diff options
| author | Julien Dessaux | 2023-02-24 06:06:46 +0100 |
|---|---|---|
| committer | Julien Dessaux | 2023-02-24 06:06:46 +0100 |
| commit | 947c820f18b78ab41de9e772e00e19741d13a149 (patch) | |
| tree | c3f0bfdf4565d32ddc92455a2e494cb77c43c3df | |
| parent | Added wireguard routing part two blog article (diff) | |
| download | www-947c820f18b78ab41de9e772e00e19741d13a149.tar.gz www-947c820f18b78ab41de9e772e00e19741d13a149.tar.bz2 www-947c820f18b78ab41de9e772e00e19741d13a149.zip | |
Typos
| -rw-r--r-- | content/blog/miscellaneous/wireguard-routing-2.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/content/blog/miscellaneous/wireguard-routing-2.md b/content/blog/miscellaneous/wireguard-routing-2.md index e5af9b5..ff8aba1 100644 --- a/content/blog/miscellaneous/wireguard-routing-2.md +++ b/content/blog/miscellaneous/wireguard-routing-2.md @@ -9,7 +9,7 @@ tage: ## Introduction -Now that we learned how routing depends on the allowed IPs in the configuration of an host is what populate its routing table and the consequences of it, let's look at a more complex setup with two hosts on a home network and three servers somewhere in the cloud. The servers will all be connected together in a full mesh, but only one of the cloud server will behave like a hub and centralise the home clients' connections. +Now that we learned how routing depends on the allowed IPs in the configuration of an host is what populate its routing table and the consequences of it, let's look at a more complex setup with two hosts on a home network and three servers somewhere in the cloud. The servers will all be connected together in a full mesh, but only one of the cloud server will behave like a hub and centralize the home clients' connections. ## Schematic @@ -47,7 +47,7 @@ AllowedIPs = 10.1.2.0/24 PersistentKeepalive = 60 ``` -The first important thing to note is that I did not use the same ListenPort for my two hosts. This is because cheap routing firewall at home often do not nat outgoing udp traffic well with long live sessions and I had issues in the past because of this. You can use the same port for both your hosts, but being cautious with udp outgoing traffic is a habbit on I took on years ago. +The first important thing to note is that I did not use the same ListenPort for my two hosts. This is because cheap routing firewall at home often do not nat outgoing udp traffic well with long live sessions and I had issues in the past because of this. You can use the same port for both your hosts, but being cautious with udp outgoing traffic is a habit on I took on years ago. Also I am using an AllowedIPs with a `/24` netmask in order to be able to reach every host in the network. If I wanted for the clients to only be able to reach the servers, I could have either listed all `/32` IPs or used another netmask like `10.1.2.0/29` (`sipcalc` is your friend). Another option would be to use different addressing schemes entirely. |