WireGuard Archive on lore.kernel.org
 help / Atom feed
* [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
@ 2018-12-17  1:42 KeXianbin(http://diyism.com)
  2018-12-17  7:39 ` Jason A. Donenfeld
  2018-12-17  7:44 ` Tim Weippert
  0 siblings, 2 replies; 12+ messages in thread
From: KeXianbin(http://diyism.com) @ 2018-12-17  1:42 UTC (permalink / raw)
  To: WireGuard mailing list

For example, my wg1.conf now:

[Interface]
PrivateKey = uMoD1TRi+tRkEVF/B5VrXQwHMN3xC1eLVXNbLkkkkkk=
Address = 10.1.0.1/32
ListenPort = 21404
MTU=1300
PostUp = ip route add 10.1.0.0/24 dev wg1
PostDown = ip route del 10.1.0.0/24

[Peer]
PublicKey = Zd5jssxd4zj/4d6ZpOtClyD/8V2eGR7jpHM3jpppppp=
EndPoint = 162.243.2.2:21403
AllowedIPs = 10.1.0.3/32
PersistentKeepalive = 60

If I want to limit the peer to a fixed IP 10.1.0.3, any wg1.conf
OPTION to config it?

Currently,  the peer can set any IP, for example 10.1.0.4, and can
send packets to my http://10.1.0.1:80 from 10.1.0.4.

Thanks.

Malcolm Ke
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  1:42 [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1? KeXianbin(http://diyism.com)
@ 2018-12-17  7:39 ` Jason A. Donenfeld
  2018-12-17  7:53   ` KeXianbin(http://diyism.com)
  2018-12-17  7:44 ` Tim Weippert
  1 sibling, 1 reply; 12+ messages in thread
From: Jason A. Donenfeld @ 2018-12-17  7:39 UTC (permalink / raw)
  To: KeXianbin(http://diyism.com); +Cc: WireGuard mailing list

On Mon, Dec 17, 2018 at 2:42 AM KeXianbin(http://diyism.com)
<kexianbin@diyism.com> wrote:
> AllowedIPs = 10.1.0.3/32
> [...]
> If I want to limit the peer to a fixed IP 10.1.0.3, any wg1.conf
> OPTION to config it?
>
> Currently,  the peer can set any IP, for example 10.1.0.4, and can
> send packets to my http://10.1.0.1:80 from 10.1.0.4.

Setting that peer's allowedips to 10.1.0.3/32 should accomplish
exactly what you want; that peer is _only_ allowed to send packets as
that IP. If the peer attempts to send packets as 10.1.0.4, WireGuard
should reject those packets. If it doesn't, that sounds like a major
bug.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  1:42 [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1? KeXianbin(http://diyism.com)
  2018-12-17  7:39 ` Jason A. Donenfeld
@ 2018-12-17  7:44 ` Tim Weippert
  2018-12-17  7:50   ` Jason A. Donenfeld
  2018-12-17  8:00   ` KeXianbin(http://diyism.com)
  1 sibling, 2 replies; 12+ messages in thread
From: Tim Weippert @ 2018-12-17  7:44 UTC (permalink / raw)
  To: wireguard

Hi, 

On Mon, Dec 17, 2018 at 09:42:17AM +0800, KeXianbin(http://diyism.com) wrote:
> For example, my wg1.conf now:
> 
> [Interface]
> PrivateKey = uMoD1TRi+tRkEVF/B5VrXQwHMN3xC1eLVXNbLkkkkkk=
> Address = 10.1.0.1/32
> ListenPort = 21404
> MTU=1300
> PostUp = ip route add 10.1.0.0/24 dev wg1
> PostDown = ip route del 10.1.0.0/24

Why you add a routing to a /24 if you only want 1:1 links?
I think with this entry the routing decision isn't made by
wireguards "AllowedIPs" statement, it is accomplished by normal 
routing lookups and get send through the tunnel.

Is there a reason for the /24 routing?

