On Mon, Dec 17, 2018 at 2:42 AM KeXianbin(http://diyism.com) <kexian...@diyism.com> wrote: > AllowedIPs = 10.1.0.3/32 > [...] > If I want to limit the peer to a fixed IP 10.1.0.3, any wg1.conf > OPTION to config it? > > Currently, the peer can set any IP, for example 10.1.0.4, and can > send packets to my http://10.1.0.1:80 from 10.1.0.4.
Setting that peer's allowedips to 10.1.0.3/32 should accomplish exactly what you want; that peer is _only_ allowed to send packets as that IP. If the peer attempts to send packets as 10.1.0.4, WireGuard should reject those packets. If it doesn't, that sounds like a major bug. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard