On 2022-03-31, Matthew Ernisse <mernisse@ub3rgeek.net> wrote:
> I am trying to setup several tunnels into a single wg(4) endpoint.
> The first tunnel worked fine however when I add the second one the wgaip
> statement moves to the last wgpeer configured. Is this expected behavior?
Yes, you can't use these completely overlapping networks in wgaip,
it's used as a pseudo-route-table to determine which peer to use when
sending packets.
"The interface will route outbound tunneled traffic to the
peer configured with the most specific matching allowed IP
address range, or drop it if no such match exists"
It doesn't explicitly say what happens if you try to use duplicates
in wgaip but it seems to follow that configuring them can't work given
the above.
On the machine with multiple connections, if a wg client is a single
host then you'd usually want the full /32 in wgaip, otherwise distinct
subnets for each. 0.0.0.0/0 is useful on a client side if it's getting
internet access across the tunnel but not when there are multiple
peers on one wg interface.
No comments:
Post a Comment