wireguard multiple interfaces

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

wireguard multiple interfaces

Sonic
The need is for site-to-site vpns (multiple client sites to one server
site), 3 vlans each.
From a management point of view it might be better to use 3 wireguard
interfaces on all of the routers (wg0, wg1, wg2). But I'm not sure if
that adds overhead, and if so how much.
Basically, is it better to use just one tunnel (wg0) or 3?

Thanks for any insights.

Chris

Reply | Threaded
Open this post in threaded view
|

Re: wireguard multiple interfaces

Loopw
Use multiple interfaces, one per site to connect with. Overhead isnt really present, its just routing and hashes at that point.
(I’ve had no issues doing site to sites in this fashion, has been working great for months)



> On Jul 31, 2020, at 10:43 AM, Sonic <[hidden email]> wrote:
>
> The need is for site-to-site vpns (multiple client sites to one server
> site), 3 vlans each.
>> From a management point of view it might be better to use 3 wireguard
> interfaces on all of the routers (wg0, wg1, wg2). But I'm not sure if
> that adds overhead, and if so how much.
> Basically, is it better to use just one tunnel (wg0) or 3?
>
> Thanks for any insights.
>
> Chris

Reply | Threaded
Open this post in threaded view
|

Re: wireguard multiple interfaces

Sonic
On Fri, Jul 31, 2020 at 3:15 PM <[hidden email]> wrote:
> Use multiple interfaces, one per site to connect with. Overhead isnt really present, its just routing and hashes at that point.
> (I’ve had no issues doing site to sites in this fashion, has been working great for months)

I was picturing 3 wgx interfaces, one per vlan, on all systems. The
"server" (the "client" sites need access to the "server" but not to
each other) would be the only box that would have multiple peers
listed for each wgx interface. I thought this might simplify the
setup, but not really sure. Would make it easy to see the traffic
generated per vlan through the vpn.