WireGuard: How to push routes and dhcp options to clients from server? [closed]

Question

Does WireGuard support a way for the VPN Server to push routes and DHCP options to its Clients, like what OpenVPN does with something like:

push "route 10.0.2.0 255.255.255.0 " 

push "dhcp-option DNS 10.66.0.4"

I have 100s of clients that dynamically setup their VPN connection to the VPN server and I want these routes and options installed as and when they connect to the VPN server.

Answer 1

Routes or even split-tunneling is done by setting the Allowed IPs parameter in the client configuration!

Client config

[Interface]
# client001 #
PrivateKey = <private key of client>
Address = 100.64.0.100/32
DNS = 100.64.0.1

[Peer]
PublicKey = <public key of server>
PresharedKey = <preshared key for client>
AllowedIPs = 100.64.0.0/10, 192.168.178.0/24
Endpoint = <your-ip-or-fqdn.to.connect>:<port>
PersistentKeepalive = 25

Server Config

[Interface]
Address = 100.64.0.1/10
SaveConfig = true
ListenPort = 51820
PrivateKey = <private key of server>

[Peer]
PublicKey = <public key of client>
PresharedKey = <preshared key for client>
AllowedIPs = 100.64.0.100/32

In this case the configuration for the client AllowedIPs = 100.64.0.0/10, 192.168.178.0/24 sets routes on the client to send everything for 100.64.0.0/10 and 192.168.178.0/24 into the wireguard tunnel but nothing else. (Ip forwarding and masquerading is also activated on the WireGuard server.)

The DNS = 100.64.0.1 parameter tells the client to use 100.64.0.1 (in my case the WireGuard server) as DNS server. Even the DNS is on the WireGuard-Server itself, internet traffic is still routed directly, only DNS is done by my custom DNS.