Same AllowedIPs for multiple peers with wireguard

wireguard

When I add a network range as AllowedIPs, e.g. wg set wgvpn peer abcd… allowed-ips ::/0, then that network is removed from all other peers.

How do I add the same AllowedIPs to multiple peers?

The reason I want to do this is to create a full mesh, and play around routing around down peers.

Do I need to set up separate wireguard interfaces for this?


Solution 1:

How do I add the same AllowedIPs to multiple peers?

You don't.

AllowedIPs isn't only a list of allowed IP addresses – the interface also uses it for internal routing. WireGuard interfaces, like 'tun' interfaces (as opposed to 'tap'), do not carry a Layer-2 header where MAC addresses would be; so if you have multiple peers on the same interface, the standard routing table has no way to specify which peer which packets should be sent to. Therefore WireGuard itself internally uses AllowedIPs to map each destination IP address to a single destination peer (similarly to OpenVPN's "iroute", Tinc's "Subnet", &c).

If you want a full mesh, you'll need a separate interface for each peer.

Related

What limits the size (GB) of RAM module I can install in a RAM slot? [duplicate]
Unable to change from UEFI to Legacy Mode
Batch script to append record to csv files
Can I re-partition my C: drive during (for example) factory reset to give it a bigger space allocation?
Trying to use miredo, missing libtun6.so.0
How to enable CORS on server-side code in java
Clone object within object [duplicate]
JDBCConnectionException "Unable to acquire JDBC Connection" with spring boot
Access to image at '' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource [duplicate]
Can't debug Golang with breakpoints in VSCode
Shorten SQL update query
React js Deep Linking