By AllowedIPs in the wireguard configuration file, you mean which IPs should be routed through the wireguard tunnel. So if you want to exclude a single IP address from these allowed IP addresses, all IP networks must be enabled except for that single IP(s)<\/p>\n\n\n\n
The easiest way to do this is with a Pyhton script:<\/p>\n\n\n\n
from ipaddress import ip_network\n\nstart = '0.0.0.0\/0'\nexclude = ['IP1REFREE', 'IP2REFREE']\n\nresult = [ip_network(start)]\nfor x in exclude:\n n = ip_network(x)\n new = []\n for y in result:\n if y.overlaps(n):\n new.extend(y.address_exclude(n))\n else:\n new.append(y)\n result = new\n\nprint(','.join(str(x) for x in sorted(result)))<\/pre>\n\n\n\nSave this script as a +.py file and then you can run it, for example, like this (on Linux):<\/p>\n\n\n\n
python3 subnets.py<\/pre>\n\n\n\nYou can then enter the result after \u201cAllowedIPs =\u201d.<\/p>\n\n\n\n