Wire guard client running on GL-iNet devices

When I set AllowedIPs to 10.0.0.0/24 on client the GL-MT3000, the WireGuard (WG) VPN is NOT allow unencrypted internet access (Internet is blocked). It does, however, allow encrypted tunnel access to the remote network’s local resources. Should it NOT allow unencrypted internet access as does other WG software clients i.e. WG OSX client version: 1.0.16 (27) , Windows 10/11 WG client and ubuntu WG client ?

When I have AllowedIPs is set to 0.0.0.0/0, ::/0 is working as expected with all traffic is encrypted to the WG server internet.

I test. the same configure file for the wire guard client
current hardware:
Devices: Beryl AX GL-MT3000 and GL-MT6000
Firmware Version: 4.6.2 ,Firmware Type: release1
Compile Time: 2024-06-28 08:56:13 (UTC+00:00)
setup
GL-MT6000 is acting as the WireGuard Server
GL-MT3000 is acting as the WireGuard Client

client config file
[Interface]
PrivateKey = < private key>=
Address = 10.10.1.2/24
DNS = 1.1.1.1
MTU = 1420
[Peer]
PublicKey = =
AllowedIPs = 10.1.1.0/24
Endpoint = < public Internet IP iv4 >:51820
PersistentKeepalive = 25

should it not work like this with 10.1.1.0/24

Did you enable „Block non VPN traffic“ by chance?

hi thanks for the reply. base on your feed back. I review your suggestion. I found need to do change the following two setting for have the wire guard client to work correctly with the AllowedIPs = 10.1.1.0/24 configure file and the other configure file with AllowedIPs =0.0.0.0/0, ::/0. The two changes were :