FWIW, I'm not sure adding complication to AllowedIPs is the right approach, but adding it to a tool seems reasonable. Maybe it also makes sense to allow an IPset, but I'm haven't thought it through. My gut says routing prior to Wireguard is probably what you're looking for.
[1]
https://github.com/ArgosyLabs/wgnlpy~Derrick • iPhone
I live in Iran, and here the internet censorship is fierce. I need to route almost all of my traffic through the VPN, but some domestic sites are not accessible from the US. Also, since ISPs apply different censoring rules, sometimes my own servers are not reachable via the VPN (because the server’s ISP blocks the VPN, while my local ISP does not.)The best current solution I’ve seen is```$ python3import ipaddress
n1 = ipaddress.ip_network('106.203.202.0/23')
n2 = ipaddress.ip_network('106.203.203.13/32')
l = list(n1.address_exclude(n2))
print(l)
```Which is terrible._______________________________________________WireGuard mailing listWireGuard@lists.zx2c4.comhttps://lists.zx2c4.com/mailman/listinfo/wireguard