I have a CCR2004-16G-2S+ as my homelab’s core router. With that, I use Wireguard for my VPN (after Rocky Linux 10 broke my ocserv VPN due to EPEL issues).
The problem is, when I add a second client and public key to a Wireguard interface, the first one is not able to connect. This is even when the second client isn’t connected and I didn’t replace the public keys. Heck, if I remove the second key the first client key still refuses to connect. Each key/client has a different IP, but I’m sharing the MT-side IP.
The only thing which works is after removing the second key is rotating the first client’s public key.
Is there a workaround? Am I better off using OpenVPN? Should I have multiple Wireguard interfaces/ports?
My WAN is technically a L2TP tunnel for a public IP because I use an unlocked T-Mobile US 5G SIM (Calyx SIM) as my internet (that in NYC) for upload speeds alone, but 5G uses CGNAT and I lack fiber or upgraded DOCSIS. Wireguard’s MTU is 1280 due to it being inside L2TP. Client is normally my Fedora HP OmniBook Ultra, but I want my MacBook and Pixel with VPNs too.