@anav: Where are multiple peers in your example? I see only router A and B, so each will have only one peer - the other router. No?
Too funny, thanks, I was assigning different subnets as peers and completely missed the boat. Now I am going to have to get on my jet ski and catch up to the boat.
This is the problem. When having multiple peers on a single interface, wireguard uses the allowed-address setting to determine which peer the packet should be sent to. If the destination IP of the packet is in allowed addresses for the first peer, it will be sent to the first peer. If the destination IP is in the allowed addresses for the second peer, it will be sent to the second one. You have defined your allowed addresses as 0.0.0.0/0 which will match absolutely everything to both peers, but it would probably check the first peer first and then the second peer would never receive anything.
I take issue with the above statement as I think he is mixing apples and oranges.
TRAFFIC OUTBOUND FROM ROUTER - thru tunnel
If the traffic is outbound from a router, the PEER, settings refer to the addresses that the router will look for match and select for entry into the tunnel.
Since traffic outbound 99% of the time refers to local subnets
that use the tunnel to reach internet (or subnets) from the remote device.
Typically the allowed addresses used is 0.0.0.0/0 and these are the destination addresses the router will be matching and selecting to enter the tunnel.
I dont see how there is going to be any conflict or errors here.
Any other device external to the local Router will have a different wireguard interface and likely have opposite flow, like an iphone coming into the router via the tunnel.
Therefore I do not see how it is possible to have two different peers heading towards the tunnel FROM THE SAME DEVICE.
So the first step is proving to me that this event or scenario can even exist!!
Second steps is showing me the so what. If traffic from any source get sent through the tunnel, and is expected on the other end of the tunnel, it will be allowed to exit the tunnel etc..... No harm no foul, and no problem,
TRAFFIC INBOUND TO ROUTER - thru tunnel
If the traffic is inbound to a router, the PEER, settings refer to the addresses that are filtered, (not selected) and thus allowed to exit the tunnel and be firewalled to either the WAN or LAN as applicable. Again, I dont see how there is going to be any conflict or errors here.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!