Hi Ivan, > IMO, a good tunnel solution may be if what is now called AllowedIPs, > were functionally split into: > - AcceptIPS (to be different from AllowedIPs) > - RouteIPs > Perhaps with a default shorthand of, say, IPs, setting both, as > AllowedIPs historically caused confusion wrt. it's meaning.
That would be one way to paint the shed, yes. This alone doesn't really address the crux of the problem though: scalability. > Wireguard API is a bit clunky, but I think one could dynamically manage > routes in reasonably efficient ways without extra interfaces and layers. The entire idea with the new route attribute is to put this functionality into the right (pre-existing) layer and not invent a new way of expressing this. We even get scalability for free. Win-Win. --Daniel PS: Your mail didn't reach my inbox for some reason, I randomly found it while looking at the wg list archives. Consider configuring your mail client to To/CC people you're replying to in order to better handle flaky list servers.
