On Sun, Jun 05, 2022 at 10:51:49AM -0000, Stuart Henderson wrote: > You will probably be happier with wg(4) though, for this scenario > with a static IP at one side you don't need to do anything special > to maintain the tunnel, it "just works".and automatically follows > changes of client IP.
Except possibly set up some kind of slow ping or other keep-alive mechanism. Since wireguard is stateless, if the dynamic IP is behind some kind of NAT, the ISP might break inbound connectivity if there is no outbound traffic for a certain period, (typically 2 minutes or so). This only matters if you expect to receive inbound connections without making an outbound connection first, (for example, inbound SMTP), because any outbound traffic should bring up the link anyway. IPSEC is another possible alternative.
