My question is regarding a blog post: https://www.procustodibus.com/blog/2021/01/same-key-multiple-peers/
My case is a bit different, it isn't a wireguard server admin problem. I'd like to restrict what we can't control: the user.
What if the client uses the same client configuration file with a phone and a desktop simultaneously? Security wise it shouldn't be a problem.
- Why doesn't wireguard have a protection for this case? Why does it keep the non-sense of replacing users' public IP/port again and again until one device gives up?
We can imagine a simple message/protocol to signal the user is gonna be "disconnected/forgotten/deleted".
I feel like Wireguard is more a base for developers rather than a VPN by itself. They brag about the short codebase, security and so on but OpenVPN is way more advanced.
UDP itself being stateless doesn't mean the upper layer has to be stateless. (and UDP is never really stateless since NATs/firewalls consider UDP as stateful)
TunSafe handles it in a better way (esp. for TOTP support) but the project seems dead for years.
