Usage without wgsd-client for e.g. iOS / Android

[stackcoder]

I was wondering, if this could even work with vanilla WireGuard clients only. At least for iOS there is no way to get wgsd-client without building an own app.

So why not using fixed udp source ports, and DNS records with short TTL?

For example Alice's config could look like:

[Interface]
Address = 10.0.0.1/32
PrivateKey = 0CtieMOYKa2RduPbJss/Um9BiQPSjgvHW+B7Mor5OnE=
ListenPort = 51820
DNS = 10.0.0.254

# Registry
[Peer]
PublicKey = JeZlz14G8tg1Bqh6apteFCwVhNhpexJ19FDPfuxQtUY=
Endpoint = 4.4.4.4:51820
PersistentKeepalive = 5
AllowedIPs = 10.0.0.254/32

# Bob
[Peer]
PublicKey = syKB97XhGnvC+kynh2KqQJPXoOoOpx/HmpMRTc+r4js=
Endpoint = YUTRLED535IGKL7BDLERL6M4VJXSXM3UQQPL4NMSN27MT56AD4HA====._wireguard._udp.<zone>:51820
PersistentKeepalive = 5
AllowedIPs = 10.0.0.2/32

I'm completely fine with doing any possible quirk on the registry, also further config on "Server-Peers" is possible. Even relaying or WG over WG would be okish. But not touching the mobile clients. Also I'm aware that we're building poor man's tailscale / headscale here.

[cirias]

You won't need this tool if you can have a fixed port on the NAT server. Just set up a dynamic DNS record for your Bob.

[stackcoder]

Sure, but dynamic DNS is publicly available and requires additional config on the peers. This approach allows keeping all data on the registry itself.