Wireguard Entry IP change

[go558a83nk 352]

I noticed just now as I used the config generator that wireguard now uses entry IP 3.  Will we need to change all configs or will entry IP 1 still work?  Also, why the change?

Thanks.

[SurprisedItWorks 49]

I asked staff essentially the same question a few days ago in a ticket. They replied that wireguard connections would remain available on Entry-1 IPs for some time - few years? - at least, in order to accomodate old configs and software versions.

But please, everyone, do let them know if this matters to your setup, as it does to mine. I need my OpenVPN and wireguard connections to be to different IPs to avoid routing problems.

[ss11 15]

I am sorry, what is the question here?
I mean, I am using both OpenVPN (desktop) and WireGuard (mobile) -- I always use advanced generator and select manually entry IP and also IP version (v4 or v6).
Why are you concerned if you generate the configs yourself and can select the entry IP version and IP number (1/2/3)? I doubt that will somehow not work in the future, especially if you are using DNS entries from airvpn instead of raw IP addresses.

[go558a83nk 352]

50 minutes ago, SurprisedItWorks said:

I asked staff essentially the same question a few days ago in a ticket. They replied that wireguard connections would remain available on Entry-1 IPs for some time - few years? - at least, in order to accomodate old configs and software versions.

But please, everyone, do let them know if this matters to your setup, as it does to mine. I need my OpenVPN and wireguard connections to be to different IPs to avoid routing problems.

For me it's not necessarily a problem like it is for your policy routing.  I would have liked a small announcement about it from Staff still.  It does force me to use the config generator instead of just resolving a server domain (which defaults to entry IP 1) when I do want to switch the IP of my manual setup.

[SurprisedItWorks 49]

5 hours ago, ss11 said:

I am sorry, what is the question here?
I mean, I am using both OpenVPN (desktop) and WireGuard (mobile) -- I always use advanced generator and select manually entry IP and also IP version (v4 or v6).
Why are you concerned if you generate the configs yourself and can select the entry IP version and IP number (1/2/3)? I doubt that will somehow not work in the future, especially if you are using DNS entries from airvpn instead of raw IP addresses.

An "issue" here at all is nothing for most users to care about. Only a very specific and unusual configuration could produce a conflict. 

That said, the config generator does not allow you to select the entry IP for wireguard. I use a numerical IP there, because on my system in question, at boot time wireguard is up before the DNS system is running.  I could configure that differently, but it would take some effort.  In any case, I don't believe the public DNS system has IPs for Entries 3 and 4 for individual servers. 

OpenVPN configs using tlscrypt can use entry 3 or entry 4. I currently prefer the relative anonymity of entry 3, although that is likely poorly thought out.

Indeed, I did not intend to stir up a fuss here, as even the routing issue (in a router) that I mentioned may amount to very little. It is hypothetical at this point and still needs a proper test. The problem may well be mitigated for me currently by my use of Policy Based Routing.

Key for me is hearing that Entry 1 will remain available to wireguard for some time, implying that I can be lazy and defer closer examination of the whole business.
 

[ss11 15]

I understand. It's very good to have users with unusual setups, so you are more than welcome. I just wanted to understand what is your concern.
Yes, if wireguard interface is up after a reboot before the DNS daemon, and you don't want to use any third party DNS, you must configure numerical IP address as the VPN server entry point.

Somehow I missed the fact that in Advanced config mode fore wireguard you only have the ability to checkbox IP 3 for entry.
You aim to connect to specific servers, or specific country?

[fsy 27]

On 9/27/2023 at 10:23 PM, SurprisedItWorks said:

Key for me is hearing that Entry 1 will remain available to wireguard for some time, implying that I can be lazy and defer closer examination of the whole business.

I bet it will. Can you consider how many broken configuration files and non working apps will be hung out there if WireGuard does not answer on entry-IP 1? Eddie Android 3 always points to entry-IP 1 in WireGuard mode by default and only on the Play Store it has been downloaded more than 50,000 times...