search

pirate / wireguard-docs

📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.
https://docs.sweeting.me/s/wireguard
MIT License
4.45k stars 309 forks source link

Can multiple servers technically share the same private keys? (ignoring the security issues) #37

Closed sebastiannielsen closed 4 years ago

sebastiannielsen commented 4 years ago

Whats the technical reason multiple nodes (for example behind a reverse-NAT type load balancer or using DNS round robin assigning) cannot technically share private keys?

I do understand that if multiple nodes, talk to a single node, and are sharing keys, the other node will not be able to tell them apart (for example, if 2 clients are sharing keys, then the server node will not be able to tell the 2 clients apart).

But assuming this never happens (no client will talk to 2 servers sharing keys simultanously, assuming the reverse-NAT load balancer does have stickyness preventing a client from talking to two backend servers simultanously), what then prevents a set of servers from sharing keys? The documentation says: "never shared with other servers", but does not elaborate why.

Note that security-wise, both servers are assumed to be equally trustworthy, and there is assumed to be a way to transfer the private key between the servers in a secure fashion (for example, encrypted email, or even key written on paper and then physically transported to the second server location).

pirate commented 4 years ago

The situation you're describing is fairly uncommon, and encouraging such a setup in the docs would be dangerous for most beginners. That being said, if you're really sure you're servers are equally trusted, and you don't care about revocation issues if you want to remove one server but not the other, then go ahead!

sebastiannielsen commented 4 years ago

Thanks for the answer, but I disagree with the title change. Using the word "peer" is confusing in this case, because there it can actually also refer to a client, where technical issues can appear if both clients are connected with the same keypair but from different remote IPs, causing these clients to "fight" about which client should have the right reply-IP assigned to them in the server node.

Thats why its better to use the word "server" instead of peer, where "client" is the one initiating a VPN connection, and "server" is the one who is receiving the connection, even if these roles does not have any importance once a connection is set up, then its just a full duplex communication channel between 2 nodes.

sebastiannielsen commented 4 years ago

I personally think it should be clarified in the documentation that sharing private keys between servers can have security implications and revocation issues, for example if some server is comrpomised, but does not have any technical implications.

pirate commented 4 years ago

Done: https://github.com/pirate/wireguard-docs/commit/cb44fb16d79d6933dec04bd9f01e83b0d45a1813