Recent discussions have suggested opening multiple UDP ports at the "server" Endpoint of a tunnel to help overcome blocked ports, as suggested in https://lists.zx2c4.com/pipermail/wireguard/2018-November/003503.html.
As noted, it's fairly easy to redirect multiple ports on the server end to a single ListenPort with NAT - whether with iptables or with proprietary routers. For the client (windows, android) as far as I can tell, the configuration file syntax only allows a single Endpoint, with a single port. This would indicate that either one should setup multiple peers (with the same public key, AllowedIPs, etc) - one for each possible port - but with different endpoint ports), or multiple tunnels (again duplicating everything except the endpoint port). If this is correct, it's awkward and error-prone. It would be nice to be able to specify something like [db8:123::10]:(51820,80,443,...) and have the client try each port until it gets a response when it (re-)initiates contact. It doesn't matter which port responds, since the server's kernel sees the same listen port in every case. (I guess the client could even be aggressive and send the first packet to all ports - since a quick reading of the protocol paper says that duplicates will be discarded based on the timestamp.) In any case, how do you recommend handling this configuration on the client end?
