few wg peers over the same port in the main office? Cryptokey routing

few wg peers over the same port in the main office? Cryptokey routing

[svar]

[-- Attachment #1: Type: text/plain, Size: 3555 bytes --]

First of all a BIG thanks to developers for great job!

There is a main office with WG running on Lede reboot (17.01.4) with ports 51820 and 51821. Until I've two peers, one pointing to port 51820 and 2nd to 51821 everything worked fine.
Now I want to add another one peer to have 3 remote peers in total. The questions is:
should I open the new port for each remote peer to connect? It's how wg works? How to run few tunnels/peers on the same port 51820 for example? Does Cryptokey routing can work in this way over one port only instead opening third one 51822?

As If I try to use the same port for two peers, the 2nd peer for the same port will not create interface. See evidence bellow.
Once ifconfig brings T1 interface up (listening on 51820 port), the TU interface can't be raised up as it listens on the same port 51820. 

# Lede reboot (17.01.4)
root@OpenWrt:~# wg
interface: T1
  public key: <deleted1>
  listening port: 51820

peer: <deleted2>
  endpoint: x.x.13.235:56649
  allowed ips: p.p.5.0/24
  latest handshake: 45 seconds ago
  transfer: 150.31 KiB received, 286.11 KiB sent

interface: RA
  public key: <deleted3>
  private key: (hidden)
  listening port: 51821

peer: <deleted4>
  endpoint: x.x.125.213:51820
  allowed ips: p.p.30.0/24, 10.1.1.16/30
  latest handshake: 54 seconds ago
  transfer: 285.81 KiB received, 14.89 KiB sent

interface: TU
  public key: <deleted5>
  private key: (hidden)
  listening port: 51820  # If I use THE SAME as for T1 interface, it won't start. How to solve this?
peer: <deleted6>
  endpoint: x.x.147.136:51820
  allowed ips: p.p.57.0/24, 10.2.1.32/30

With p - rfc1918 private address space address is marked (local addresses)


Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'T' is now up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Network device 'T' link is up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'RA' is now up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Network device 'RA' link is up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'TU' is now down
Mon Feb 26 15:28:58 2018 daemon.notice netifd: Interface 'TU' is setting up now
Mon Feb 26 15:28:58 2018 daemon.notice netifd: Interface 'wan' is now up
Mon Feb 26 15:28:59 2018 kern.err kernel: [1972650.446719] wireguard: TU: Could not create IPv4 socket
Mon Feb 26 15:28:59 2018 daemon.notice netifd: Interface 'TU' is now up

root@OpenWrt:~# ifconfig
RA        Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.1.1.16  P-t-P:10.1.1.16  Mask:255.255.255.252
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:444 (444.0 B)  TX bytes:612 (612.0 B)

T1        Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:312 errors:0 dropped:0 overruns:0 frame:0
          TX packets:312 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:26400 (25.7 KiB)  TX bytes:40164 (39.2 KiB)

Where is TU interface? Or it can't be raised because it listens on the same port 51820 as T1 tunnel?

Thanks You!








[-- Attachment #2: Type: text/html, Size: 4607 bytes --]

Re: few wg peers over the same port in the main office? Cryptokey routing

[Jason A. Donenfeld]

For your use case, I'd suggest you use multiple peers on a single
interface with a single listen port.