Enhance the "AllowedIPs"

Lonnie Abelbeck lists at lonnie.abelbeck.com
Mon Mar 15 13:31:12 UTC 2021


> On Mar 15, 2021, at 2:57 AM, Feng Li <lifeng1519 at gmail.com> wrote:
> 
> As we know, the AllowedIPs will set the route table. However, if we
> want to set the CIDR, but except for some CIDR range, it's not so easy
> and out of the box. For example, if I want to route my all traffic,
> except the 192.168.0.0/16. I have to calculate the two CIDR
> difference:
> 
> AllowedIPs =
> 0.0.0.0/1 + 128.0.0.0/1 - 192.168.0.0/16
> =
> 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/2,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3,10.99.0.0/24

For giggles, I though this might be a clever solution:
--
[Peer]
PublicKey = <remote PublicKey>
Endpoint = remote-vpn:51820
AllowedIPs = 0.0.0.0/0, ::/0

[Peer]
PublicKey = <local PublicKey>
Endpoint = 127.0.0.1:51820
AllowedIPs = 192.168.0.0/16
--

I tested, but wg silently ignores peers to itself.

Lonnie





More information about the WireGuard mailing list