Is it possible to disable wireguard on specific Wi-Fi ?

Nohk Two nohktwo at
Fri Apr 22 13:00:32 UTC 2022

On 2022/4/22 17:51, Björn Fries wrote:
> Am 22.04.22 um 08:16 schrieb Björn Fries:
>> the way I solve this is that I use a slightly larger /23-subnet in the
>> AllowedIPs=
>> and when I get a local IP inside at home, the kernel 
>> automatically uses the more specific route.
> an example:
> my laptop e.g. has
> Address =
> PrivateKey = xxx
> [Peer]
> PublicKey = xxx
> AllowedIPs =,
> Endpoint =  myhomeIP:51820
> PersistentKeepalive = 25
> is the wireguard-IP of my wireguard-server at home.
> This way I can reach for example my printer at even if I am 
> on the move, because my wireguard server is installed on my router at 
> home (Unifi USG-3P).
> The printer sends it packets for simply to its default 
> gateway, which is my router/wg-server, that forwards it over wireguard.
> When I'm in my network at home, my laptop gets the IP 
> and automatically talks to the other devices in the LAN without taking 
> the wireguard route, because the subnet is more specific.
I referred to your example and the Android phone is now:

Address =
DNS =,
PrivateKey = xxx

PublicKey = xxx
AllowedIPs =,
Endpoint = myhomeIP:4999
PresharedKey = xxx is my wireguard-IP address of my wireguard-server at home.

It work nicely if the Android phone is on 4G network. But it still 
failed when I connect to my LAN's Wi-Fi (no internet accessing and no 
LAN accessing). The phone got the LAN IP address from 
the DHCP server.

Maybe the routing implementation in Android doesn't fit this solution.

Anyway, thank you very much. :)

More information about the WireGuard mailing list