If I understand right, you want to create a wireguard peer on DigitalOcean, then route a block of IPs through it at the network level?
I’m 99% sure this won’t work with our built in WireGuard peers. You can do what you need by:
- Run a proxy on the DigitalOcean end and proxy your app requests through that. This could be a SOCKS proxy if you want to do generic network proxying, or something like HAproxy if you just need HTTP requests to one place. Your app will just talk to
<peer>._peers.internal:80or whatever you have it listen on. - Setup your own WireGuard network and connect to it from your app VMs. This should let you manage
AllowedIPsthe way you want, though it might require some tweaks to the VM to set routes up.
I would probably create a Tailscale exit node on DigitalOcean, then run tailscale in my VMs if I were trying to do this. WireGuard direct will work fine for this, but tailscale is definitely easier.