While fooling around with WireGuard I set two of my peers with 0.0.0.0/0 as the allowed IPs.
1 2 3 4 5 6 7 8 9 10 11 |
[Peer] PublicKey = FlhmxdRa+GVkJfL3K5T4pDCjntRb5DBrPbY3i0uBq2Y= AllowedIPs = 0.0.0.0/0 Endpoint = 2.2.2.2:51820 PersistentKeepalive = 25 [Peer] PublicKey = DnrPZq367cgs1EUUAABSvQYgdf+eaiwQTjBhlJlMbgY= AllowedIPs = 0.0.0.0/0 Endpoint = 1.1.1.1:51820 PersistentKeepalive = 25 |
My thinking being I want to accept traffic from any IP ranges on either of these peers.
Unfortunately that broke things. That’s because as this WireGuard overview page goes into:
… when sending packets, the list of allowed IPs behaves as a sort of routing table, and when receiving packets, the list of allowed IPs behaves as a sort of access control list.
Emphasis mine. So by having 0.0.0.0/0 I was in essence telling WireGuard there are two default gateways for going traffic… and that’s not accepted. I Googled around a bit and found this mailing list reply where the author confirms the same and also adds that the last peer with 0.0.0.0/0 as the allowed IPs wins.