Page MenuHomePhabricator
Feed Advanced Search

Fri, Sep 6

jonaswre added a comment to T1572: Wireguard keyPair per interface.

@hagbard the private key should stay where its generated. But thats not the point I was trying to make. The point @zx2c4 and I are making, is each interface represent a diffrent Identity. There are only some special cases where you would need the same private key on two interface. Useally you would just add all peers that connect with the same publickey to the same interface. You only need a second interface if there is a second identity you want to assume. For example wg01 might be used to connect to your workplace and wg02 vpn service. In that case you would want clients in wg01 and wg02 to know you under different identities.

Fri, Sep 6, 9:16 AM · VyOS 1.3 Equuleus

Aug 15 2019

jonaswre added a comment to T1572: Wireguard keyPair per interface.

@hagbard It's not stated that you MUST use a new private key for each interface. But it states that

[e]ach network interface has a private key [...] ⇒ Cryptokey Routing

to set a private key for each interface only makes sense when you are allowed to use different keys for different interfaces. If there would be any withdraw in using multiple keys they would have just omitted the "privateKey" in the config file and set i globally. Since they didn't do that I can't imagine there is one. But I would be interested in learning what withdraws you see that the developers don't see.

Aug 15 2019, 7:11 AM · VyOS 1.3 Equuleus

Aug 9 2019

jonaswre updated the task description for T1572: Wireguard keyPair per interface.
Aug 9 2019, 10:34 AM · VyOS 1.3 Equuleus
jonaswre created T1572: Wireguard keyPair per interface in the S1 VyOS Public space.
Aug 9 2019, 9:46 AM · VyOS 1.3 Equuleus