>there are routes that try to send traffic to those IPs through WireGuard, such as a VPN 'route all traffic through my WireGuard link' default route
if you installed WireGuard on your default internet gateway and set AllowedIPs as 0.0.0.0/0 instead of the protected subnet.
I installed wireguard on a system that is not the default gateway. And yeah. It has AllowedIPs 0.0.0.0/0 , because it’s assumed that anything I route through it is meant to be routed over the vpn
Then on the gateway all traffic for x.x.x.x/16 is just a static route to that secondary system.
eg my normal NAT gateway is a cable modem at 10.0.0.1 , wireguard is 10.0.0.8 . Then I just have a specific route for 172.16.0.0/16 via 10.0.0.8 set on the cable modem UI (the cable modem UI does something called Static routes - equivalent to “routes in DHCP scopes”) and I don’t have this problem.
It’s not shoving all my internet traffic through the tunnel. Although that may be desired behavior for some people: ie you have a $5 unmetered VPS and want to hide your home IP at all times (maybe you like privacy or torrenting things.) Then go ahead and put wireguard on your gateway and set AllowedIps as 0.0.0.0/0
The main reason i don’t want this is because I have a gig connection and can “””only””” do about 300Mbps encrypted through the tunnel.
There’s some sites I think are clowns with privacy , or in one case are treating my home connection as spam or suspicious though. So I have their entire class A/B/C networks static routed through wireguard as well. (Off the top of my head, Microsoft/Azure, Bluesky (who won’t let me tap firehose from my home IP), Reddit, and all Cloudflare networks also have static routes via 10.0.0.8.)
if you installed WireGuard on your default internet gateway and set AllowedIPs as 0.0.0.0/0 instead of the protected subnet.
I installed wireguard on a system that is not the default gateway. And yeah. It has AllowedIPs 0.0.0.0/0 , because it’s assumed that anything I route through it is meant to be routed over the vpn
Then on the gateway all traffic for x.x.x.x/16 is just a static route to that secondary system.
eg my normal NAT gateway is a cable modem at 10.0.0.1 , wireguard is 10.0.0.8 . Then I just have a specific route for 172.16.0.0/16 via 10.0.0.8 set on the cable modem UI (the cable modem UI does something called Static routes - equivalent to “routes in DHCP scopes”) and I don’t have this problem.
It’s not shoving all my internet traffic through the tunnel. Although that may be desired behavior for some people: ie you have a $5 unmetered VPS and want to hide your home IP at all times (maybe you like privacy or torrenting things.) Then go ahead and put wireguard on your gateway and set AllowedIps as 0.0.0.0/0
The main reason i don’t want this is because I have a gig connection and can “””only””” do about 300Mbps encrypted through the tunnel.
There’s some sites I think are clowns with privacy , or in one case are treating my home connection as spam or suspicious though. So I have their entire class A/B/C networks static routed through wireguard as well. (Off the top of my head, Microsoft/Azure, Bluesky (who won’t let me tap firehose from my home IP), Reddit, and all Cloudflare networks also have static routes via 10.0.0.8.)