[prev in list] [next in list] [prev in thread] [next in thread]
List: wireguard
Subject: Re: [Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?
From: "KeXianbin(http://diyism.com)" <kexianbin () diyism ! com>
Date: 2018-12-17 9:02:46
Message-ID: CAKVinOV6A3-YsWh+f+rrvO7U2js9tscCwTs2Z=dOREjXGXGsxA () mail ! gmail ! com
[Download RAW message or body]
It's my fault, sorry.
I didn't use the AllowedIPs option, i'm using "ip route add" in my script.
On Mon, Dec 17, 2018 at 4:54 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On Mon, Dec 17, 2018 at 9:49 AM KeXianbin(http://diyism.com)
> <kexianbin@diyism.com> wrote:
> > I found the definition in manual:
> > AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks
> > from which incoming traffic for this peer is allowed and to which
> > outgoing traffic for this peer is directed
> >
> > from: https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html
>
> Yes, that is indeed what the man page says and it is the expected
> behavior. You've reported here, however, "Currently, the peer can set
> any IP, for example 10.1.0.4, and can send packets to my
> http://10.1.0.1:80 from 10.1.0.4," which sounds bad and like something
> worth taking seriously, if I'm interpreting that correctly. Would you
> take the time to create a reproducer similar to what I posted in my
> last email?
>
> Thanks,
> Jason
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic