Hi,
In WireGuard, the address pool is used by the clients to obtain an IP address on the VPN subnet, so basically, it is used by the tunnel. To enable routing between LAN networks, you need to specify the LAN networks in the AllowedIPs field. This means that any IP address that matches the AllowedIPs will be routed through the VPN tunnel.
For example, suppose you have a server with LAN IP of 192.168.1.0/24 and a client with LAN IP of 192.168.10.0/24.
The server has added AllowedIP of 192.168.10.0/24 (LAN of the client). The client has added AllowedIP of 192.168.1.0/24 (LAN of the server).
When the server needs to send packets to 192.168.10.1, it will first check its routing table to determine if the destination IP address belongs to a directly connected network. If not, it will then check if the destination IP address matches any of the AllowedIPs on its WireGuard side. and if so, it will route the packet through the VPN tunnel to the client. The 192.168.10.1 matches and is sent to the client over VPN.
When the client receives the packet, he decapsulates and decrypts it. Then he will check the source IP address (IP address of the server matches the address pool/ Allowed IPs) and if it matches on its side, it will accept the packet. Otherwise, it will drop the packet.
if you want to route all traffic from client to the server via VPN, you need to add allowed IPs of 0.0.0.0/0 or 0.0.0.0/1 + 128.0.0.0/1 on the client side.
Kind Regards,
Andzej