Multiple subnets / wiregard on/off


is it possible to have multiple subnets and route e.g. one subnet and all its devices to wireguard and one that bypasses wireguard?

I know you can whitelist MACs which would be a manual workaround but kind of annoying.


You can do this: set up guest wifi network, then set up vpn policy and do not use vpn on the guest wifi network.

Isn’t that what the AllowedIPs setting on the client is for. To only route IPs that match via the tunnel.


I do not want to go to the tech details about wireguard protocol. It is better to set up on the UI.

AllowedIPs seems to be the IP to be accessed not visiting from.

It is in the UI

Endpoint host is the IP you are connecting the tunnel to.

From the wireguard man, with the relevant part highlighted: AllowedIPs — a comma-separated list of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed.