diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-08-23 03:56:42 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-08-24 15:47:31 +0200 |
commit | 62fe72133c8a2f22c65b5b854201e0caa80b3efe (patch) | |
tree | 9dd339686fdee7fbecdaf215e43fcde3af4f7503 /contrib/nat-hole-punching/README | |
parent | tests: use makefile and expand greatly (diff) | |
download | wireguard-tools-62fe72133c8a2f22c65b5b854201e0caa80b3efe.tar.xz wireguard-tools-62fe72133c8a2f22c65b5b854201e0caa80b3efe.zip |
examples: add nat-hole-punching
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'contrib/nat-hole-punching/README')
-rw-r--r-- | contrib/nat-hole-punching/README | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/contrib/nat-hole-punching/README b/contrib/nat-hole-punching/README new file mode 100644 index 0000000..46e6201 --- /dev/null +++ b/contrib/nat-hole-punching/README @@ -0,0 +1,41 @@ +== NAT Hole Punching Example == + +This code should never be used, ever. But, it's a nice demonstration of how +to punch holes and have two NAT'd peers talk to each other. + +Compile with: + $ gcc nat-punch-client.c -o client -lresolv + $ gcc nat-punch-server.c -o server + + +Server is 1.2.3.4 and is on the public internet accepting UDP:49918. +Client A is NAT'd and doesnt't know its IP address. +Client B is NAT'd and doesnt't know its IP address. + + +Server runs: + $ ./server + +Client A runs: + # ip link add wg0 type wireguard + # ip addr add 10.200.200.1 peer 10.200.200.2 dev wg0 + # wg set wg0 private-key ... peer ... allowed-ips 10.200.200.2/32 + # ./client 1.2.3.4 wg0 + # ping 10.200.200.2 + +Client B runs: + # ip link add wg0 type wireguard + # ip addr add 10.200.200.2 peer 10.200.200.1 dev wg0 + # wg set wg0 private-key ... peer ... allowed-ips 10.200.200.1/32 + # ./client 1.2.3.4 wg0 + # ping 10.200.200.1 + +And voila! Client A and Client B can speak from behind NAT. + + + +----- +Keep in mind that this is proof-of-concept example code. It is not code that +should be used in production, ever. It is woefully insecure, and is unsuitable +for any real usage. With that said, this is useful as a learning example of +how NAT hole punching might work within a more developed solution. |