On Thu, 18 Dec 2025 19:07:45 +0100 Martin Husemann <[email protected]> wrote:
> On Thu, Dec 18, 2025 at 05:59:14PM +0000, Sad Clouds wrote: > > Are there any use cases for this option on the server side? > > Not sure if that is what is meant here, but the wg(4) server might > be behind a NAT and proper port forwarding on the outer firewall is > configured, so the wg(4) server has no clue what it's public > address is. > > Martin I think the man page is written in a confusing manner. If I'm not mistaken, a VPN client should always specify peer endpoint, either VPN server or NAT firewall IP address. A VPN server can optionally specify peer endpoint, but I think this will prevent dynamic IP autolearning and will probably always use the specified client endpoint IP. NetBSD seems to lack /etc/rc.d scripts to configure wg interfaces and their peers during system boot. I'll be fixing this shortly for my own use cases, is there any interest for someone to import this functionality into NetBSD?
