I have a server running Wireguard. Being a security paranoid, I'm using fwknop (Firewall Knocking Operator - a glorified port knocking server) to conceal the Wireguard port.
This means that whenever I want to connect one of my clients to the Wireguard server, I need first to use fwknop client to open the Wireguard port on the server (via iptables) and then connect to Wireguard.
I'm starting to question if this is actually necessary, since Wireguard drops invalid attempts and a hacker would not get any feedback. Therefore, using fwknop, or any other port knocking services, is useless (for Wireguard, at least. It could, and is, useful for other services, of course).
Does it make sense to use port knocking for Wireguard concealment?