As you possibly know Wireguard hasn’t something like “DisallowedIPs” parameter to exclude some networks from allowed ones. Of course technically AllowedIPs is enough, but I am tired to calculate it by hand, so created this simple calculator:
Update: I am using small Golang HTTP-server to quickly calculate results and at first I tried ipaddr due to its similarity to the Python ipaddress. But it has a little problem, in my case it caused an infinite loop that led to DoS and finally to panic. Better use the brilliant netaddr developed by Brad Fitzpatrick and the Tailscale team (their blogpost with motivation)
Update 2: I realized that this is a great case to use WASM!
Update 3: For some reason I didn’t publish source code right after this blog post was written. In 2023, I thought I lost it forever, but randomly found it in my backup files. WASM sources here. HTTP API mini server sources are probably still lost :(