On Sat, Jan 7, 2017 at 5:45 PM, em12345 <[email protected]> wrote: > This would require PersistentKeepalive on "server" side. But assuming > the common case that the client sits behind a stateful firewall, how > would the server be able to inform the client about its IP change?
Yes, the server would need the PersistentKeepalive; you're right. > - the server (from its new IP) can send UDP packages to the still > remembered client IP (because of PersistentKeepalive). But my > understanding is that stateful firewalls will block UDP packages from > the new IP until the client has send an UDP to the new server IP. No, usually not. In most cases, the NAT mapping depends on the client's local IP and sport/dport, but not on the remote dst IP. Otherwise common NAT holepunching schemes like STUN and the example holepuncher [1] wouldn't work. The new UDP packets will make it to the client, in fact. [1] https://git.zx2c4.com/WireGuard/tree/contrib/examples/nat-hole-punching/README _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
