|
|
|
|
|
|
by octoberfranklin
1549 days ago
|
|
|
> Only one peer is allowed to use 0.0.0.0/0 for AllowedIPs This is simply incorrect. You can have two peers with the same AllowedIP; you just have to put them on separate interfaces (wg0 and wg1 for example). This is for exactly the same reason that a routing table can only have one default entry. If you want two default entries, make two routing tables. > Yes but UI wise it presents itself as one No, it doesn't present itself as one. > since it’s acts as an interface So does /dev/net/tun, which is definitely not a layer 2 interface either. |
|
|
I don’t have to do this with normal data link layers. That’s the point of the complaint. Wireguard is not a true data link layer. Manually configuring multiple interfaces for something I can do with just one interface with a normal data link layer at runtime is an extra inconvenience.
> This is for exactly the same reason that a routing table can only have one default entry. If you want two default entries, make two routing tables.
Using nftables I can specify different routers to use based on arbitrarily complex packet rules. Using just one interface. I can’t do this with wireguard, it will only allow me to to route arbitrary packets to a single peer on an interface. This is an inconvenience.