Hello Jason. I would like to enable allowed-ips 0.0.0.0/0 on all peers, cause I have a scenario with multi-homed hosts where I would like to rely on firewall and routes only instead of additional wireguard acls. Traffic is routed forth and back via different interfaces thus I have to know which interface it's gona come back and allow remote ips on few/all interfaces. Currently wireguard applys catch all 0.0.0.0/0 allowed-ips only on one peer under wg interface which is a no-go in such scenario.
This I think is also needed if one wants to build some dynamic routing on top of wireguard connected nodes, isn't it? Example wg output: interface: wg2 public key: <blank> private key: (hidden) preshared key: (hidden) listening port: 51821 peer: <blank> endpoint: <blank> allowed ips: (none) <------------------------------------------- latest handshake: 34 seconds ago transfer: 1.16 KiB received, 736 B sent peer: <blank> endpoint: <blank> allowed ips: (none) <------------------------------------------- latest handshake: 34 seconds ago transfer: 888 B received, 552 B sent peer: <blank> endpoint: <blank> allowed ips: (none) <------------------------------------------- latest handshake: 34 seconds ago transfer: 1.16 KiB received, 736 B sent peer: <blank> endpoint: <blank> allowed ips: 0.0.0.0/0 <---------------------------------------- latest handshake: 1 day, 18 hours, 41 minutes, 34 seconds ago transfer: 4.30 KiB received, 3.12 KiB sent Greets. Damian
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
