> it appears I found a bug in the Windows implementation of the WireGuard
> client.
> I'm not sure, because it seems to be a rather trivial one, but I guess
> you will tell me if it's not the case.

It's not the case.

Windows will know correctly to send packets to the WireGuard interface. Mind
the "Interface" column in your "route print" output.
Once Windows sends packets to the WireGuard interface, WireGuard will handle
the rest: tunnel them to the appropriate peer according to AllowedIPs.

> So: When you activate a configured tunnel, WG sets the very first IP
> address of a network as gateway, instead of the first usable address.
> 
> That means, if you have a VPN (sub)net like 10.0.10.0/24, where your
> server has 10.0.10.1 and the Windows machine 10.0.10.4, the client tries
> to use 10.0.10.0 as gateway. This obviously doesn't work, because this
> address is reserved / not usable, and the gateway has a different IP.
> The first usable address for hosts is 10.0.10.1, which the WireGuard
> client should set as gateway.
> 
> Same applies for IPv6.

Who guarantees you the first usable address will always be the gateway? Some
use .254 for the gateway.

> I didn't try it out yet though, don't have a WireGuard dev env set up.
> If you want me to, I can take a look and maybe send a patch if I get it
> to work.

Please try it and see it just works as it is.

Mind boggling, isn't it? :)

Best regards,
Simon