> WireGuard *does* support overlapping ranges of AllowedIPs on different peers. It
> doesn't support having *identical* ranges of AllowedIPs on different peers,
> which was the situation here. (You're correct, there's no concept of a metric.)

Oh good - looks like I just misunderstood your ordinal email then; I thought you were saying that any situation with multiple routes to a single IP was unsupported. Thanks for clarifying :-).

Cheers,
Steve

On Fri, 16 Mar 2018, 07:51 Samuel Holland, <samuel@sholland.org> wrote:
Hello,

On 03/15/18 13:39, Steve Gilberd wrote:
>> Allowed IPs is like a routing table; you can't have two routes for the same
> set of IPs
>
> If this is the case, then wireguard does not have proper routing support.
>
> Normally, routing tables allow both multiple and overlapping routes present.
> When making routing decisions, the most-specific route is chosen (e.g. a /29 is
> higher priority than a /24 which overlaps with it). If there are two identical
> routes of the same size, then the one with the lowest routing metric is used.
>
> I can understand not allowing identical routes of the same size, as wireguard
> doesn't really have a concept of metric (although it could be useful for backup
> links). However, it really should allow overlapping routes of different sizes.
> There's no ambiguity with routing decisions, and it's a standard feature that I
> would normally expect any IP routing stack to have.

WireGuard *does* support overlapping ranges of AllowedIPs on different peers. It
doesn't support having *identical* ranges of AllowedIPs on different peers,
which was the situation here. (You're correct, there's no concept of a metric.)

> Cheers,
> Steve

Cheers,
Samuel
--

Cheers,

Steve Gilberd
Erayd LTD · Consultant
Phone: +64 4 974-4229 · Mob: +64 27 565-3237
PO Box 10019 The Terrace, Wellington 6143, NZ