Home / server / Questions / 961833
Accepted
Farhan
Asked: 2019-04-07 10:51:45 +0800 CST

Is it possible to disable default gateway in WireGuard VPN client?

  • 772

Is it possible to disable default gateway in WireGuard VPN client? I used "allowed IP" to my own subnet, but still whenever I try to connect to VPN server, the client sets default gateway to the WireGuard server IP.

Any other way to disable default gateway in WireGuard?

vpn

2 Answers

  1. Best Answer

    Instead of specifying AllowedIPs = 0.0.0.0/0 specify an ip address.

    Ran into this question wondering the same thing. The use case detailed here pointed me in the right direction: https://emanuelduss.ch/2018/09/wireguard-vpn-road-warrior-setup/

    • 3

  2. I used systemd. Setting netdev here https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BWireGuard%5D%20Section%20Options will not create route table entry for you. You'll need to manually add it here https://www.freedesktop.org/software/systemd/man/systemd.network.html#%5BNetwork%5D%20Section%20Options . I'm allowing all IPs but only route specific traffic to wg interface.

    If using wg-quick, probably you'll need to change Table=off , per https://manpages.debian.org/unstable/wireguard-tools/wg-quick.8.en.html

    Edit:

    As systemd v250 https://github.com/systemd/systemd/releases , systemd will automatically creates routing for you. To disable so, you need to add RouteTable=off under [WireGuardPeer] in your netdev file.

    • 2