[Question or Feature Request] Any wg1.conf option to limit peer IP as 1-to-1?

Tim Weippert weiti at weiti.org
Mon Dec 17 08:44:23 CET 2018


On Mon, Dec 17, 2018 at 09:42:17AM +0800, KeXianbin(http://diyism.com) wrote:
> For example, my wg1.conf now:
> [Interface]
> PrivateKey = uMoD1TRi+tRkEVF/B5VrXQwHMN3xC1eLVXNbLkkkkkk=
> Address =
> ListenPort = 21404
> MTU=1300
> PostUp = ip route add dev wg1
> PostDown = ip route del

Why you add a routing to a /24 if you only want 1:1 links?
I think with this entry the routing decision isn't made by
wireguards "AllowedIPs" statement, it is accomplished by normal 
routing lookups and get send through the tunnel.

Is there a reason for the /24 routing?

> [Peer]
> PublicKey = Zd5jssxd4zj/4d6ZpOtClyD/8V2eGR7jpHM3jpppppp=
> EndPoint =
> AllowedIPs =

This should normally do what you expected, but i think as stated above
the /24 routing is "disabling" the correct behaviour.


More information about the WireGuard mailing list