Using multiple lines 'AllowedIPs' in the wg client config does work, even with one or more IP ranges per line as in this example. Only the IPs matching the specified ranes go through the tunnel. But when I add the IP of the server itself (for maintenance which should go through the tunnel) to the whitelist, thing go wrong, either the VPN blocks or all traffic goes through tunnel. It goes wrong on both OpnSense server and another server running Ubuntu with a WG server installed by apt. What am I doing wrong here ?
[Interface]
# Define the IP address for the client - must be matched with wg0 on the wireguard Server
Address = 10.0.0.3/24
# specific DNS Server
DNS = 1.1.1.1
PrivateKey = XXXXXXXX
[Peer]
PublicKey = YYYYYYYYY
I only want these IP ranges going through tunnel, this works
AllowedIPs = 1.2.3.0/24, 5.6.7.0/30
Unless ...
Using internal server IP (withing the WG network) blocks all above IP addresses
AllowedIPs = 10.0.0.1/32
Or using external server IP blocks all above IP addresses as well
AllowerdIPs = <SERVERIP>/32
Or using internal IP mask allows all traffic through tunnel
AllowedIPs = 10.0.0.0/24
Public IP address of the wireguard Server
Endpoint = <SERVERIP>:51820
Sending Keepalive every 25 sec
PersistentKeepalive = 25
