[paulkon]

What is the recommend wireguard mesh solution where peers can easily join and leave and shortest connection paths are automatically determined?

I want to setup a way to access my mobile home office subnet (behind cellular which doesn't allow incoming) and two other subnets sites and some mobile devices which come and go.

[lima]

Tailscale works perfectly for this.

There's a third party open source server, too: https://github.com/juanfont/headscale

(I just use the free hosted backend, obviously you trust them to do the key exchange)

[xoa]

Have you taken a look at Nebula [0]? Might fit your needs. It also uses the Noise Protocol Framework but adds the bells and whistles on top needed to synthesize an overlay network like you want. MIT licensed too fwiw, full self hosting. Worth a look at any rate, WireGuard is much lower level though I'm sure it could be built upon for the same purpose.

----

0: https://github.com/slackhq/nebula

[mike_d]

https://zerotier.com/

The managed backend/NAT broker is free up to 50 machines, or you can run the open source server yourself.

[2Gkashmiri]

i have been running zerotier for over 2 years now. brilliant. works without problems

[Youden]

WireGuard on its own doesn't do that. WireGuard only sets up tunnels between peers. If you want something like you describe, you need another product that integrates WireGuard.

It's a bit boring but in a situation like yours the most straightforward way would be to set up WireGuard gateways at each of your sites and have them talk to each other and the mobile devices.

[afeiszli]

Check out Netmaker if you're looking for something WireGuard based. We had a post about it a couple weeks ago:

https://news.ycombinator.com/item?id=29809830

[klysm]

I don’t think wireguard will do that shortest path routing for you. Look into babel routing protocol and friends.