Quotation from Joachim Lindenberg at Juli 14, 2020 15:43: > didn´t find a good documentation on that. Oh, there is, one doesnt recognize in the first place as a beginner. ;) > And obviously with one connection it wasn´t that > important to get it right. depends on your demand. so if you put your setting 0.0.0.0/0 there all traffic goes into that tunnel. if the other end doesnt know how to react this wont work neither. it's a typical setup where you want to reach the internet via a VPN. if you want to connect boxes into a network to be securly reachable to each other this is a completly different demand. you just give each box an IP and tell wiregard where to find it. > What IP addresses or network > should AllowedIPs refer to? Client? Server? Tunnel? there isnt really a client or server in wg. ;) i typically use a star-topology for that. there is a box in the middle, all others connect to that middle box. all the boxes are in the network 172.16.0.0 and are numbered 172.16.0.1, 172.16.0.2, ... the middle box has entries for each peer like [Peer] PublicKey = AllowedIPs = 172.16.0.1/32 ... while the box itself has an entry [Peer] PublicKey = AllowedIPs = 172.16.0.0/12 ... for the peer and the IP configured for the interface: [Interface] Address = 172.16.0.1 ... that should do. i agree: the setup is a bit notchy to maintain but there are tools for that. i still do it manually but i dont have that much peers. best regards, Michael M. Dietrich