From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 167fa4a2 for ; Tue, 2 May 2017 08:46:03 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5facf33b for ; Tue, 2 May 2017 08:46:03 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 306492ee for ; Tue, 2 May 2017 08:46:03 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id be006aae (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Tue, 2 May 2017 08:46:03 +0000 (UTC) Received: by mail-io0-f177.google.com with SMTP id p80so151281373iop.3 for ; Tue, 02 May 2017 01:55:34 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Tue, 2 May 2017 10:55:32 +0200 Message-ID: Subject: Re: Ability to use one udp port for multiple wg interfaces To: Damian Kaczkowski Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hello Damian, 1. Always use the latest snapshot version of WireGuard. The one you listed is out of date. 2. No, you cannot use the same port. 3. You may have multiple peers on a single wireguard interface. This is the configuration that you probably should be using. "It is not very friendly to open additional udp ports in multiple peer scenario where firewall ACLs are desirable" This is 100% incorrect. With multiple peers on an interface and a sufficiently clamped allowed-ips entry for each, you'll have perfect firewall ACLs. Regards, Jason