Wireguard allowedIPs and a common subnet?

Question

I can't be this dense -- well, yes I can I suppose, but it wasn't a goal I'd set, wireguard is making me do it.

I've got it working, in a sense. It looks like this:

Router01 has Wireguard on it, and has a publci IP of 199._._.2/24  AllowedIPs is 10.8.0.2
Client01 has Wireguard on it, and right now, WG has created a private IP space 10.8.0.0/24 and Router01 has 10.8.0.1/24 and the client has 10.8.0.2.  AllowedIPs is 0.0.0.0

This all works - Client1 can ping Router01 etc. But I have a different problem. We have the subnet 199..._/24. That's our public IPv4 range (we have V6 too, but let's stick to V4 here to make it easier.) What I wanted to do was:

• Router has 199...0-63/26
• Client01 has 199...64-127/26
• Client02 has 199...128-191/26
• Client03 has 199...192-255/26

But what do I set the allowed IPs to? The Router has to say "Anthing 199...64-255 goes down a tunnel, but 199...0-63 does not. The clients have 0.0.0.0. There's no NATing either.

If this were OpenVPN, I'd handle it a different way:

• Router01 still has 199...0-63/26
• Router01 exposes a private range 192.168.0.x/24 we use for tunnels
• Since OpenVPN couldn't care less about IPs, each client has a tunnel to Router01, for example, Client01 = 192.168.0.2/24 <-> 192.168.01, Client02 = 192.168.0.3/24 <-> 192.168.0.1
• From here on, it's just normal routing that makes everything work. We push static routes around and everything works.

But Wireguard wants to look at IPs -- can I turn this off, and make Wireguard "dumb" again?