> WireGuard *does* support overlapping ranges of AllowedIPs on different peers. It > doesn't support having *identical* ranges of AllowedIPs on different peers, > which was the situation here. (You're correct, there's no concept of a metric.) Oh good - looks like I just misunderstood your ordinal email then; I thought you were saying that any situation with multiple routes to a single IP was unsupported. Thanks for clarifying :-). Cheers, Steve On Fri, 16 Mar 2018, 07:51 Samuel Holland, wrote: > Hello, > > On 03/15/18 13:39, Steve Gilberd wrote: > >> Allowed IPs is like a routing table; you can't have two routes for the > same > > set of IPs > > > > If this is the case, then wireguard does not have proper routing support. > > > > Normally, routing tables allow both multiple and overlapping routes > present. > > When making routing decisions, the most-specific route is chosen (e.g. a > /29 is > > higher priority than a /24 which overlaps with it). If there are two > identical > > routes of the same size, then the one with the lowest routing metric is > used. > > > > I can understand not allowing identical routes of the same size, as > wireguard > > doesn't really have a concept of metric (although it could be useful for > backup > > links). However, it really should allow overlapping routes of different > sizes. > > There's no ambiguity with routing decisions, and it's a standard feature > that I > > would normally expect any IP routing stack to have. > > WireGuard *does* support overlapping ranges of AllowedIPs on different > peers. It > doesn't support having *identical* ranges of AllowedIPs on different peers, > which was the situation here. (You're correct, there's no concept of a > metric.) > > > Cheers, > > Steve > > Cheers, > Samuel > -- Cheers, *Steve Gilberd* Erayd LTD *·* Consultant *Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237* *PO Box 10019 The Terrace, Wellington 6143, NZ*