Have WireGuard (Group) do nothing and just let instance-level rules kick in

kftb · November 07, 2025, 06:42:14 AM

Hi,

This might be more of a basic question, but I cannot figure it out:

I have two Wireguard instances:
- WireGuard A: Has access to all of LAN
- WireGuard B: Has only access to one local IP

I have defined the rules in their respective interfaces, but it seems that WireGuard (Group) is interfering with it.

When I remove all WireGuard (Group) rules, it blocks everything and the traffic doesn't hit the next set of rules on the instance-level. When I pass all traffic, it skips all further validation.

What I am looking for is basically a "Go straight to WireGuard A or B rules and do nothing else", but I cannot set it up that way.

How would I do that?

Thank you!

meyergru · November 07, 2025, 12:48:10 PM

I do it this way and it works just fine. I have no rules in the WireGuard group and do it explicitely for the individual interfaces.

franco · November 07, 2025, 01:13:19 PM

Keep in mind the group interfaces are mostly for the cases where you don't have a tunnel assigned as an interface.

Cheers,
Franco

Have WireGuard (Group) do nothing and just let instance-level rules kick in

kftb

November 07, 2025, 06:42:14 AM

meyergru

November 07, 2025, 12:48:10 PM #1

franco

November 07, 2025, 01:13:19 PM #2