Comment

Comment on Where are you running your wireguard endpoint?

just_another_person@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

Why would you run a WG Client and WG Server on the same host? Am I reading that second mark wrong?

source

Sort:hotnew top

dan@upvote.au ⁨2⁩ ⁨weeks⁩ ago
There’s no such thing as a client or server with Wireguard. All systems with Wireguard installed are “nodes”.

source
- just_another_person@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
  Uhhh, nooooo. Why are all these new kids all in these threads saying this crazy uninformed stuff lately? 🤣
  
  www.wireguard.com/protocol/ docs.redhat.com/en/…/setting-up-a-wireguard-vpn
  
  And, in fact, for those of us that have been doing this a long time, anything with a control point or protocol always refers to said control point as the server in a PTP connection sense.
  
  source
  - dan@upvote.au ⁨2⁩ ⁨weeks⁩ ago
    Both of those documents agree with me? RedHat are using the terms “client” and “server” to make it easier for people to understand, but they explicitly say that all hosts are “peers”.
    
    Note that all hosts that participate in a WireGuard VPN are peers. This documentation uses the terms client to describe hosts that establish a connection and server to describe the host with the fixed hostname or IP address that the clients connect to and, optionally, route all traffic through this server.
    
    source
    just_another_person@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
    They do no such thing.
    
    The first link explains the protocol.
    
    The second explains WHY one would refer to client and server with regards to Wireguard.
    
    My point ties both together to explain why people would use client and server with regards to the protocol itself, and a common configuration where this would be the necessary for clarification. Ties both of them together, and makes my point from my original comment, which also refers to OP’s comment.
    
    I’m not digging you, just illustrating a correction so you’re not running around misinformed.
    
    source
aBundleOfFerrets@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago
You are, second point means running WG on say, a proxmox root, and using it to acess the containers.

source
- just_another_person@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
  Uhhhh…that is…not how you do that. Especially if you’re describing routing out from a container to an edge device and back into your host machine instead of using bridged network or another virtual router on the host.
  
  Like if you absolutely had to have a segmented network between hosts a la datacenter/cloud, you’d still create a virtual fabric or SDLAN/WAN to connect them, and that’s like going WAY out of your way.
  
  Wireguard for this purpose makes even less sense.
  
  source