Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
There shouldn't be any massive issue with sharing your public key between customers. Just keep your private keys private. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
On Thu, Sep 21, 2017 at 3:14 PM, nicolas prochazkawrote: > "historical" private software, and it's difficult to deal with. > It is not a wireguard issue. In that case, I'd recommend you bind your services to 0.0.0.0 and just use iptables to do net-based ACLs with the standard filter table. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
Perhaps I'm not understanding your last message, but it's most certainly possible to bind to a particular IP address with a service. It's also possible to bind to _all_ IP addresses, and then use iptables to control which source networks have access to a particular port. Finally, within a service, if you only allow input from wg0 since allowed-ips gives strong cryptographic binding, you can explicitly filter on the IP addresses you get from recvfrom. I don't understand your meaning of "internal dev". ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
Ok, To be more precise, the uses cases are : services ( as daemon ) are listening on specifiq interface/Ipv6 address to secure and active service by client, with only one interface, it is not possible, aliasing seems to be not relevant. However i can understand that is not the problem of wireguard , perhaps can you tell us if an internal dev is possible or if the nature of wireguard forbid this ? Regards, Nicolas Ps : sorry for the prefix 2017-09-21 13:55 GMT+02:00 Jason A. Donenfeld: > Please do not prefix your email subjects with [wireguard-dev]. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
Please do not prefix your email subjects with [wireguard-dev]. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
On Thu, Sep 21, 2017 at 1:46 PM, nicolas prochazkawrote: > at this moment, only one interface wg0 manage all peers and all > customers , it's very complicating for the administrive tasks , qos, > client separation It should be possible to accomplish these administrative tasks and qos via subnet range rather than interface. Each interface will handle up to 2^20 peers, which should certainly be enough. In any case, if you would like to use different interfaces, you'll need to use different ports. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
Hello, i known, but we are using one interface by customer, each interface manages multiple peers ( > 500 ) as wg_interface0 = client 0 = 500 peers wf_interfacen= client n = 500 peers at this moment, only one interface wg0 manage all peers and all customers , it's very complicating for the administrive tasks , qos, client separation Regards, NIcolas 2017-09-21 13:25 GMT+02:00 Jason A. Donenfeld: > I'd recommend you use multiple peers per interface. The strong binding > with allowed-ips enables you to use qos, network analysis, security, > and iptables rules in a very straightforward way. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces
I'd recommend you use multiple peers per interface. The strong binding with allowed-ips enables you to use qos, network analysis, security, and iptables rules in a very straightforward way. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[wireguard-dev] Ability to use one udp port for multiple wg interfaces
Hello, this question have alreadry be post in the past, but i need some help. We want create one wireguard interface by client, because at this moment, we are using one interface for all our client, and it's becomes very difficult to manage in term of Qos , network analyse , security , iptables .. With mutliple interface, all is good in term of performance with the last release , but each interface must have it's own port, that is not possible to manage ( different port by client ) Is there a solution ? Regards, Nicolas Prochazka ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard