| ▲ | ImPleadThe5th 4 hours ago | |||||||
Naive question here: with WireGuard VPN, does all traffic route through the VPN or only those packets bound for the other devices in the mesh? | ||||||||
| ▲ | pcarroll 3 hours ago | parent | next [-] | |||||||
WireGuard itself can be configured to work either way. Our target market is smaller teams and people with limited IT skills. So, we chose not to send all traffic through the vpn. The only traffic going through the VPN is traffic to and from your other devices (in your account). Internet access is still through your default network. In the Pro version, you can route specific destinations through other peers, also belonging to you. An example use case here would be accessing your web banking while on vacation in a distant country. You would route your bank website through your home connection. Similarly, our access control is only restricting traffic that comes from your devices on the wireguard network. We do not interfere with the settings of your own personal firewall. | ||||||||
| ||||||||
| ▲ | infogulch 3 hours ago | parent | prev [-] | |||||||
For WireGuard in general, you provide it an AllowedIPs config which is a list of CIDR ranges that should be routed across the link. That could be `0.0.0.0/0` (aka everything), a single subnet, a union of several, or even individual IPs. This config is technically symmetric between the endpoints, though a prototypical implementation of "individual clients enable the VPN to access the internal network" may limit the "client" AllowedIPs to an individual address. | ||||||||