Remix.run Logo
Sesse__ 7 hours ago

I use Wireguard rarely enough that the AllowedIPs concept gets me every time. It gets easier when I replace it mentally with “Route=” :-)

zx2c4 6 hours ago | parent [-]

It's like a routing table on the way out and an ACL on the way in. Maybe an easier way to think of it.

Sesse__ 5 hours ago | parent [-]

Sure, but how does this differ from a routing table with RPF (which is default in Linux already)?

zx2c4 5 hours ago | parent [-]

It's associated per-peer, so it assures a cryptographic mapping between src ip and public key.