Hi,
> From my point of view, the only thing which makes me uncomfortable about
> wireguard is the lack of any second authentication factor. Your private
> key is embedded in a plaintext file in your device (e.g. laptop), not
> even protected with a passphrase.
Most VPN authentications are just au
Hi,
how about setting the peers endpoint to any local IP (127.0.99.1)?
I'm setting the peers endpoint initially to 127.0.1.1, and only later I
resolve the hostname of the endpoint and update to that IP.
Because in my case I need more control of the resolving process, than
standard "wg" supplies.
Hi,
in my case the reason is not exactly being able to remove the endpoint,
but rather being able to setup a peer without endpoint, so that only the
endpoint needs to be setup later.
Scenario:
All keys for interface and peer are configured via "wg" standard config
file, so that the interface can
son A. Donenfeld wrote:
> On Mon, Dec 30, 2019 at 11:13 AM em12345 wrote:
>>
>> Hi,
>>
>> in my case the reason is not exactly being able to remove the endpoint,
>> but rather being able to setup a peer without endpoint, so that only the
>> endpoint needs to be
Hi,
I'm wondering how to setup a WG client when having multiple DynDNS names
for a single WG server using dynamic IP. Using multiple DynDNS services
for the same host is a common pattern to work around unreliable DynDNS
services.
As far as I see, only a single endpoint can be given in the configur
Hi Jason,
I'm not sure that I'm understanding the roaming feature in WireGuard.
>From your response it sounds like once a connection is established, then
the server can inform the client about a server IP change.
This would require PersistentKeepalive on "server" side. But assuming
the common ca
Hi Baptiste,
after seeing
https://wiki.asterisk.org/wiki/display/TOP/NAT+Traversal+Testing
I realized that the connection tracking with its state calculation and
the SNAT port mapping are two different things which don't have to
follow the same rules related to src/dst IP and ports.
This co