I’ve been working on setting up a split-tunnel configuration with Wireguard, and I’m curious if anyone has successfully implemented this or has tips to share. I’m running Wireguard as a full tunnel at the moment, and it works perfectly for my LAN, IoT, and other networks. However, I’m looking to create a second profile for split-tunneling to manage specific traffic more efficiently.
I’ve tried configuring the split-tunnel by adjusting the allowed_ips and client_allowed_ips settings in my Wireguard configuration, but I’m encountering issues where the tunnels don’t work as expected. Here’s the current setup I’m experimenting with:
markdown
- name: KennethSplitTunnelVpn
addresses: [10.20.100.13]
allowed_ips:- 172.16.32.0/24
- 172.16.33.0/24
- 172.17.0.0/16
- 10.20.30.0/24
- 10.20.31.0/24
- 10.20.32.0/24
- 10.20.100.0/24
client_allowed_ips: - 172.16.32.0/24
- 172.16.33.0/24
- 172.17.0.0/16
- 10.20.30.0/24
- 10.20.31.0/24
- 10.20.32.0/24
- 10.20.100.0/24
From what I understand, allowed_ips tells the server which ranges can be sent through the tunnel, while client_allowed_ips specifies what ranges the client should send to the server. However, when I add the split-tunnel configuration, none of the tunnels work as intended. I’m wondering if there’s a specific order or combination of IP ranges that I’m missing or if there’s a better way to structure this configuration.
I’ve also noticed that the iptables rules are being set correctly, which suggests that the firewall level is configured properly. But I’m still not seeing the expected behavior with the split-tunnel. Has anyone else faced this issue or have a workaround?
It’s been a bit of a puzzle, but I’m hopeful that with some community input, I can get this working smoothly. I’m really impressed with Wireguard’s performance so far, and I’m excited to optimize it further for my setup.