> [Peer]
> PublicKey = Zd5jssxd4zj/4d6ZpOtClyD/8V2eGR7jpHM3jpppppp=
> EndPoint = 162.243.2.2:21403
> AllowedIPs = 10.1.0.3/32

This should normally do what you expected, but i think as stated above
the /24 routing is "disabling" the correct behaviour.

regards, 
tim
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  7:44 ` Tim Weippert
@ 2018-12-17  7:50   ` Jason A. Donenfeld
  2018-12-17  7:54     ` Tim Weippert
  2018-12-17  8:00   ` KeXianbin(http://diyism.com)
  1 sibling, 1 reply; 12+ messages in thread
From: Jason A. Donenfeld @ 2018-12-17  7:50 UTC (permalink / raw)
  To: Tim Weippert; +Cc: WireGuard mailing list

On Mon, Dec 17, 2018 at 8:44 AM Tim Weippert <weiti@weiti.org> wrote:
> This should normally do what you expected, but i think as stated above
> the /24 routing is "disabling" the correct behaviour.

False. The /24 routing won't disable anything having to do with
allowedips. And some people like to route larger masks than their
peers, so that they can support multiple peers with a single route.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  7:39 ` Jason A. Donenfeld
@ 2018-12-17  7:53   ` KeXianbin(http://diyism.com)
  2018-12-17  8:10     ` KeXianbin(http://diyism.com)
  0 siblings, 1 reply; 12+ messages in thread
From: KeXianbin(http://diyism.com) @ 2018-12-17  7:53 UTC (permalink / raw)
  To: Jason; +Cc: WireGuard mailing list

On my machine(10.1.0.1), does the option "AllowedIPs = 10.1.0.3/32" in
wg1.conf take effects in both input and ouput directions?
It seems that "AllowedIPs = 10.1.0.3/32" only added ip route rule
"10.1.0.3 dev wg1  scope link" on my side,
can it prevent the peer to send packets to my 10.1.0.1:80 from 10.1.0.4?
On Mon, Dec 17, 2018 at 3:40 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On Mon, Dec 17, 2018 at 2:42 AM KeXianbin(http://diyism.com)
> <kexianbin@diyism.com> wrote:
> > AllowedIPs = 10.1.0.3/32
> > [...]
> > If I want to limit the peer to a fixed IP 10.1.0.3, any wg1.conf
> > OPTION to config it?
> >
> > Currently,  the peer can set any IP, for example 10.1.0.4, and can
> > send packets to my http://10.1.0.1:80 from 10.1.0.4.
>
> Setting that peer's allowedips to 10.1.0.3/32 should accomplish
> exactly what you want; that peer is _only_ allowed to send packets as
> that IP. If the peer attempts to send packets as 10.1.0.4, WireGuard
> should reject those packets. If it doesn't, that sounds like a major
> bug.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  7:50   ` Jason A. Donenfeld
@ 2018-12-17  7:54     ` Tim Weippert
  0 siblings, 0 replies; 12+ messages in thread
From: Tim Weippert @ 2018-12-17  7:54 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

Hi, 

On Mon, Dec 17, 2018 at 08:50:28AM +0100, Jason A. Donenfeld wrote:
> On Mon, Dec 17, 2018 at 8:44 AM Tim Weippert <weiti@weiti.org> wrote:
> > This should normally do what you expected, but i think as stated above
> > the /24 routing is "disabling" the correct behaviour.
> 
> False. The /24 routing won't disable anything having to do with
> allowedips. And some people like to route larger masks than their
> peers, so that they can support multiple peers with a single route.

Oh, right. Therefore i woul prefer to add 10.x.x.1/24 on the WG Interface and not 
add a special routing, but i get it wrong. Thanks for correct me!

regards, 
tim
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  7:44 ` Tim Weippert
  2018-12-17  7:50   ` Jason A. Donenfeld
@ 2018-12-17  8:00   ` KeXianbin(http://diyism.com)
  1 sibling, 0 replies; 12+ messages in thread
From: KeXianbin(http://diyism.com) @ 2018-12-17  8:00 UTC (permalink / raw)
  To: weiti; +Cc: WireGuard mailing list

>>>> Is there a reason for the /24 routing?
For example,
i want to enable the peers 10.1.0.3 and 10.1.0.4  to connect
10.1.0.1(my machine),
but i want to refuse 10.1.0.3 to pretend to be 10.1.0.4 while the real
10.1.0.4 is offline occasionally

