Replying to moarch

You can do this by using the 'block-local' feature in the WireGuard Android app, which is designed to block any traffic from local network interfaces.

If that doesn't work:

Adjust WireGuard Configuration: The AllowedIPs configuration can determine what traffic is sent through the WireGuard tunnel. By setting AllowedIPs to 0.0.0.0/0, ::/0, you should be able to route all traffic through the VPN, effectively isolating your device from the local network.
Avatar
Bill Cypher 2y ago

That is my allowed IPs setting. I can't find block-local or anything similar in my wireguard settings. Do I need to switch to the fdroid release or side load from github?

Reply to this note

Please Login to reply.

Discussion

a1
moarch 2y ago

Use a Local Firewall:

a. If your device is rooted, you can use iptables to block all outbound and inbound multicast traffic.

b. The rule might look something like: iptables -A OUTPUT -d 224.0.0.0/4 -j DROP.

WireGuard Configuration:

a. Make sure you are not allowing traffic to the local network (e.g., AllowedIPs should not contain your local subnet).

Create a Specific VPN Profile:

a. On Android, you can create a specific VPN profile that does not allow traffic outside the tunnel (i.e., a full-tunnel setup).

Avatar
Bill Cypher 2y ago

Not rooted.

That is the opposite of how I read the wireguard docs. I thought it should be that allowed IPs are destination ranges that must pass through the VPN. So the global default *should* do the trick.

Guide you recommend for this one? The mixed meanings of the word profile in the context is making search hard.