Wireguard + anycast

Henning Reich henningreich at gmail.com
Fri Jan 4 09:30:33 CET 2019

I think you could add multiple peers with the same (anycast) Endpoint but
different Key-Pairs (see the try of an example below).
Your DNS will select the IP for the closed one, and WG will try to connect
with each Key until success.
Or did I missing some important point?

cat /etc/wireguard/wg0.conf
Address =
ListenPort = 12345
PrivateKey = YIYTN0Hil/32QWTo3F1fTVc3SDkgncXLHbGFlCgIQnM=

# anycast-Server 1
PublicKey = K+m7KQWy78JIAL7+8oFUdgrlBQdS8NZ2IPJu1rPTsnQ=
AllowedIPs =,
Endpoint = my.anycast.com:12345

# anycast-Server 2
PublicKey = O79QWUAdNFbWFIuWeKp3264BL3RuWKF+WFO21r2tAo=
AllowedIPs =,
Endpoint = my.anycast.com:12345

Am Do., 3. Jan. 2019 um 23:38 Uhr schrieb Edward Vielmetti <
edward.vielmetti at gmail.com>:

> A little thought experiment which I haven't tried yet.
> Using anycast, a single IP address can be routed to multiple machines in a
> data center or around the world.
> Is it at all possible that anycast and Wireguard would play together
> nicely? In particular, is it plausible that you could give a client an
> anycast address of a server to use as its endpoint, and that when it picked
> the correct / closest one that it would do the right thing?
> The naive approach would be to have all of the anycast devices share the
> same private/public key pair, but that has a bad smell. And I don't know
> what would happen if your routing changed in mid-connection.
> (anycast is the technology used to give name servers a single global
> address, like Google's DNS)
> --
> Edward Vielmetti +1 734 330 2465
> edward.vielmetti at gmail.com
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190104/7b5b731b/attachment.html>

More information about the WireGuard mailing list