On Mon, Dec 17, 2018 at 3:50 PM Tim Weippert <weiti@weiti.org> wrote:
>
> Hi,
>
> On Mon, Dec 17, 2018 at 09:42:17AM +0800, KeXianbin(http://diyism.com) wrote:
> > For example, my wg1.conf now:
> >
> > [Interface]
> > PrivateKey = uMoD1TRi+tRkEVF/B5VrXQwHMN3xC1eLVXNbLkkkkkk=
> > Address = 10.1.0.1/32
> > ListenPort = 21404
> > MTU=1300
> > PostUp = ip route add 10.1.0.0/24 dev wg1
> > PostDown = ip route del 10.1.0.0/24
>
> Why you add a routing to a /24 if you only want 1:1 links?
> I think with this entry the routing decision isn't made by
> wireguards "AllowedIPs" statement, it is accomplished by normal
> routing lookups and get send through the tunnel.
>
> Is there a reason for the /24 routing?
>
> > [Peer]
> > PublicKey = Zd5jssxd4zj/4d6ZpOtClyD/8V2eGR7jpHM3jpppppp=
> > EndPoint = 162.243.2.2:21403
> > AllowedIPs = 10.1.0.3/32
>
> This should normally do what you expected, but i think as stated above
> the /24 routing is "disabling" the correct behaviour.
>
> regards,
> tim
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  7:53   ` KeXianbin(http://diyism.com)
@ 2018-12-17  8:10     ` KeXianbin(http://diyism.com)
  2018-12-17  8:49       ` KeXianbin(http://diyism.com)
  2018-12-17  8:50       ` Jason A. Donenfeld
  0 siblings, 2 replies; 12+ messages in thread
From: KeXianbin(http://diyism.com) @ 2018-12-17  8:10 UTC (permalink / raw)
  To: Jason; +Cc: WireGuard mailing list

It seems that "AllowedIPs" have nothing to do with refusing unwantted peer's IP.
It only specifes the outgoing target IPs,
For example,  I sometimes set "AllowedIPs=216.58.0.0/18" to enable me
to visit https://www.google.com through the internet of the peer
"10.1.0.3".
On Mon, Dec 17, 2018 at 3:53 PM KeXianbin(http://diyism.com)
<kexianbin@diyism.com> wrote:
>
> On my machine(10.1.0.1), does the option "AllowedIPs = 10.1.0.3/32" in
> wg1.conf take effects in both input and ouput directions?
> It seems that "AllowedIPs = 10.1.0.3/32" only added ip route rule
> "10.1.0.3 dev wg1  scope link" on my side,
> can it prevent the peer to send packets to my 10.1.0.1:80 from 10.1.0.4?
> On Mon, Dec 17, 2018 at 3:40 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> >
> > On Mon, Dec 17, 2018 at 2:42 AM KeXianbin(http://diyism.com)
> > <kexianbin@diyism.com> wrote:
> > > AllowedIPs = 10.1.0.3/32
> > > [...]
> > > If I want to limit the peer to a fixed IP 10.1.0.3, any wg1.conf
> > > OPTION to config it?
> > >
> > > Currently,  the peer can set any IP, for example 10.1.0.4, and can
> > > send packets to my http://10.1.0.1:80 from 10.1.0.4.
> >
> > Setting that peer's allowedips to 10.1.0.3/32 should accomplish
> > exactly what you want; that peer is _only_ allowed to send packets as
> > that IP. If the peer attempts to send packets as 10.1.0.4, WireGuard
> > should reject those packets. If it doesn't, that sounds like a major
> > bug.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  8:10     ` KeXianbin(http://diyism.com)
@ 2018-12-17  8:49       ` KeXianbin(http://diyism.com)
  2018-12-17  8:54         ` Jason A. Donenfeld
  2018-12-17  8:50       ` Jason A. Donenfeld
  1 sibling, 1 reply; 12+ messages in thread
From: KeXianbin(http://diyism.com) @ 2018-12-17  8:49 UTC (permalink / raw)
  To: Jason; +Cc: WireGuard mailing list

