Need Help Setting Up Multiple WireGuard Users

By
Keven Krok
-
0
1
Asked By TechieUser2023 On

Hey everyone! I'm trying to wrap my head around setting up additional users on WireGuard after having successfully set it up for one user. Right now, I have the wg0 interface configured and it's working fine. However, I'm having some confusion with adding users wg1 and wg2. User1 connects from home in a different state, while users 2 and 3 share a VPN at the office and have the same IPv4 address. Here are my questions:

1) I'm using 10.0.0.1/24 for user1 in wg0.conf on the server. Can users 2 and 3 share this same address?
2) Should all users use the same listen port (51820), or does each user need their own unique port?
3) Since users 2 and 3 share a LAN, do the AllowedIPs in wg1.conf and wg2.conf need to match their respective win district?
4) For the Endpoint in wg1.conf and wg2.conf for users 2 and 3, they have the same IP address from their shared LAN; should the port used be different?
Thanks for any help you can provide!

2 Answers

Answered By WirelessWizard42 On

If you're using a hub and spoke model, you'll want your hub (wg0) set up to serve as the gateway with unique IPs for each user who connects—no duplicates allowed!

For users 2 and 3, definitely keep them as separate peers with their own configs. If you were to set things up on a router for the office, you could just use one config for all devices behind it.

Answered By NetworkingNinja99 On

1) Each user connecting to the VPN needs a distinct IP address within your VPN subnet, so users 2 and 3 definitely cannot use 10.0.0.1. You should assign them separate IPs like 10.0.0.2 and 10.0.0.3.

2) All users can technically use the same listen port (51820) for incoming connections; it’s the outgoing packets that will be routed based on which user is connected to that port.

3) Yes, both users 2 and 3 must have their own unique AllowedIPs within the VPN; they should not overlap unless they're using a router.

4) The Endpoint port can remain the same for both users, as they will connect to the same server port you’ve designated. It’s the IP that needs to be different for each user.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.