On 12/27/18 10:27, Rene 'Renne' Bartsch, B.Sc. Informatics wrote: > how does Wireguard behave with multiple peers with Allowed-IPs 0.0.0.0/0 or > ::0/0?
That's not allowed. To quote the WireGuard homepage: "when sending packets, the list of allowed IPs behaves as a sort of routing table, and when receiving packets, the list of allowed IPs behaves as a sort of access control list." If two peers had the same network "0.0.0.0/0" in AllowedIPs, how would you choose which peer to send packets to? You can't, so WireGuard prohibits duplicating AllowedIPs networks across peers. If you add "0.0.0.0/0" to the AllowedIPs of one peer, it is removed from the AllowedIPs of every other peer. (So the end result is that the last peer in the configuration file ends up with the AllowedIPs of 0.0.0.0/0). If you have static allocation of internal IP addresses, then you don't want AllowedIPs of 0.0.0.0/0. If Host A is always assigned IP 10.1.2.3, then its AllowedIPs only need to be 10.1.2.3. Host B can have AllowedIPs of 10.1.2.4 etc. and they don't overlap. On the other hand, if you want to do dynamic routing or multipath, the best solution for now is to have a separate WireGuard interface for each peer. Then you can use 0.0.0.0/0, because routing decisions are made at the kernel routing layer, not by WireGuard. Hope that helps, Samuel _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
