<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">I think you could add multiple peers with the same (anycast) Endpoint but different Key-Pairs (see the try of an example below). <br>Your DNS will select the IP for the closed one, and WG will try to connect with each Key until success.<br>Or did I missing some important point?</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">cat /etc/wireguard/wg0.conf<br>[Interface]<br>Address = <a href="http://172.16.0.2/24">172.16.0.2/24</a><br>ListenPort = 12345<br>PrivateKey = YIYTN0Hil/32QWTo3F1fTVc3SDkgncXLHbGFlCgIQnM=<br></div><div dir="ltr"><br></div><div># anycast-Server 1<br></div><div dir="ltr">[Peer]<br>PublicKey = K+m7KQWy78JIAL7+8oFUdgrlBQdS8NZ2IPJu1rPTsnQ=<br>AllowedIPs = <a href="http://172.16.0.1/24">172.16.0.1/24</a>, <a href="http://192.168.178.0/24">192.168.178.0/24</a><br>Endpoint = <a href="http://my.anycast.com:12345">my.anycast.com:12345</a><br></div><div dir="ltr"><br></div><div dir="ltr"># anycast-Server 2<br>[Peer]<br>PublicKey = O79QWUAdNFbWFIuWeKp3264BL3RuWKF+WFO21r2tAo=<br>AllowedIPs = <a href="http://172.16.0.1/24">172.16.0.1/24</a>, <a href="http://192.168.178.0/24">192.168.178.0/24</a><br>Endpoint = <a href="http://my.anycast.com:12345">my.anycast.com:12345</a><br><br></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">Am Do., 3. Jan. 2019 um 23:38 Uhr schrieb Edward Vielmetti <<a href="mailto:edward.vielmetti@gmail.com">edward.vielmetti@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">A little thought experiment which I haven't tried yet.<div><br></div><div>Using anycast, a single IP address can be routed to multiple machines in a data center or around the world.</div><div><br></div><div>Is it at all possible that anycast and Wireguard would play together nicely? In particular, is it plausible that you could give a client an anycast address of a server to use as its endpoint, and that when it picked the correct / closest one that it would do the right thing?</div><div><br></div><div>The naive approach would be to have all of the anycast devices share the same private/public key pair, but that has a bad smell. And I don't know what would happen if your routing changed in mid-connection.</div><div><br></div><div>(anycast is the technology used to give name servers a single global address, like Google's 8.8.8.8 DNS)<br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail-m_-7529213214564369591gmail_signature"><span>Edward Vielmetti <span id="gmail-m_-7529213214564369591gc-number-93" class="gmail-m_-7529213214564369591gc-cs-link" title="Call with Google Voice">+1 734 330 2465</span></span><div><a href="mailto:edward.vielmetti@gmail.com" target="_blank">edward.vielmetti@gmail.com</a></div><div><br></div></div></div></div>
_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank">WireGuard@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote></div>