Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to support TCP tunnel #41

Open
bryopsida opened this issue Jan 29, 2024 · 1 comment
Open

Add option to support TCP tunnel #41

bryopsida opened this issue Jan 29, 2024 · 1 comment

Comments

@bryopsida
Copy link
Owner

bryopsida commented Jan 29, 2024
edited
Loading

It would be nice to have an optional flag that enabled support for a TCP ingress. This could be relayed over something like a cloud flare tunnel (which does not support UDP) to prevent needing to open a whole in a firewall at the perimeter of where the wireguard pod is running.

This may require running the tunnel at the peer site as well as the WG client does not support TCP directly IIRC.
@bryopsida
Copy link
Owner Author

The stateless nature of UDP does not always lend itself to desirable behavior at the LB level, each cloud provider's LB implementation for UDP can vary and it may not consistently route a client's traffic to the same WG server pod.

The WG documentation suggests usage of either these

to support TCP tunnels, (but there may be better options)

While this would be relatively trivial to add to the server side, it would require additional binary installs on client side and documentation on how to set up the tunnel with pre and post hooks.

May relate to: #60

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bryopsida