WG default routing
Chris Osicki
wg at osk.ch
Tue Jan 5 20:15:24 UTC 2021
On Mon, Jan 04, 2021 at 02:38:23PM +0100, Henning Reich wrote:
> Hi,
> you can control the traffic is routed with the AllowedIPs option. If
> you use 0.0.0.0/0, all traffic is routed through the wireguard tunnel.
> If you just allow for example 10.10.10.10/32 only 10.10.10.10 is
> allowed. 10.10.0.0/16,192.168.1.0/24 will allow
> 10.10.0.0-10.10.254.254 and 192.168.1.0-192.168.1.254 and so on...
>
> I use
> [Peer]
> PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> AllowedIPs = 172.16.16.0/24,10.10.0.0/16,10.0.0.0/16
> Endpoint = 123.123.123.123:12346
> PersistentKeepalive=30
>
> Am Mo., 4. Jan. 2021 um 13:40 Uhr schrieb Chris Osicki <wg at osk.ch>:
> >
> > Hi
> >
> > I am quite new to wireguard, moving after years of OpenVPN, and found it simple and _really good_.
> > One thing, however, makes me wonder. Why WG tries always to take over all my routing?
> > My first try was with wg-quick, and noticed all my traffic went through the WG-VPN connection.
> > It escapes me why. What is the idea behind this policy?
> >
> > On my Linux boxes it's not a problem, I don't have to use wg-quick and with few lines of bash in a script I have what I need. I have root.
> > On my Android devices I don't have root, and I cannot change anything in routing etc.
> > Why don't you provide an option to specify which net to route which way?
> >
> > Regards,
> > Chris
Hi,
As I wrote in another mail, AllowedIPs config file option has nothing to do with routing, IMHO.
It looks just like a filter.
Regards,
Chris
More information about the WireGuard
mailing list