Keep in mind that we use a 10.0.0.0/20 network. It’s mostly used for mobile devices (so if I want to access 10.0.4.1, I don’t need to cross add the keys and configs within the phone and the local gateway4, I just communicate via root as central gateway) So they don’t need to send traffic trough the root server. But nearly all local gateways are peers of each other. So it acts as overall gateway for all clients (no bottleneck because of low upload). Our root server is a dedicated root server from hetzner. In this scenario I would cross add the gateways with there IPs (wireguard range and if needed / wanted local) and connect peers just to its own standard gateway. This can be an desired design, like if you want to block traffic from wg0 to wg1 via Iptables/firewall (which you can do with IP ranges as well, but via interface Name it’s easier) But if you want to have a big network of several peers where everyone can talk to overtone, it’s not needed. But this will add one wireguard interface (wg0, wg1, wg2. Of course you can use multiple wireguard configs for multiple peers/endpoints. You can create a wireguard network as complex and creative as you are :) The root with allowedip 10.0.0.0/20 (so all requests to IPs out of this range will be forwarded to this peer) and my home server with allowedip 10.0.1.0/24 and 192.168.0.0/24 (so all requests to 10.0.1.0/24 and to my local home network are going to this peer)Īs I wrote, we have more than these 2 “gateway peers / servers” so if I want to reach 10.0.2.1 (that’s the wireguard interface IP of a third gateway) this traffic will be forwarded to the root and further to the desired gateway. Like if you want to access a service behind your wireguard network.Įvery peer needs to have a unique identifier (private / public key and allowedip) A connection is established if one peers wants/needs to establish one. You can use multiple wg_x.conf, but in your case I wouldn’t use it.īecause there is no “server” for wireguard, a peer can connect to multiple peers.Īs wireguard functions, there is no permanent connection. I think this is a good way to separate physical homes and to keep an clean overview of all devicesĪll servers are „cross connected“, so we can reach every we need/want. have the related IP within its „home server range“ Every home server has got the 10.0.x.1/24 and the phones and laptops and. Where every home has its own 10.0.x.0/24 range. We use 10.0.0.0/20 as overall wireguard IP range. We run a „large“ wireguard network with several root servers, home servers and mobile clients. Same allowedips and key.Īdd your laptop to your phones wg config as additional/second peer, with its own allowedip and public key. That means, add your phone as peer on the laptop, just as you did on your home server. Just create a wg Interface on the laptop and “cross add” all peers you like. And you can connect as many peers with an many other peers you like. ![]() Many schools use this type of model.You need to stop thinking of servers and clients. Furthermore, they have no control over the network as a whole or over individual computers.Ĭlient-server networks are best suited to organisations with many computers, or to situations where many computers need access to the same information. ![]() The computer a person uses on a network is a client.Ĭlients do not usually store data. They need the processing power because many other computers connect to them.Ī client is a computer that relies on other computers (servers) to provide and manage data. Servers tend to be quite powerful machines.
0 Comments
Leave a Reply. |