Hi Damian, At the moment, you can't give multiple peers the same allowed-ips. There has been some interesting discussion about doing this to support broadcast messages -- zing a single message out to several peers having the same matching allowed-ips entry -- but this is different than the use case you speak of.
I'm not sure I totally understood what you meant in your description of your multihomed setup. Could you describe in a bit more detail? The guarantee of WireGuard is that it gives you a strong binding between a particular IP address (or several IP addresses) and a particular public key. Wikipedia has a nice diagram for this -- https://en.wikipedia.org/wiki/Surjective_function#/media/File:Surjection.svg -- with IP addresses being the Xs on the left and public keys being the Ys on the right. (I should probably make a similar diagram on the documentation to describe this concept better.) If you're trying to setup a network such that this binding is problematic, then in all likelihood, your design has authenticity/spoofing problems. So maybe you can describe more generally what you're going for, and then we can try to see how WireGuard fits into this? It's always interesting to hear about different network setups, anyhow. Jason _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
