One thing worth adding to this is that what wg-quick does here - adding routes for each entry in AllowedIPs and a corresponding routing policy - is not part of wireguard itselfbut a wg-quick specific thing.
This can become important if you want to have redundant gateways or something like that - you can have overlapping AllowedIPs, it just won't work out of the box with wg-quick.
For example, systemd-networkd started also adding routes by default in v250 but (rightly so IMO[0]) reverted to not doing it in 250.3.
This can become important if you want to have redundant gateways or something like that - you can have overlapping AllowedIPs, it just won't work out of the box with wg-quick.
For example, systemd-networkd started also adding routes by default in v250 but (rightly so IMO[0]) reverted to not doing it in 250.3.
[0]: This comment captures it quite well: https://github.com/systemd/systemd/issues/14176#issuecomment...