AllowedIPs

AllowedIPs defines any IP ranges for which the device will be routing or passing traffic for. Client devices like laptops and phones will generally only have one or two IPs, being an IPv4 and IPv6 address of the client. On router nodes/bounce boxes this should be the subnets for which the router/bounce node will handle. It can be used more than once in the config file. You can specify multiple by using commas to separate the values, or you can just add multiple lines of AllowedIps. Similar to other routing engines it will prefer shortest length paths first, so if you have 1.1.1.1/32, 1.1.1.0/24, and 0.0.0.0/0 it will always pick 1.1.1.1/32 first.

Examples below!

peer is a router for other peers
AllowedIPs = 192.0.2.1/24, 2601:2601::/48

peer is a relay server that routes to itself and all nodes on its local interface
AllowedIPs = 192.0.2.3/32,192.168.1.1/24

peer is a relay devices that routes to itself and only one other peer
AllowedIPs = 192.0.2.3/32,192.0.2.4/32

peer is a routing server that bounces all internet & VPN traffic (similar to commercial VPNs)
AllowedIPs = 0.0.0.0/0,::/0

peer is a client device that only does traffic for itself.
AllowedIPs = 192.0.2.3/32, 2601:2601:c::3/128

What is WireGuard?

How does WireGuard work?

Generating a public/private keypair

[Interface]

Address

ListenPort

PrivateKey

DNS

Table

MTU

PreUp

PostUp

PreDown

PostDown

[Peer]

Endpoint

AllowedIPs

PublicKey

PersistentKeepalive

Simple router/bounce node with 3 clients

AllowedIPs