply; 6+ messages in thread
From: Rostislav Belotserkovski @ 2017-04-30 11:43 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1: Type: text/plain, Size: 574 bytes --]

Hi!

Wanted to ask you a question: do a client behind the NAT needs to declare a
listening port?

here is my conf w/o listening port and it obviously  works (I guess the
server-2-client connection works because of PersistentKeepalive )

server:

[Interface]
PrivateKey = *********
ListenPort = 500

[Peer]
PublicKey = *********
AllowedIPs = 192.168.4.2
PersistentKeepalive = 25

client:
[Interface]
PrivateKey = *********

[Peer]
PublicKey = *********
Endpoint = serverip:500
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Thanks in advance.

-- 
Rostislav Belotserkovski

[-- Attachment #2: Type: text/html, Size: 1021 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
  2017-04-30 11:43 do a client behind NAT needs to define listening port? Rostislav Belotserkovski
@ 2017-04-30 12:07 ` Jason A. Donenfeld
  2017-04-30 12:33   ` Rostislav Belotserkovski
  0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-04-30 12:07 UTC (permalink / raw)
  To: Rostislav Belotserkovski; +Cc: WireGuard mailing list

If you don't specify a listening port, it will be picked at random for you.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
  2017-04-30 12:07 ` Jason A. Donenfeld
@ 2017-04-30 12:33   ` Rostislav Belotserkovski
  2017-04-30 12:35     ` Jason A. Donenfeld
  0 siblings, 1 reply; 6+ messages in thread
From: Rostislav Belotserkovski @ 2017-04-30 12:33 UTC (permalink / raw)
  Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 241 bytes --]

But, how would it work w/o port forwarding? Thanks in advance

On Sun, 30 Apr 2017 at 15:07 Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> If you don't specify a listening port, it will be picked at random for you.
>
-- 
Sent from my iPhone

[-- Attachment #2: Type: text/html, Size: 734 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
  2017-04-30 12:33   ` Rostislav Belotserkovski
@ 2017-04-30 12:35     ` Jason A. Donenfeld
  2017-04-30 14:53       ` Rostislav Belotserkovski
  0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-04-30 12:35 UTC (permalink / raw)
  To: Rostislav Belotserkovski; +Cc: WireGuard mailing list

If you're the client, you're already connecting _up_ to a server,
which means ordinary stateful NAT takes care of that.

Comparison: do you manually specify a source port when making an
outgoing HTTP connection?

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
  2017-04-30 12:35     ` Jason A. Donenfeld
@ 2017-04-30 14:53       ` Rostislav Belotserkovski
  2017-04-30 14:54         ` Jason A. Donenfeld
  0 siblings, 1 reply; 6+ messages in thread
From: Rostislav Belotserkovski @ 2017-04-30 14:53 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 653 bytes --]

I understand your example, but then another question is up - if we don't
specify PersistentKeepalive on one of the sides, after a while both client
and server become silent, and session effectively ends by routers udp
timeout (30 sec on mine), and if server needs to talk to a client which is
behind NAT w/o listening port forwarded, it will fail, right?

On Sun, 30 Apr 2017 at 15:35 Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> If you're the client, you're already connecting _up_ to a server,
> which means ordinary stateful NAT takes care of that.
>
> Comparison: do you manually specify a source port when making an
> outgoing HTTP connection?
>

[-- Attachment #2: Type: text/html, Size: 964 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: do a client behind NAT needs to define listening port?
  2017-04-30 14:53       ` Rostislav Belotserkovski
@ 2017-04-30 14:54         ` Jason A. Donenfeld
  0 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-04-30 14:54 UTC (permalink / raw)
  To: Rostislav Belotserkovski; +Cc: WireGuard mailing list

Yes.

If you're behind NAT, and want a server to be able to establish a
connection to you, enable PersistentKeepalive.

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-04-30 14:45 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-30 11:43 do a client behind NAT needs to define listening port? Rostislav Belotserkovski
2017-04-30 12:07 ` Jason A. Donenfeld
2017-04-30 12:33   ` Rostislav Belotserkovski
2017-04-30 12:35     ` Jason A. Donenfeld
2017-04-30 14:53       ` Rostislav Belotserkovski
2017-04-30 14:54         ` Jason A. Donenfeld

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.