On Nov 14, 2017, at 4:30 AM, Kalin KOZHUHAROV <me.ka...@gmail.com> wrote:
> On Tue, Nov 14, 2017 at 10:59 AM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: >> The other approach would be to add an optional exclamation >> mark to the end of an endpoint specification >> (Endpoint=my.server.whatever.zx2c4.com:51820!), that would prevent >> servers from roaming; the client would still roam in the eyes of the >> server, but the server, would no longer roam in the eyes of the >> client. In other words, an option -- gasp, a nob! -- to disable >> roaming on a per-by-peer one-sided basis. As you know, I don't really >> like nobs. And I'd hate to add this, and then for people to use it, >> and then loose some nice aspects of roaming, if it's not really even >> required. >> > I have been wondering along those lines of roaming... > There are certain use cases that require no roaming at all, e.g. a > small set of servers that don't change IP. > Anyway, a somewhat limited "roaming" can be achieved via DNS/hosts, if > one trusts that system. > > While seamless roaming is a feature you use often I guess, my personal > preference is to have it optional and explicitly specified, e.g. I > have a few mobile devices (laptop, tablet), that only talk to 1 (or > few at most) fixed IP (or DNS at least) "servers" (yes I know WG is > P2P) and via those to the rest of the fixed hosts. So in this scenario > (somewhat hard to achieve by {ip,nf}tables), I'd rather spec who is > talking to whom, who can roam, etc. > > As for the syntax, and I hate to suggest that, adding a new option > (breaking compatibility) like "AllowRoaming=yes|1" with default > AllowRoaming=no is what I would like, instead of somewhat vague "!" at > the end. Kalin, I don't care for the somewhat vague "!" notation either ... reads NOT to me. But, I would not break compatibility, I suggest adding a "paranoid option" EndpointFixed ... -- EndpointFixed - Optional, defaults to 0|no, endpoint roaming is enabled by default,. Set EndpointFixed to 1|yes to disable endpoint roaming. Ignored if Endpoint is not defined. -- As a side-benefit, the documentation of this option provides some quick-reference documentation to the operation of WireGuard. Lonnie _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard