Because google is exceptionally useless at letting me find this information, I want to preserve this here.
- Used tool: https://proxysocks5.com/tools/wireguard-allowed-ips-calculator/
- Used Reserved Networks (IPv4): https://en.wikipedia.org/wiki/List_of_reserved_IP_addresses
I want to route everything through my wireguard tunnel, except all private networks and any reserved IPs. Depending on your usecase, you may want to extend or reduce the list.
Basically, my wireguard "server" (peer from the side of my client PC) should only route anything that goes to the internet, anything else goes via my local routes.
To do this, you need to enter the following info in the Wireguard allowed IPs calculator:
0.0.0.0/0
- It is important to add the public IP of your WG Server here!
<PUBLIC_IP_OF_YOUR_WG_SERVER>/32,[List of reserved IP Blocks you do NOT want to route through WG, see wikipedia]
The resulting AllowedIPs does not contain your WG Network, if you add private networks to Disallowed IPs. To route anything to and through your server, you have to add your VPN Subnet to AllowedIPs
In the end, Allowed IPs should contain All Public Subnets, except your WG Server's Public IP Subnet (basically it will generate subnets "around" your Server's public IP/Subnet) and include your Wireguard VPN Subnet or just the VPN IP of your Wireguard server (which is a private ip).
The List of AllowedIPs goes into the [Peer] section on the client side.