On 2025-08-02, David Gwynne <[email protected]> wrote: > On Fri, Aug 01, 2025 at 10:15:24AM +0300, Barbaros Bilek wrote: > >> This led me to wonder: >> Would it be possible to extend the WireGuard implementation to support an >> explicit bind option for the local address. Something like: >> ifconfig wg1 wglistenip A.B.C.D > > i've thought about implementing that anwyay, but it's not strictly > necessary because wg will listen to a port on all ips, so it's already > going to be listening to A.B.C.D. it would be more useful for locking > down which IP the wireguard traffic comes from.
I've run into that as a problem running wg(4) on multihomed hosts btw. (Might be fixable with route sourceaddr, but the wide-ranging activity of that scares me a bit).
