Howto route a network behind a client/peer?

Question

Howto route a network behind a client/peer?

majes-github opened this issue 4 years ago · comments

Hello,

I don't see an option to specify a network behind a wireguard client. Normally that should be possible using "allowed ips".

Please advise.

Markus Viitamäki · Answer 1 · Sun Nov 22 2020 22:29:26 GMT+0800 (China Standard Time)

You can specify the allowed ips with --wg-allowed-ips= when running wg-ui!
You can find documentation about flags by running adding -h when running the binary.

majes-github · Answer 2 · Fri Nov 27 2020 05:18:50 GMT+0800 (China Standard Time)

Of course I have tested --wg-allowed-ips before posting. This options adds AllowedIPs = to all clients!

I'm looking for an equivalent of this server config in wg-quick syntax:

# the server
[Interface]
PrivateKey = XXXX
Address = 172.16.0.1/32
ListenPort = 51820

# client A
[Peer]
PublicKey = YYYY
AllowedIPs = 172.16.0.11/32, 192.168.178.0/24


# client B
[Peer]
PublicKey = ZZZZ
AllowedIPs = 172.16.0.12/32, 192.168.0.0/24

Markus Viitamäki · Answer 3 · Fri Nov 27 2020 06:30:15 GMT+0800 (China Standard Time)

Ah, I misunderstood.
That's not currently supported.

majes-github · Answer 4 · Mon Nov 30 2020 15:17:04 GMT+0800 (China Standard Time)

Too bad. Unfortunately, this makes this very nice tool useless to me. Shouldn't be a big feature to implement, since the server already sets AllowedIPs to the tunnel IP of the particular client. Adding another subnet (taken from a UI string field) should be rather simple.
How big are chances to get this merged when I would provide a PR?

Markus Viitamäki · Answer 5 · Mon Nov 30 2020 16:25:20 GMT+0800 (China Standard Time)

We gladly merge a change for it, feel free to submit a PR!