Allowed IPs =
Note: Wireguard works only with subnets. If you want, for example, to disallow the IP address 192.168.1.10, you will need to disallow the entire subnet, 192.168.1.0/24.
Note: If you want to disallow an IP address in your local network (so that traffic to that IP is not routed through Wireguard), check if IPv6 is enabled in your local network. Run the appropriate commands (ifconfig for Linux/macOS or ipconfig for Windows), and add the IPv6 subnet to the disallowed IPs as well, if you have one, in some cases only IPv4 disallowing is not enough if your network has IPv6 as well. For example, this is useful when trying to access your NAS while connected to Wireguard.
You can use the AllowedIPs setting in WireGuard to define which IP address ranges should be routed through specific WireGuard peers. If you want to route all traffic through a particular peer, you can configure its AllowedIPs setting like this:
AllowedIPs = 0.0.0.0/0, ::/0
This tells WireGuard to route all IPv4 traffic (represented by 0.0.0.0/0) and all IPv6 traffic (represented by ::/0) through the peer. Additionally, you can specify multiple IP ranges on the same line, separated by commas, as shown above.
If you want to route traffic through a WireGuard peer for just a specific range of IP addresses, such as a block from 192.168.1.0 to 192.168.1.255 at a remote location, you can configure the AllowedIPs setting as follows:
AllowedIPs = 192.168.1.0/24
But what if you need the opposite—where you want to route all traffic through a WireGuard peer except for one or more specific IP ranges? In this case, you would exclude the specific blocks from the allowed addresses and configure the AllowedIPs setting accordingly, which might result in a longer list of IP blocks.
For example, let’s say you want to route all your Internet traffic through the WireGuard peer, but exclude your internal networks within the private-use 192.168.1.0/24 block. To do this, you can configure the peer with the following AllowedIPs setting:
AllowedIPs = 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.1.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
This approach allows you to define exceptions and manage your traffic routing more precisely.
We offer a big range of products, static or rotating IP's, that you can choose from whatever location you need
Buy Proxy now HTTP Proxies or SOCKS5, Dedicated or Shared, Residential or Datacenter. Fully Anonymous and Premium.
Buy ProxyGot questions? We've got answers! Dive into our frequently asked questions below.
WireGuard is a modern, fast, and secure VPN (Virtual Private Network) protocol designed to be simple and highly efficient. It establishes encrypted connections between devices using state-of-the-art cryptography.
In WireGuard, Allowed IPs are the ranges of IP addresses that define which traffic should be routed through a particular peer. They essentially tell WireGuard what traffic to encrypt and send through the VPN tunnel.
The Allowed IPs setting in WireGuard specifies what IP ranges should be routed through the VPN. For example, setting Allowed IPs to 0.0.0.0/0 will route all traffic, while specifying specific subnets limits it to certain ranges.
To exclude an IP range from routing through WireGuard, you can use a technique called 'subnet subtraction'. This involves configuring Allowed IPs with the necessary ranges while excluding specific internal or private networks.
A WireGuard Allowed IPs Calculator is a tool that helps generate the necessary IP blocks for routing or excluding specific ranges of IPs through a WireGuard peer, making configuration easier.
Yes, by subtracting the block you want to exclude from the full range (0.0.0.0/0) and specifying the remaining ranges in the Allowed IPs setting. This can be calculated using a WireGuard Allowed IPs Calculator.
To route just a single subnet through WireGuard, you need to specify the desired subnet in the Allowed IPs setting. For example, to route only 192.168.1.0/24, you would set Allowed IPs to 192.168.1.0/24.
Yes, WireGuard supports both IPv4 and IPv6 addresses. You can configure both at once by including the appropriate ranges in the Allowed IPs setting, such as 0.0.0.0/0 for IPv4 and ::/0 for IPv6.
This happens when the internal network's IP range is included in the Allowed IPs. To prevent this, you can exclude your internal network's IP block from the Allowed IPs setting using a calculator or manual configuration.
Yes, a WireGuard Allowed IPs Calculator can help you generate the proper IP ranges for multiple peers, ensuring that each peer handles the appropriate traffic and that no conflicts occur in routing.