Sorry,

I found the definition in manual:
AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks
from which incoming traffic for this peer is allowed and to which
outgoing traffic for this peer is directed

from: https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html

On Mon, Dec 17, 2018 at 4:10 PM KeXianbin(http://diyism.com)
<kexianbin@diyism.com> wrote:
>
> It seems that "AllowedIPs" have nothing to do with refusing unwantted peer's IP.
> It only specifes the outgoing target IPs,
> For example,  I sometimes set "AllowedIPs=216.58.0.0/18" to enable me
> to visit https://www.google.com through the internet of the peer
> "10.1.0.3".
> On Mon, Dec 17, 2018 at 3:53 PM KeXianbin(http://diyism.com)
> <kexianbin@diyism.com> wrote:
> >
> > On my machine(10.1.0.1), does the option "AllowedIPs = 10.1.0.3/32" in
> > wg1.conf take effects in both input and ouput directions?
> > It seems that "AllowedIPs = 10.1.0.3/32" only added ip route rule
> > "10.1.0.3 dev wg1  scope link" on my side,
> > can it prevent the peer to send packets to my 10.1.0.1:80 from 10.1.0.4?
> > On Mon, Dec 17, 2018 at 3:40 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> > >
> > > On Mon, Dec 17, 2018 at 2:42 AM KeXianbin(http://diyism.com)
> > > <kexianbin@diyism.com> wrote:
> > > > AllowedIPs = 10.1.0.3/32
> > > > [...]
> > > > If I want to limit the peer to a fixed IP 10.1.0.3, any wg1.conf
> > > > OPTION to config it?
> > > >
> > > > Currently,  the peer can set any IP, for example 10.1.0.4, and can
> > > > send packets to my http://10.1.0.1:80 from 10.1.0.4.
> > >
> > > Setting that peer's allowedips to 10.1.0.3/32 should accomplish
> > > exactly what you want; that peer is _only_ allowed to send packets as
> > > that IP. If the peer attempts to send packets as 10.1.0.4, WireGuard
> > > should reject those packets. If it doesn't, that sounds like a major
> > > bug.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  8:10     ` KeXianbin(http://diyism.com)
  2018-12-17  8:49       ` KeXianbin(http://diyism.com)
@ 2018-12-17  8:50       ` Jason A. Donenfeld
  1 sibling, 0 replies; 12+ messages in thread
From: Jason A. Donenfeld @ 2018-12-17  8:50 UTC (permalink / raw)
  To: KeXianbin(http://diyism.com); +Cc: WireGuard mailing list

On Mon, Dec 17, 2018 at 9:10 AM KeXianbin(http://diyism.com)
<kexianbin@diyism.com> wrote:
>
> It seems that "AllowedIPs" have nothing to do with refusing unwantted peer's IP.
> It only specifes the outgoing target IPs,

It should also refuse unwanted, as you wrote. From src/tests/netns.sh,
we have this section:

n1 wg set wg0 peer "$pub2" allowed-ips 192.168.241.0/24
exec 4< <(n1 ncat -l -u -p 1111)
ncat_pid=$!
waitncatudp $netns1
n2 ncat -u 192.168.241.1 1111 <<<"X"
read -r -N 1 -t 1 out <&4 && [[ $out == "X" ]]
kill $ncat_pid
more_specific_key="$(pp wg genkey | pp wg pubkey)"
n1 wg set wg0 peer "$more_specific_key" allowed-ips 192.168.241.2/32
n2 wg set wg0 listen-port 9997
exec 4< <(n1 ncat -l -u -p 1111)
ncat_pid=$!
waitncatudp $netns1
n2 ncat -u 192.168.241.1 1111 <<<"X"
! read -r -N 1 -t 1 out <&4 || false
kill $ncat_pid
n1 wg set wg0 peer "$more_specific_key" remove
[[ $(n1 wg show wg0 endpoints) == "$pub2        [::1]:9997" ]]

Would you propose a more specific test to reach the case you're experiencing?

I also tried to reproduce your situation manually between two real
computers without success:

cannonball ~ # ip link add wg0 type wireguard
cannonball ~ # wg set wg0 private-key <(wg genkey)

thinkpad ~ # ip link add wg0 type wireguard
thinkpad ~ # wg set wg0 private-key <(wg genkey) listen-port 51820
peer fFLm5F2YxzkH0IB1p+r6NUwNqKw3sp09NtVdoWO1lHA= allowed-ips
10.1.0.3/32

cannonball ~ # wg set wg0 peer
YKuR7SRtK4YsF//lqFNp4dSOYdAa6VTNvKFulgC0Vy4= allowed-ips 0.0.0.0/0
endpoint 10.10.13.100:51820

thinkpad ~ # ip address add 10.1.0.1/24 dev wg0
thinkpad ~ # ip link set up dev wg0

cannonball ~ # ip address add 10.1.0.3/24 dev wg0
cannonball ~ # ip link set up dev wg0

cannonball ~ # ping -q -c 1 10.1.0.1
PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.

