Thanks for your reply!
I've had somebody on another forum recommend me to do this:
[...]
I can see the ranges provided are about the same as you mention. But I do wonder why I have to exclude so many ranges when all I need is 192.168.1.x ?
This is because a wireguard client needs to know what is "behind" the tunnel: for a common road warrior setup this is your home or company network (ie. 192.168.1.0/24).
If you are using wireguard to improve your privacy at open wlan for example, you need to specify the whole (IPv4) internet _except_ the private network ranges you are logged in into. The long list of networks is exactly this: everything (v4) except the private ranges.
Now, adding those lines I can do, but I have to admit it's the second part that's got me stumped. I'm using Windows. I cannot change YOURLANINTERFACE to eth0 because that wouldn't work. Do I need to make it the IP address of my desktop pc? And then what about my mobile phone?
I also totally don't understand what the third paragraph (the one about PostUp and Predown) means...
You shouldn't need to specify anything else. No iptables rules are necessary.
If you are using googles DNS you can add the 8.8.8.8/32 to the AllowedIPs. Don't add the 10.64.0.0/10 - the guy from the other forum just forgot to remove this when copying his config for you.
I have to mention that I'm only using wireguard on linux, android and ios - not windows. So there is the possibility the windows client has some differences. You could run "netstat -rn" before and after establishing the tunnel to inspect the routing table.
Alex
Previous Topic
Index
