I would like to generate both full and split tunnels for my devices but can’t figure out how to do it using a single wireguard container.
I thought the SERVER_ALLOWEDIPS_PEER_<client> environment variable might do it, but that doesn’t cause the client config to have the proper allowed IPs, just the wg0.conf.
Is this possible with a single wireguard container, or do I need to create a separate one for split tunnels so I can change ALLOWEDIPS?
Honestly, what you wrote sounds like a bunch of buzz words thrown together.
Full and split tunnels for my devices is meaningless without more context.
A full tunnel routes all traffic through the Wireguard connection, a split tunnel only routes the traffic for the allowed subnets.
When I’m out I want my phone to use the split tunnel so I have access to my internal services, but not route all my traffic home unnecessarily. Other times I’m on an untrusted wi-fi network and actually do want to route all traffic through my home network for privacy, so I switch to the full tunnel.
I have both types of configs now, created manually for Wireguard running on a Raspberry Pi but am trying to move to a Wireguard container on a Linux PC.
So what you mean is you want to split the tunnel on the client. That has very little to do with the server container.
You can edit the allowedips directive in your client config accordingly. You can create two profiles with different allowedips and switch between them. Server config doesn’t need to be adjusted for that.
It kind of has to do with the server container because the server container generates the client configs and you can set the allowed IPs by environment variable.
I’ll just use two containers.
You can edit the client conf before, during or after importing into your client (such as the Android app).
You only need to edit the allowed IPs line. You don’t need a second server container for that.
I will try that. I haven’t tested to confirm that the QR code generated for each client will be updated if I manually change the client config after initial creation.
My preference would be to have the container generate client configs without the need to manually modify them, which is why I asked my original question. Two containers would solve this with less manual intervention, but I’d also rather not have two containers if I can help it.