I've had WireGuard running for a day or two, with a single Android phone as a client, routing all traffic through my router. I added a second peer on the interface on the router, and everything seemed to work fine. Today neither Android client can reach any ip. On the wg0 status page, the first peer show:
Allowed IPs:
• (none)
and only the second peer show the correct value (the config file on the router show correct value for both):
Allowed IPs:
• 0.0.0.0/0
• ::/0
If I delete the second peer and reboot the router, client 1 is working as expected again. Running 18.06.0
Two peers can not have the same allowed-ip. For Android client, set allowed-ips to one single ip, maybe 192.168.12.34/32, at router side. Allowed-ips 0.0.0.0/0 is correct at client side.
2 Likes
Oh right, thanks! I misunderstood this part:
"Required. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel."
I was thinking, since the client is routing all traffic to internet through the tunnel, it should be 0.0.0.0/0. But does it actually mean all the ip's that should be reachable on the client network, from the OpenWRT server network?
In other words, when sending packets, the list of allowed IPs behaves as a sort of routing table, and when receiving packets, the list of allowed IPs behaves as a sort of access control list.