diff --git a/add.go b/add.go
index 6527211..be54be5 100644
--- a/add.go
+++ b/add.go
@@ -21,10 +21,10 @@ func Add(hostname string, owner string, description string) { //, publicKey stri
 		PublicKey:    publicKey,
 		PresharedKey: presharedKey,
 		// TODO Endpoint:
-		AllowedIPs:   []JSONIPNet{
-			JSONIPNet {
+		AllowedIPs: []JSONIPNet{
+			JSONIPNet{
 				IPNet: net.IPNet{
-					IP: IP,
+					IP:   IP,
 					Mask: conf.Network.IPNet.Mask,
 				},
 			},
diff --git a/types.go b/types.go
index 0235ed9..85ffc72 100644
--- a/types.go
+++ b/types.go
@@ -78,7 +78,20 @@ func (conf *DsnetConfig) MustSave() {
 }
 
 func (conf *DsnetConfig) MustAddPeer(peer PeerConfig) {
-	// TODO validate PeerConfig!!!
+	// TODO validate all PeerConfig (keys etc)
+
+	for _, p := range conf.Peers {
+		if peer.Hostname == p.Hostname {
+			ExitFail("%s is not an unique hostname", peer.Hostname)
+		}
+	}
+
+	for _, peerIPNet := range peer.AllowedIPs {
+		if conf.IPAllocated(peerIPNet.IPNet.IP) {
+			ExitFail("%s is not unique", peerIPNet)
+		}
+	}
+
 	conf.Peers = append(conf.Peers, peer)
 }
 
@@ -95,6 +108,7 @@ func (conf DsnetConfig) IPAllocated(IP net.IP) bool {
 }
 
 // choose a free IP for a new Peer
+// TODO MustChooseIP? -- failure means we give up anyway
 func (conf DsnetConfig) ChooseIP() (net.IP, error) {
 	network := conf.Network.IPNet
 	ones, bits := network.Mask.Size()