On 05/10/2021 08:39, uxDWzco-wg@moenia.de wrote: > using same port for all connections means, that for receiving encrypted > packets every configured key must be tried, until the right one is > found, or is this wrong? Incorrect. The handshake establishes sender and receiver indexes; these are reproduced in data packets so that the receiver does one hash table lookup to determine the decryption key. This is documented on https://www.wireguard.com/protocol/ > so: how many connections are reasonable for a single device, without > running in to trouble due to the time trying all the keys? Up to 1,048,576 peers per interface are supported, limited only by bandwidth and kernel memory.