From: "Ivan Labáth" <labawi-wg@matrix-dream.net>
To: wireguard@lists.zx2c4.com
Subject: Re: Multiple (client-)peers with same keys possible ?
Date: Tue, 15 May 2018 22:39:55 +0100 [thread overview]
Message-ID: <20180515213955.GA19046@matrix-dream.net> (raw)
In-Reply-To: <1526417435.709029.1373298160.471617A2@webmail.messagingengine.com>
Hi,
as said, I don't concieve a reasonable way of using the same key.
Wireguard routes and needs to identify and know its clients.
That said, I don't see a reason why the clients couldn't have similar
private keys.
e.g.
Server:
Private = PrivateKey
[Peer1]
Pubkey = secret_to_public(notreallysecret..001)
AllowedIPs = 172.16.0.1/16
[Peer2]
Pubkey = secret_to_public(notreallysecret..002)
AllowedIPs = 172.16.0.2/16
I would carefully consider security consequences and possible
alternatives before deploying such a scheme.
Cheers,
ivan
On Wed, May 16, 2018 at 08:50:35AM +1200, Eric Light wrote:
> Hi Reiner!
>
> I can't figure out how that would work, considering WG is based around crypto-key routing. How would it know where to route a given packet?
>
> Additionally, two sets of AllowedIPs=0.0.0.0/0 would imply two different default routes.
>
> I just don't see how that could function, tbh. :)
>
> E
>
> --------------------------------------------
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
>
> On Wed, 16 May 2018, at 06:36, reiner otto wrote:
> > Is it possible somehow, to define multiple (client-)peers to share the
> > same keys ?
> > (Trading some loss of security for simpler distribution)
> >
> > I.e. on server:
> > [Interface]
> > ListenPort = 5000
> > PrivateKey = ABCD ...XYZ
> > Address=172.16.0.1
> >
> > [Peer]
> > PublicKey = 1234...7890
> > AllowedIPs = 172.16.0.0/16
> >
> >
> > client1:
> > [Interface]
> > PrivateKey = top...secret
> > ListenPort = 5000
> > Address = 172.16.0.2
> > [Peer]
> > PublicKey = everybodyknows
> > AllowedIPs = 0.0.0.0/0
> > Endpoint = 1.2.3.4
> >
> > client2:
> > [Interface]
> > PrivateKey = top...secret
> > ListenPort = 5000
> > Address = 172.16.0.3
> > [Peer]
> > PublicKey = everybodyknows
> > AllowedIPs = 0.0.0.0/0
> > Endpoint = 1.2.3.4
> > ....
> > ....
> > ....
> > _______________________________________________
> > WireGuard mailing list
> > WireGuard@lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/wireguard
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2018-05-15 21:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <267632710.2840000.1526409369057.ref@mail.yahoo.com>
2018-05-15 18:36 ` Multiple (client-)peers with same keys possible ? reiner otto
2018-05-15 20:50 ` Eric Light
2018-05-15 21:39 ` Ivan Labáth [this message]
[not found] <896575027.3009605.1526448125867.ref@mail.yahoo.com>
2018-05-16 5:22 ` reiner otto
2018-05-16 14:04 ` ajs124
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180515213955.GA19046@matrix-dream.net \
--to=labawi-wg@matrix-dream.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.