On Sat, Mar 14, 2020 at 06:08:35PM +0100, Matthias Urlichs wrote: > Ideally some background process forked by `wg` or `wg-quick` should set > the first address, monitor the peer, and use the next one if it hasn't > been established after some configurable number of seconds (or when the > keepalive fails). Bonus points for re-resolving the address when it expires.
Yes, trying the ips in order until a tunnel can be established is certainly a good idea, and in fact what the relevant standards recommend, but so far noone has bothered to implement it. Running a daemon that periodically re-resolves the host and sets the endpoint to its current ip, on the other hand, would interfere with wireguard's transparent roaming support, so wg(8) isn't ever going to do that. Of course, you can easily do this yourself if it makes sense for your setup. Cheers, Luis