> Yes - there are flows attempting to reach the initiator-side network routed > via wg(4) on the responder. My *expectation* was after the initiator dropped > off > the mobile network and became unresponsive, a timer of REKEY_ATTEMPT_TIME > expired > after which wg(4) would stop and return an ICMP Destination Unreachable to the > source, until such time the initiator re-established the connection.
One more thing about this part, the way wg is designed, one endpoint can change its ip, and when it sends anything over the tunnel the remote peer will update its idea of your clients ip+port. Then X seconds later, the remote endpoint can change its ip+port and as soon as it sends any packet over the link to your new ip+port, it will reestablish the tunnel again, then you can switch ip later on and so forth, as long as you don't both change ips at the same time. This means that "the initiator" role must not necessarily be controlled by what the config files do or do not say about Endpoint=, but it is more of a "runtime" role that depends on who wants to send a packet to the other peer after the tunnel has gone silent for 120+ seconds. The expectation is definitely that if a peer changes its ip+port, and doesn't send anything to update its remote peer, the remote peer will be sending packets into the void until the tunnel can be re-established correctly again. -- May the most significant bit of your life be positive.
