Project

General

Profile

Actions

Feature #11604

open

WireGuard Dynamic Listen Port Randomization

Added by Christian McDonald over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
Start date:
03/02/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

In CGNAT situations, like failing over to an LTE WAN for instance, it can be problematic to have the listen address on a dynamic endpoint fixed (say at 51820). The Linux implementation incorporates listen port randomization on dynamic peers. Ideally something like this logic: Dynamic client randomly chooses listen port and reaches out to a fixed ip/port peer (call this the "server"). If the dynamic client doesn't receive return packets in a certain amount of time (the persistent keep alive value would be appropriate for this), then the dynamic client will choose another random port and try again. This ensures a best effort to finding an available UDP path.

Actions

Also available in: Atom PDF