Roman Mamedov <[email protected]> writes:
> On Sun, 02 May 2021 13:02:28 +0200 > Nico Schottelius <[email protected]> wrote: > >> when running a lot of VPN connections using wireguard, there are some >> questions we see quite often from users, two of which I'd like to >> discuss here: >> >> Multiple keys per Peer >> ---------------------- >> >> Users often ask for sharing their connection with multiple >> devices. The obvious solution is for users to setup their own VPN >> endpoint with the first key and then reshare themselves. However, this >> is not feasible in many end user situations. > > The prime and the most straightforward solution is to give each user multiple > keys, and let them connect from each endpoint as an independent Peer. > > The rest of what you propose appears to be a set of bizarre hacks because > you don't want to do the above, because "(reasons)". Maybe start with > detailing those reasons first, or reconsidering if they are *really* that > important and unsurmountable :) Practically speaking our VPN are currently rather "dumb" and only know about /48's (usually one VPN server is responsible for a /40). And in practice, we are not so much interested in knowing how people split their tunnels, so we considers this more of a dynamic routing than a static configuration. However, I see your point that we could update our systems for pre-processing the routing logic and letting users split on a static basis and with that keeping the wireguard protocol more simple. I'd say fair enough and thanks for the pointer! Best regards, Nico -- Sustainable and modern Infrastructures by ungleich.ch
