From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: nicolas.prochazka@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 51e18274 for ; Thu, 21 Sep 2017 11:18:49 +0000 (UTC) Received: from mail-io0-f170.google.com (mail-io0-f170.google.com [209.85.223.170]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 45f77036 for ; Thu, 21 Sep 2017 11:18:49 +0000 (UTC) Received: by mail-io0-f170.google.com with SMTP id d16so10138835ioj.3 for ; Thu, 21 Sep 2017 04:46:11 -0700 (PDT) MIME-Version: 1.0 Sender: nicolas.prochazka@gmail.com In-Reply-To: References: From: nicolas prochazka Date: Thu, 21 Sep 2017 13:46:10 +0200 Message-ID: Subject: Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces To: "Jason A. Donenfeld" Content-Type: text/plain; charset="UTF-8" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hello, i known, but we are using one interface by customer, each interface manages multiple peers ( > 500 ) as wg_interface0 = client 0 = 500 peers wf_interfacen= client n = 500 peers at this moment, only one interface wg0 manage all peers and all customers , it's very complicating for the administrive tasks , qos, client separation .... Regards, NIcolas 2017-09-21 13:25 GMT+02:00 Jason A. Donenfeld : > I'd recommend you use multiple peers per interface. The strong binding > with allowed-ips enables you to use qos, network analysis, security, > and iptables rules in a very straightforward way.