Hello,
I would like to know if it possible to connect two (or more) devices simultaneously using only one wireguard client peer configuration for all of them.
For example if I have two laptops, lets say laptop1 and laptop2 configured whit the exactly same client configuration and if I do start wireguard on both laptops, then both devices will connect to the mikrotik wireguard server and have VPN access OR if the first laptop connects and after this the second also connect, then this second one will not be able to start the VPN because already this peer configuration is in use.

Tks in advance.
Enrico

Instead of trying to shove a wet noodle up a straw, come clean and state your USER requirements in a clear manner without discussing any actual configuration on wireguard.
User X must be able to
User Y must be able to
User X must not be able to
User Y must not be able to
etc....

hypotheticals on what could be done, without understanding how wirequard works is a waste of time.

Hello,

Attached a diagram whit two laptops whit same wireguard peer configuration (same public / private keys and same ip interface address)



Under this scenario remote Laptop 1 connects successfully by VPN to Mikrotik router and after few moments the Laptop 2 will also connect using the the same peer configuration set for Laptop 1. Wonder if the Mikrotik router will accept or refuse the Laptop 2 connection because Laptop 1 is already connected; or the router will accept both simultaneously?

Sincerely,

Enrico

This is not possible, because wireguard uses public-key routing (or whatever they call that), so with same keys, server won't know where to route traffic.
It's however possible to connect two wireguard clients from same subnet but with different keypairs (dunno why you want to have same keypairs)
IIRC, ROS won't even accept such configuration (i.e. same public key on same interface). You can, however, create multiple interfaces on different ports, that may work.

Hello,

I'm asking this to know if I will send peer configuration to a friend of mine to let him use my VPN server and then he without my consent will send this configuration to another friend of him, and this one to another friend of him and so on. So the point is to control who is using this VPN access, because Wireguard peer configuration it is very easy to export as a zip file and send to anyone to use it.

Sincerely,

Enrico

Hello,
I'm updating my own question after googled a little and find this:
[url]https://superuser.com/questions/1506847 ... -keys/[url]
[url]https://www.procustodibus.com/blog/2021 ... peers/[url]

So according the above links it would be a useless mess!

As stated in my previous posts regarding this topic I was afraid to send peer configuration to some acquaintance to allow to use my VPN server and then risk (Murphy's law) to loose control of whom will be using it.

Enrico

The only practical use case I can imagine from your description is to share an account on some paid "VPN" service among multiple people to save money. Leaving aside whether it is in accord with the terms of use, such an approach requires coordination of the use (as in, only one person can use it at a time) even if you trust all members of the group not to share the account settings to any non-member, because one of the limitations of Wireguard is that the "server" side has no means to assign the internal IP address to the "client" side. So even if the Wireguard protocol allowed to connect multiple clients with the same credentials simultaneously (which is not the case), the server would not know to which of them to send a particular packet since all of them would use the same internal address. In fact, as @kleshki has explained, the Wireguard "server" peer would treat all remote peers as a single one with a rapidly changing public address, and would always send all the traffic for that peer to the public address from which the last transport packet has arrived from that peer.

For any other use case, there is no need to share the credentials among people, and I cannot imagine even any need to share it between devices, except possibly some backup scenarios.