--- 10.1.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.492/3.492/3.492/0.000 ms

cannonball ~ # ip address flush dev wg0
cannonball ~ # ip address add 10.1.0.4/24 dev wg0
cannonball ~ # ping -q -c 1 10.1.0.1
PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.

--- 10.1.0.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

thinkpad ~ # dmesg | grep unallowed
[17084.651723] wireguard: wg0: Packet has unallowed src IP (10.1.0.4)
from peer 1 (10.10.13.108:47686)

Therefore, I'm seeing the expected behavior. Can you show a similar
sequence that demonstrates the bug you're reporting?

Thanks,
Jason
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  8:49       ` KeXianbin(http://diyism.com)
@ 2018-12-17  8:54         ` Jason A. Donenfeld
  2018-12-17  9:02           ` KeXianbin(http://diyism.com)
  0 siblings, 1 reply; 12+ messages in thread
From: Jason A. Donenfeld @ 2018-12-17  8:54 UTC (permalink / raw)
  To: KeXianbin(http://diyism.com); +Cc: WireGuard mailing list

On Mon, Dec 17, 2018 at 9:49 AM KeXianbin(http://diyism.com)
<kexianbin@diyism.com> wrote:
> I found the definition in manual:
> AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks
> from which incoming traffic for this peer is allowed and to which
> outgoing traffic for this peer is directed
>
> from: https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html

Yes, that is indeed what the man page says and it is the expected
behavior. You've reported here, however, "Currently,  the peer can set
any IP, for example 10.1.0.4, and can send packets to my
http://10.1.0.1:80 from 10.1.0.4," which sounds bad and like something
worth taking seriously, if I'm interpreting that correctly. Would you
take the time to create a reproducer similar to what I posted in my
last email?

Thanks,
Jason
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
  2018-12-17  8:54         ` Jason A. Donenfeld
@ 2018-12-17  9:02           ` KeXianbin(http://diyism.com)
  0 siblings, 0 replies; 12+ messages in thread
From: KeXianbin(http://diyism.com) @ 2018-12-17  9:02 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

It's my fault, sorry.
I didn't use the AllowedIPs option, i'm using "ip route add" in my script.

On Mon, Dec 17, 2018 at 4:54 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On Mon, Dec 17, 2018 at 9:49 AM KeXianbin(http://diyism.com)
> <kexianbin@diyism.com> wrote:
> > I found the definition in manual:
> > AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks
> > from which incoming traffic for this peer is allowed and to which
> > outgoing traffic for this peer is directed
> >
> > from: https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html
>
> Yes, that is indeed what the man page says and it is the expected
> behavior. You've reported here, however, "Currently,  the peer can set
> any IP, for example 10.1.0.4, and can send packets to my
> http://10.1.0.1:80 from 10.1.0.4," which sounds bad and like something
> worth taking seriously, if I'm interpreting that correctly. Would you
> take the time to create a reproducer similar to what I posted in my
> last email?
>
> Thanks,
> Jason
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, back to index

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-17  1:42 [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1? KeXianbin(http://diyism.com)
2018-12-17  7:39 ` Jason A. Donenfeld
2018-12-17  7:53   ` KeXianbin(http://diyism.com)
2018-12-17  8:10     ` KeXianbin(http://diyism.com)
2018-12-17  8:49       ` KeXianbin(http://diyism.com)
2018-12-17  8:54         ` Jason A. Donenfeld
2018-12-17  9:02           ` KeXianbin(http://diyism.com)
2018-12-17  8:50       ` Jason A. Donenfeld
2018-12-17  7:44 ` Tim Weippert
2018-12-17  7:50   ` Jason A. Donenfeld
2018-12-17  7:54     ` Tim Weippert
2018-12-17  8:00   ` KeXianbin(http://diyism.com)

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox