[Correction] Vanilla WireGuard - full mesh

Question

[Correction] Vanilla WireGuard - full mesh

Closed this issue 5 months ago · 2 comments

Describe the error and suggest correction
Vanilla WireGuard may support full mesh

Evidence and Justification
WireGuard can configure peer which with public IP (without NAT) to implement peer to peer connection rather a hub and spoke model (even though it’s cumbersome when the number of peers is large). It’s true that Vanilla WireGuard doesn’t support NAT hole-punching, but it should support full mesh, I think.

Additional context
I’m not knowledgeable in network. Please correct if I’m wrong.
I found a article about WireGuard full mesh networking, which show me configuration like this:

[Interface]
Address = 10.0.0.2/32
PrivateKey = IFhAyIWY7sZmabsqDDESj9fqoniE/uZFNIvAfYHjN2o=

PostUp = iptables -I FORWARD -i wg0 -j ACCEPT; iptables -I FORWARD -o wg0 -j ACCEPT; iptables -I INPUT -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -D INPUT -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


[Peer]
PublicKey = JgvmQFmhUtUoS3xFMFwEgP3L1Wnd8hJc3laJ90Gwzko=
PresharedKey = 1SyJuVp16Puh8Spyl81EgD9PJZGoTLJ2mOccs2UWDvs=
AllowedIPs = 10.0.0.1/32, 192.168.10.0/24
Endpoint = aws.com:51820

# Aliyun /  / Updated: 2021-02-24 07:57:45.941019829 +0000 UTC / Created: 2021-02-24 07:57:45.941019829 +0000 UTC
[Peer]
PublicKey = kVq2ATMTckCKEJFF4TM3QYibxzlh+b9CV4GZ4meQYAo=
AllowedIPs = 10.0.0.4/32
AllowedIPs = 192.168.40.0/24
Endpoint = aliyun.com:51820

# GCP /  / Updated: 2021-02-24 07:57:27.3555646 +0000 UTC / Created: 2021-02-24 07:57:27.3555646 +0000 UTC
[Peer]
PublicKey = qn0Xfyzs6bLKgKcfXwcSt91DUxSbtATDIfe4xwsnsGg=
AllowedIPs = 10.0.0.3/32
AllowedIPs = 192.168.30.0/24
Endpoint = gcp.com:51820

it’s one of all peers’ configuration, includes all peers except itself.

Answer 1 · 2024-02-08T19:50:18.000Z

Yes, it certainly can support a full mesh, else none of it's dependants would be able to. However it is impractical to do so (I've tried)

Answer 2 · 2024-02-09T16:42:37.000Z

Yes, it certainly can support a full mesh, else none of it's dependants would be able to. However it is impractical to do so (I've tried)

Thanks for correcting and I can‘t agree more with your addition.