On Sat, 4 Nov 2017 14:25:28 -0700 Markus Woschank <[email protected]> wrote:
> While searching for arguments I realised that wireguard will allow a > peer to connect with a different IP from the one set in the > configuration. > Not sure if this is the best behaviour (I understand that the peer > needs to know the secret key, anyway not sure). Yes, wg does this. It's a deliberate design decision which is important to supporting roaming peers. This is not a security problem. Since wg uses UDP as a transport protocol, source IPs can be trivially forged by an attacker; therefore checking source IPs wouldn't add any real value. Cheers, Luis Ressel
pgpMAEywRMWDP.pgp
Description: OpenPGP digital signature
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
