diff --git a/wireguard/wg0.conf.tmpl b/wireguard/wg0.conf.tmpl
index c1614e6..cd818ff 100644
--- a/wireguard/wg0.conf.tmpl
+++ b/wireguard/wg0.conf.tmpl
@@ -2,8 +2,13 @@
 PrivateKey = ${wg_key}
 Address = ${wg_address}/${wg_prefix:-32}
 ListenPort = ${wg_port:-51820}
-PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT;
+{{ if len "${wg_routes:-}" }}{{ range "$wg_routes" | split "," }}PostUp = ip -4 route add {{ . }} dev wg0
+{{ end }}{{ end }}
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
+{{ if len "${wg_routes:-}" }}{{ range "$wg_routes" | split "," }}PostDown = ip -4 route del {{ . }} dev wg0
+{{ end }}{{ end }}
+Table = off
 
 {{ range files "wireguard/peers" }} {{ if ne . "${tinc_peer_name}" }}
 [Peer]