Good to know: Mulitple AllowedIPs and WireGuard

While fooling around with WireGuard I set two of my peers with 0.0.0.0/0 as the allowed IPs.

My thinking being I want to accept traffic from any IP ranges on either of these peers.

Unfortunately that broke things. That’s because as this WireGuard overview page goes into:

when sending packets, the list of allowed IPs behaves as a sort of routing table, and when receiving packets, the list of allowed IPs behaves as a sort of access control list.

Emphasis mine. So by having 0.0.0.0/0 I was in essence telling WireGuard there are two default gateways for going traffic… and that’s not accepted. I Googled around a bit and found this mailing list reply where the author confirms the same and also adds that the last peer with 0.0.0.0/0 as the allowed IPs wins.