diff --git a/configtypes.go b/configtypes.go
index a38241c..07ff462 100644
--- a/configtypes.go
+++ b/configtypes.go
@@ -85,6 +85,18 @@ func (conf *DsnetConfig) MustAddPeer(peer PeerConfig) {
 		}
 	}
 
+	for _, p := range conf.Peers {
+		if peer.PublicKey.Key == p.PublicKey.Key {
+			ExitFail("%s is not an unique public key", peer.Hostname)
+		}
+	}
+
+	for _, p := range conf.Peers {
+		if peer.PresharedKey.Key == p.PresharedKey.Key {
+			ExitFail("%s is not an unique preshared key", peer.Hostname)
+		}
+	}
+
 	if conf.IPAllocated(peer.IP) {
 		ExitFail("%s is already allocated", peer.IP)
 	}
diff --git a/up.go b/up.go
index e1b0c81..d46b839 100644
--- a/up.go
+++ b/up.go
@@ -10,10 +10,11 @@ import (
 
 func Up() {
 	conf := MustLoadDsnetConfig()
-	CreateInterface(conf)
+	CreateLink(conf)
+	ConfigureDevice(conf)
 }
 
-func CreateInterface(conf *DsnetConfig) {
+func CreateLink(conf *DsnetConfig) {
 	linkAttrs := netlink.NewLinkAttrs()
 	linkAttrs.Name = conf.InterfaceName
 
@@ -39,6 +40,11 @@ func CreateInterface(conf *DsnetConfig) {
 		ExitFail("Could not add addr %s to interface %s", addr.IP, err)
 	}
 
+	// bring up interface (UNKNOWN state instead of UP, a wireguard quirk)
+	err = netlink.LinkSetUp(link)
+}
+
+func ConfigureDevice(conf *DsnetConfig) {
 	wgConfig := wgtypes.Config{
 		PrivateKey:   &conf.PrivateKey.Key,
 		ListenPort:   &conf.ListenPort,
@@ -56,9 +62,6 @@ func CreateInterface(conf *DsnetConfig) {
 		ExitFail("Could not configure device '%s' (%v)", conf.InterfaceName, err)
 	}
 
-	// bring up interface (UNKNOWN state, a wireguard thing)
-	err = netlink.LinkSetUp(link)
-
 	if err != nil {
 		ExitFail("Could not bring up device '%s' (%v)", conf.InterfaceName, err)
 	}