How does AllowedIPs behave on clients and what are the side effects?
It's not very clear whether the client's behavior overrides the server's behavior in terms of allowing or refusing access to the network/subnet, and or IP address(es) specified in that field.
My understanding is that, even if you assign an IP, say of, 10.0.1.x/32, to a client Peer, it can specify its own IP with a different subnet, allowing it to receive other peers packets.
Is this the case? If so, how can one configure wireguard to only allow peers access the servers internet (pass-through) but without the peers having access to, or knowledge of other peers?
How does
AllowedIPs
behave on clients and what are the side effects?It's not very clear whether the client's behavior overrides the server's behavior in terms of allowing or refusing access to the network/subnet, and or IP address(es) specified in that field.
My understanding is that, even if you assign an IP, say of, 10.0.1.x/32, to a client Peer, it can specify its own IP with a different subnet, allowing it to receive other peers packets.
Is this the case? If so, how can one configure wireguard to only allow peers access the servers internet (pass-through) but without the peers having access to, or knowledge of other peers?