Hi, I have a weird behavior where a peer IP has been changed (old IP not even reachable anymore) and the VPN tunnel is still up and traffic is passing as normal.
If I disable the tunnel, the traffic stops immediately while re-enabling (on the old IP) it starts working again. I even restarted the peer Mikrotik to be sure it’s not something related to Fasttrack keeping up related or established connections.
I don’t want to share my config at this point but please if anyone has any thoughts about how this is even possible let me know! Thanks
OK so 1 theory I have is that this is how WireGuard is designed to work.
Since both are added as Peers, maybe the side initiating the connection is the one that the Peer IP has changed. This means that this is still calling the same endpoint and using the same public key.
I can confirm my theory as I just torched the WAN interface on the Mikrotik who’s Public IP did not change and I could see that the remote IP being used to establish the VPN is the current actual one and not the one configured on as peer.
Also this probably works since I make use of address-lists and the temp IP that has changed was added by myself before I did any changes.
Yup, thats how its supposed to work.
Imagine if you are in town on your cellphone connected in the tunnel and you walk into the coffee shop and use your wifi. The VPN connection is still to the same endpoint and the phone will attempt to maintain connectivity and will its assigned wireguard IP address… The source IP really doesn’t matter ( aka cellular network, wifi IP provided by establishment and thus its WANIP )