Hi, as said, I don't concieve a reasonable way of using the same key. Wireguard routes and needs to identify and know its clients.
That said, I don't see a reason why the clients couldn't have similar private keys. e.g. Server: Private = PrivateKey [Peer1] Pubkey = secret_to_public(notreallysecret..001) AllowedIPs = 172.16.0.1/16 [Peer2] Pubkey = secret_to_public(notreallysecret..002) AllowedIPs = 172.16.0.2/16 I would carefully consider security consequences and possible alternatives before deploying such a scheme. Cheers, ivan On Wed, May 16, 2018 at 08:50:35AM +1200, Eric Light wrote: > Hi Reiner! > > I can't figure out how that would work, considering WG is based around > crypto-key routing. How would it know where to route a given packet? > > Additionally, two sets of AllowedIPs=0.0.0.0/0 would imply two different > default routes. > > I just don't see how that could function, tbh. :) > > E > > -------------------------------------------- > Q: Why is this email five sentences or less? > A: http://five.sentenc.es > > On Wed, 16 May 2018, at 06:36, reiner otto wrote: > > Is it possible somehow, to define multiple (client-)peers to share the > > same keys ? > > (Trading some loss of security for simpler distribution) > > > > I.e. on server: > > [Interface] > > ListenPort = 5000 > > PrivateKey = ABCD ...XYZ > > Address=172.16.0.1 > > > > [Peer] > > PublicKey = 1234...7890 > > AllowedIPs = 172.16.0.0/16 > > > > > > client1: > > [Interface] > > PrivateKey = top...secret > > ListenPort = 5000 > > Address = 172.16.0.2 > > [Peer] > > PublicKey = everybodyknows > > AllowedIPs = 0.0.0.0/0 > > Endpoint = 1.2.3.4 > > > > client2: > > [Interface] > > PrivateKey = top...secret > > ListenPort = 5000 > > Address = 172.16.0.3 > > [Peer] > > PublicKey = everybodyknows > > AllowedIPs = 0.0.0.0/0 > > Endpoint = 1.2.3.4 > > .... > > .... > > .... > > _______________________________________________ > > WireGuard mailing list > > [email protected] > > https://lists.zx2c4.com/mailman/listinfo/wireguard > _______________________________________________ > WireGuard mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/wireguard _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
