From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 11c7299e for ; Fri, 17 Feb 2017 13:48:32 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id dd841a06 for ; Fri, 17 Feb 2017 13:48:32 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id cd7ba626 for ; Fri, 17 Feb 2017 13:48:32 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 0ca84cf0 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Fri, 17 Feb 2017 13:48:32 +0000 (UTC) Received: by mail-ot0-f181.google.com with SMTP id 45so31600530otd.2 for ; Fri, 17 Feb 2017 05:48:52 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Fri, 17 Feb 2017 14:48:51 +0100 Message-ID: Subject: Re: Some questions about wireguard To: Nicolas Prochazka Content-Type: text/plain; charset=UTF-8 Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Wed, Feb 15, 2017 at 11:12 AM, Nicolas Prochazka wrote: > - how many tunnels a peer can manage ? > In our environnement, ~ 10 000 clients --> "server"|peer Each interface can have 65536 peers. Each linux system can have multiple interfaces. (If that peer limit becomes a problem for somebody, it wouldn't be difficult to remove it and expand it to 4294967296.) > how wireguard manage this ( udp tunnel from kernel ? ) Not sure I understand your question. Could you rephrase? > > - about peer key management ? > with 10 000 peer keys, how can we manage it You can load the keys into the interface using wg(8). At some later date there may be support for dynamic database stuff.