|
|
|
|
|
|
by wh33zle
717 days ago
|
|
|
Yes, traffic is routed to the gateway through a WireGuard tunnel. Broadly speaking, what happens is: - Client and gateway perform ICE to agree on a socket pair (this is where hole-punching happens or if that fails, a relay is used) - The socket pair determined by ICE is used to set up a WireGuard tunnel (i.e. a noise handshake using ephemeral keys). - IP traffic is read from the TUN device and sent via the WireGuard tunnel to the gateway. - Gateway decrypts it and emits it as a packet from its TUN device, thereby forwarding it to the actual destination. It is worth noting that a WireGuard tunnel in this case is "just" the Noise Protocol [0] layered on top of UDP. This ensures the traffic is end-to-end encrypted. [0]: https://noiseprotocol.org |
|
|