Hi @ITV 

Thanks for posting in our business forum.

Allowed-IP set to 0.0.0.0/0 and this will route everything to the VPN tunnel. Which is what you need as proxy, to change the IP address from a.b.c.125 to x.y.z.77.

  @Clive_A 

An AllowpedIPs=0.0.0.0/0 means a full tunnel. Meaning all subnets/vlans will be routed through the tunnel.

I guess I need a split tunnel - meaning only one specific vlan/subnet needs be routed through the tunnel.

Ideally there would be 3 vlans/subnets - each with a different WG-tunnel - not sure if this is supported.

Meaning subnet/vlan A is routed through WG-tunnel-A, subnet/vlan B is routed through WG-tunnel-B and subnet/vlan C is routed through WG-tunnel-C.

The 3 tunnels are running against 3 different VPS-es each with their own, unique public-IP (where x.y.z.77 is one of these three).

All other traffic would/should bypass the WG-vpn and should use the direct-connected Internet connection with public IP a.b.c.125.

Any suggestion on how to make this work?

With warm regards - Will

Hi @ITV 

Thanks for posting in our business forum.

Contradictory to what you described.

ITV wrote

I'm strugling with seting up a WireGuard VPN where all traffic from vlan 225 should be using the VPN and the Ubuntu VPS to reach the Internet. Meaning clients and applications used in this vlan should believe that their Internet IP is X.Y.Z.77.

 

Only when you set it to 0.0.0.0/0 can you do this highlighted part.

Or simply follow the guide I wrote for WG which explained you can just fill in allowed-ip with the VLAN subnet. That'll just allow you to access that VLAN you specified.