> On Oct 29, 2020, at 6:09 PM, Pierre Emeriaud <petrus.lt+openbsd@gmail.com> wrote:
>
> Le jeu. 29 oct. 2020 à 21:03, Stuart Henderson <stu@spacehopper.org> a écrit :
>> Which DNS server do you have bound on 53?
>
> unwind
>
>
>>> Is there a reason why wg needs such a large bind?
>> Unless/until it gets an option to bind to a specific IP that's all it
>> can sanely do. It would definitely be useful IMO.
>
> This is maybe where it starts to make sense. By binding INADDR_ANY,
> this allows wg to accept incoming packets whichever interface they
> came from. Maybe to mimic what is done with other tunnels/protocols
> operating at L3, while still operating at L4.
You can achieve success using pf + routing domains. It'll work just takes extra effort. I agree a bind IP parameter would be nice, but not a necessity to function.
Where one function in the kernel isn't a jack of all trades (wg) or perfect, another feature can help to achieve the goal (pf + rdomains, the network stack design used by OpenBSD for virtualizing the address and port space).
No comments:
Post a Comment