[prev in list] [next in list] [prev in thread] [next in thread]
List: wireguard
Subject: Re: RX Errors from Android Peer
From: Eddie <stunnel () attglobal ! net>
Date: 2018-04-26 16:09:00
Message-ID: 4735eaed-f708-b154-dc7d-d3376f34338f () attglobal ! net
[Download RAW message or body]
Jason,
Gottcha. Thank you for the explanation.
Cheers.
On 4/26/2018 6:04 AM, Jason A. Donenfeld wrote:
> Hello Eddie,
>
> Precisely what's happening here is that your device has various TCP
> connections that are open _before_ you turn on the VPN. Then you turn
> on the VPN, and now those prior TCP sessions try to continue over the
> VPN, using the old source IP address. It takes a few seconds for
> everything to time out, and for those TCP connections to be
> reestablished with the right new tunnel source IP. In the meantime,
> the WireGuard server gets packets using the old source IP, which of
> course isn't correlated with that peer's allowed IPs, and so it
> complains and rejects those packets. If it allowed them, that'd be a
> security problem.
>
> So, nothing to worry about.
>
> Jason
>
>
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic