Hi, As we know, the AllowedIPs will set the route table. However, if we want to set the CIDR, but except for some CIDR range, it's not so easy and out of the box. For example, if I want to route my all traffic, except the 192.168.0.0/16. I have to calculate the two CIDR difference: AllowedIPs = 0.0.0.0/1 + 128.0.0.0/1 - 192.168.0.0/16 = 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/2,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3,10.99.0.0/24 Is it possible to be built in Wireguard in the future? I think it's very useful. The discussion link is here: https://www.reddit.com/r/WireGuard/comments/m44fi5/enhance_the_allowedips/ Thanks.
> On Mar 15, 2021, at 2:57 AM, Feng Li <lifeng1519@gmail.com> wrote:
>
> As we know, the AllowedIPs will set the route table. However, if we
> want to set the CIDR, but except for some CIDR range, it's not so easy
> and out of the box. For example, if I want to route my all traffic,
> except the 192.168.0.0/16. I have to calculate the two CIDR
> difference:
>
> AllowedIPs =
> 0.0.0.0/1 + 128.0.0.0/1 - 192.168.0.0/16
> =
> 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/2,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3,10.99.0.0/24
For giggles, I though this might be a clever solution:
--
[Peer]
PublicKey = <remote PublicKey>
Endpoint = remote-vpn:51820
AllowedIPs = 0.0.0.0/0, ::/0
[Peer]
PublicKey = <local PublicKey>
Endpoint = 127.0.0.1:51820
AllowedIPs = 192.168.0.0/16
--
I tested, but wg silently ignores peers to itself.
Lonnie
[-- Attachment #1.1: Type: text/plain, Size: 530 bytes --] On 15/03/2021 13:31, Lonnie Abelbeck wrote: > For giggles, I though this might be a clever solution: > -- > [Peer] > PublicKey = <remote PublicKey> > Endpoint = remote-vpn:51820 > AllowedIPs = 0.0.0.0/0, ::/0 > > [Peer] > PublicKey = <local PublicKey> > Endpoint = 127.0.0.1:51820 > AllowedIPs = 192.168.0.0/16 > -- > > I tested, but wg silently ignores peers to itself. > Lonnie Indeed; but nothing prevents you from terminating it with a different local WireGuard interface with a different private key. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --]
Just in case:
I guess you have already thought about using the post script to add a separate
route to 192.160.0.0/16 using the original path with a lower metric.
On 15/03/2021 08:57, Feng Li wrote:
> Hi,
>
> As we know, the AllowedIPs will set the route table. However, if we
> want to set the CIDR, but except for some CIDR range, it's not so easy
> and out of the box. For example, if I want to route my all traffic,
> except the 192.168.0.0/16. I have to calculate the two CIDR
> difference:
>
> AllowedIPs =
> 0.0.0.0/1 + 128.0.0.0/1 - 192.168.0.0/16
> =
> 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/2,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3,10.99.0.0/24
>
> Is it possible to be built in Wireguard in the future? I think it's very useful.
>
> The discussion link is here:
> https://www.reddit.com/r/WireGuard/comments/m44fi5/enhance_the_allowedips/
>
> Thanks.
Thanks.
Add a route is simple on Linux, But it's not simple for other
platforms, like Windows.
So changes the AllowedIPs is the best option.
On Tue, Mar 16, 2021 at 7:40 PM Chris <wireguard@spam-free.eu> wrote:
>
> Just in case:
> I guess you have already thought about using the post script to add a separate
> route to 192.160.0.0/16 using the original path with a lower metric.
>
> On 15/03/2021 08:57, Feng Li wrote:
> > Hi,
> >
> > As we know, the AllowedIPs will set the route table. However, if we
> > want to set the CIDR, but except for some CIDR range, it's not so easy
> > and out of the box. For example, if I want to route my all traffic,
> > except the 192.168.0.0/16. I have to calculate the two CIDR
> > difference:
> >
> > AllowedIPs =
> > 0.0.0.0/1 + 128.0.0.0/1 - 192.168.0.0/16
> > =
> > 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/2,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3,10.99.0.0/24
> >
> > Is it possible to be built in Wireguard in the future? I think it's very useful.
> >
> > The discussion link is here:
> > https://www.reddit.com/r/WireGuard/comments/m44fi5/enhance_the_allowedips/
> >
> > Thanks.
>