crypto routing with subnets?

Bruno Wolff III bruno at
Fri Oct 20 20:06:03 CEST 2017

On Fri, Oct 20, 2017 at 20:02:43 +0200,
  "Jason A. Donenfeld" <Jason at> wrote:
>Hi Bruno,
>Fortunately the inquires of this email are things that you could
>figure out simply by trying, so if you want to learn-by-doing, you can
>stop reading here and finish reading afterward.

I'm doing that too. Though I can't test the full set up right now as I 
can't safely change the router firmware until I get home.

>Here are the solutions:
>1. A peer is its public key, which means you can't have two different
>peers with the same key, since they'd be the same peer. In essence
>you're asking for a==a&&a!=a, which is always false.

I mostly wanted to make sure I had a correct mental model for how this 
worked. It seemed like it had to be that way.

>2. Traffic will always go to the most specific route, which means the
>/32 will take precedence over the /16.

For this one, I was a bit worried that it might work sometimes, but have 
problems later as I couldn't find an explicit answer in the documentation 
(I might have missed it.) saying it worked like normal network routing. The 
examples I saw were all disjoint networks.

Thank you for the clarifications.

More information about the WireGuard mailing list