Hi Peter, That's a pretty bombastic and rambling way to put a simple point. I believe you're conflating two different things. Let's break it down:
1. Dynamic IPs. 2. Both peers behind NAT. With regard to dynamic IPs, the solution is to use a dynamic DNS service, and simply use the DNS name as the endpoint. When you set up the device after being disconnected, userspace will do the DNS lookup to determine a current IP. When you're already connected to that IP, WireGuard's roaming capabilities will automatically keep track of IP updates. With regard to NAT, this is where you want your STUN-like solution. However, this does _not_ belong inside of WireGuard. This is where you simply need some basic userspace utility to handle punching holes in NAT/firewall, and then bringing up the WireGuard interface with the discovered address/port. It's not that complicated. In fact, there was already a substantial discussion about this on the list (did you check the archives?), and I wound up writing a simple PoC utility for it: https://git.zx2c4.com/WireGuard/tree/contrib/examples/nat-hole-punching/README It works well, though it of course needs work before it's production-ready. Perhaps you could rewrite it to use your glib-based libnice? Send an email here when you've got a github repo for something like this, as I'm sure a few others on the list might benefit from it too. Jason _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
