They can be passed around for use in configuration files by any out-of-band method, similar to how one might send their SSH public key to a friend for access to a shell server.įor example, a server computer might have this configuration: Public keys are short and simple, and are used by peers to authenticate each other. Each network interface has a private key and a list of peers. Cryptokey RoutingĪt the heart of WireGuard is a concept called Cryptokey Routing, which works by associating public keys with a list of tunnel IP addresses that are allowed inside the tunnel. If not, drop it.īehind the scenes there is much happening to provide proper privacy, authenticity, and perfect forward secrecy, using state-of-the-art cryptography. If so, accept the packet on the interface.Is peer LMNOPQRS allowed to be sending us packets as 192.168.43.89? Once decrypted, the plain-text packet is from 192.168.43.89.Okay, let's remember that peer LMNOPQRS's most recent Internet endpoint is 98.139.183.24:7361 using UDP. It decrypted and authenticated properly for peer LMNOPQRS.I just got a packet from UDP port 7361 on host 98.139.183.24.When the interface receives a packet, this happens:
0 Comments
Leave a Reply. |