[wireguard-devel] About ip management
Hello, I hope not to have misunderstood ip management with wireguard, in a "server mode operation" , as many peers -> one peer ( server ) , private ip configuration must be coherent. In fact, as server / client example in contrib, server must delivery ip to clients, there's no way for client to know good private_ip . We cannot use dhcp, layer 3 , so ... we need to implement a pool ip manager , is it correct ? Regards, Nicolas Prochazka. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-devel] About ip management
Hi Nicolas, > On 17 Feb 2017, at 15:03, nicolas prochazka > wrote: > I hope not to have misunderstood ip management with wireguard, > in a "server mode operation" , as many peers -> one peer ( server ) , > private ip configuration must be coherent. There is no need for private (assuming you mean RFC1918) addresses, but of course it works with private IPs as well as with public IP addresses. > In fact, as server / client example in contrib, server must delivery ip to > clients, there's no way for client to know good private_ip . Unless it is configured statically, which is what I suggest doing. There is plenty of IP space to use. Think of ULA or subprefixes of you GU(s). A single /64 should be sufficient to address all your clients uniquely per "server wg interface". The situation for legacy IP is also not that bad. RFC1918 space is huge, and there is also RFC6598 to pick from. Why don't just roll out IP configurations the same way you roll out WireGuard configuration? It's just a line more in the config when you use wg-quick. > We cannot use dhcp, layer 3 , so ... That's true for legacy IP. It does not hold true for state-of-the-art IP. > we need to implement a pool ip manager , is it correct ? I do not really know what you are referring to when you write "pool ip manager", but if you want to distribute IP configuration data inside the wg tunnel, you would need to configure static addresses to bootstrap that from. This might change in the future, as Jason said to be working in OOB features. IP management would then take place in user space mostly/entirely. Hope that helps! Cheers, Dan ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-devel] About ip management
Thanks These are good ideas to explore Regards, Nicolas 2017-02-20 13:48 GMT+01:00 Dan Lüdtke : > Hi Nicolas, > > > > On 17 Feb 2017, at 15:03, nicolas prochazka > wrote: > > I hope not to have misunderstood ip management with wireguard, > > in a "server mode operation" , as many peers -> one peer ( server ) , > > private ip configuration must be coherent. > > There is no need for private (assuming you mean RFC1918) addresses, but of > course it works with private IPs as well as with public IP addresses. > > > > In fact, as server / client example in contrib, server must delivery ip > to clients, there's no way for client to know good private_ip . > > Unless it is configured statically, which is what I suggest doing. There > is plenty of IP space to use. Think of ULA or subprefixes of you GU(s). A > single /64 should be sufficient to address all your clients uniquely per > "server wg interface". The situation for legacy IP is also not that bad. > RFC1918 space is huge, and there is also RFC6598 to pick from. Why don't > just roll out IP configurations the same way you roll out WireGuard > configuration? It's just a line more in the config when you use wg-quick. > > > > We cannot use dhcp, layer 3 , so ... > > That's true for legacy IP. It does not hold true for state-of-the-art IP. > > > > we need to implement a pool ip manager , is it correct ? > > I do not really know what you are referring to when you write "pool ip > manager", but if you want to distribute IP configuration data inside the wg > tunnel, you would need to configure static addresses to bootstrap that > from. This might change in the future, as Jason said to be working in OOB > features. IP management would then take place in user space mostly/entirely. > > Hope that helps! > > Cheers, > > Dan ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
