I have wireguard servers set up on two Asus routers (an AX88 and an AX86pro) running Merlin. They are joined site to site, and on each I've generated client configurations for a stable of laptops and travel routers to connect to one or the other. That all works fine, although there are things I haven't figured out (a client connected to site A can't see site B, and vice versa, while devices on each site's LAN can see everything on the other site).
Because of that, I'm now experimenting with running two wireguard clients on the travel routers, one connected to each site, and using policy based routing to direct the traffic. That works fine too. In the course of that I realized that the client configurations generated on each Asus router are in the same subnet. At the moment, accidentally, I guess, they don't overlap. So I've got site A server allowed IPs of 10.6.0.2/32, 10.6.0.3/32, etc. But site B is generating allowed ips of 10.6.0.4/32, etc. I thought along the lines of OpenVPN I should somewhere specify the subnet for the generated configurations for the 10 clients so I could be sure there wouldn't be overlaps (e.g., 10.6.100.0/24 for site A and 10.6.200.0/24 for Site B). Did I miss it somewhere? Or should I be manually managing the allowed IPs into separate subnets?
Because of that, I'm now experimenting with running two wireguard clients on the travel routers, one connected to each site, and using policy based routing to direct the traffic. That works fine too. In the course of that I realized that the client configurations generated on each Asus router are in the same subnet. At the moment, accidentally, I guess, they don't overlap. So I've got site A server allowed IPs of 10.6.0.2/32, 10.6.0.3/32, etc. But site B is generating allowed ips of 10.6.0.4/32, etc. I thought along the lines of OpenVPN I should somewhere specify the subnet for the generated configurations for the 10 clients so I could be sure there wouldn't be overlaps (e.g., 10.6.100.0/24 for site A and 10.6.200.0/24 for Site B). Did I miss it somewhere? Or should I be manually managing the allowed IPs into separate subnets?
