diff options
| author | David Lönnhager <david.l@mullvad.net> | 2021-05-18 14:48:58 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2021-06-07 11:32:22 +0200 |
| commit | 4bb6725c3898aee743b8f686ae170d783cd7a6f5 (patch) | |
| tree | 8286b3c7fd6cb264af34568967b5b874df816ee3 /docs | |
| parent | a4ff7781c11457af3f37182347698c9b3eb1a776 (diff) | |
| download | mullvadvpn-4bb6725c3898aee743b8f686ae170d783cd7a6f5.tar.xz mullvadvpn-4bb6725c3898aee743b8f686ae170d783cd7a6f5.zip | |
Update security document
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/security.md | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/docs/security.md b/docs/security.md index 2fd46e26d8..c34a7d73a0 100644 --- a/docs/security.md +++ b/docs/security.md @@ -148,11 +148,8 @@ Examples: 1. Connecting to `a.b.c.d` port `1234` using WireGuard: Allow `a.b.c.d:1234/UDP` for `mullvad-daemon.exe` or any process running as `root`. -If connecting via WireGuard, this state allows ICMP packets to and from the in-tunnel IPs -(both v4 and v6) of the relay server the app is currently connecting to. That means the private -network IPs where the relay will respond inside the tunnel. It allows this on all interfaces, -since with the current architecture we don't know which network interface is the tunnel interface -at this point. +When using WireGuard, traffic inside the tunnel is permitted immediately after the tunnel device +has been created. See the [connected] state for details on this. ### Connected |