Multiple Keys per Peer

Nico Schottelius nico.schottelius at
Sun May 2 12:06:53 UTC 2021

Roman Mamedov <rm at> writes:

> On Sun, 02 May 2021 13:02:28 +0200
> Nico Schottelius <nico.schottelius at> wrote:
>> when running a lot of VPN connections using wireguard, there are some
>> questions we see quite often from users, two of which I'd like to
>> discuss here:
>> Multiple keys per Peer
>> ----------------------
>> Users often ask for sharing their connection with multiple
>> devices. The obvious solution is for users to setup their own VPN
>> endpoint with the first key and then reshare themselves. However, this
>> is not feasible in many end user situations.
> The prime and the most straightforward solution is to give each user multiple
> keys, and let them connect from each endpoint as an independent Peer.
> The rest of what you propose appears to be a set of bizarre hacks because
> you don't want to do the above, because "(reasons)". Maybe start with
> detailing those reasons first, or reconsidering if they are *really* that
> important and unsurmountable :)

Practically speaking our VPN are currently rather
"dumb" and only know about /48's (usually one VPN server is responsible
for a /40). And in practice, we are not so much interested in knowing
how people split their tunnels, so we considers this more of a
dynamic routing than a static configuration.

However, I see your point that we could update our systems for
pre-processing the routing logic and letting users split on a static
basis and with that keeping the wireguard protocol more simple.

I'd say fair enough and thanks for the pointer!

Best regards,


Sustainable and modern Infrastructures by

More information about the WireGuard mailing list