[Babel-users] [RFC] Replace WireGuard AllowedIPs with IP route attribute

Kyle Rose krose at krose.org
Mon Aug 28 17:55:08 UTC 2023

On Mon, Aug 28, 2023 at 1:41 PM Juliusz Chroboczek <jch at irif.fr> wrote:
> I've read the whole discussion, and I'm still not clear what advantages
> the proposed route attribute has over having one interface per peer.  Is
> it because interfaces are expensive in the Linux kernel?  Or is there some
> other reason why it is better to run all WG tunnels over a single interface?

Why manage n^2 tunnels and allocate n^2 /30 CIDRs when you can just
have one tunnel and a single subnet for a full mesh? IMO, the latter
should be a feature differentiating Wireguard from other solutions to
creating a mesh VPN. That is, in fact, the whole reason I dropped
OpenVPN for it.


More information about the WireGuard mailing list