> On Sun, Jun 05, 2022 at 10:51:49AM -0000, Stuart Henderson wrote:
>> You will probably be happier with wg(4) though, for this scenario
>> with a static IP at one side you don't need to do anything special
>> to maintain the tunnel, it "just works".and automatically follows
>> changes of client IP.
>
> Except possibly set up some kind of slow ping or other keep-alive
> mechanism.
>
> Since wireguard is stateless, if the dynamic IP is behind some kind
> of NAT, the ISP might break inbound connectivity if there is no
> outbound traffic for a certain period, (typically 2 minutes or so).
>
> This only matters if you expect to receive inbound connections
> without making an outbound connection first, (for example, inbound
> SMTP), because any outbound traffic should bring up the link anyway.
>
> IPSEC is another possible alternative.
>
IPSEC and wg have more overhead than a gif tunnel and encryption is not
necessary at that point.
But i will try some dev-environemnt, thanks.
No comments:
Post a Comment