diff --git a/lower/nic.go b/lower/nic.go
index 07b3fe7..b07fb8a 100644
--- a/lower/nic.go
+++ b/lower/nic.go
@@ -18,12 +18,14 @@ type NIC struct {
 	ifce     *water.Interface
 	ip       string
 	subnet   string
+	cidrs    []string
 	hasstart bool
 }
 
 // NewNIC 新建 TUN 网络接口卡
 // 网卡地址为 ip, 所属子网为 subnet
-func NewNIC(ip, subnet string) (n *NIC) {
+// 所有路由为 cidrs
+func NewNIC(ip, subnet string, cidrs ...string) (n *NIC) {
 	ifce, err := water.New(water.Config{DeviceType: water.TUN})
 	if err != nil {
 		panic(err)
@@ -31,6 +33,7 @@ func NewNIC(ip, subnet string) (n *NIC) {
 	n = &NIC{
 		ifce:   ifce,
 		ip:     ip,
+		cidrs:  cidrs,
 		subnet: subnet,
 	}
 	n.prepare()
diff --git a/lower/tun_darwin.go b/lower/tun_darwin.go
index 1d2e3fd..497c2ab 100644
--- a/lower/tun_darwin.go
+++ b/lower/tun_darwin.go
@@ -6,6 +6,9 @@ package lower
 func (n *NIC) prepare() {
 	execute("ifconfig", n.ifce.Name(), "inet", n.ip, n.ip, "up")
 	execute("route", "add", n.subnet, "-interface", n.ifce.Name())
+	for _, c := range n.cidrs {
+		execute("route", "add", c, "-interface", n.ifce.Name())
+	}
 }
 
 func (n *NIC) Up() {
diff --git a/lower/tun_linux.go b/lower/tun_linux.go
index 045576d..5a27dce 100644
--- a/lower/tun_linux.go
+++ b/lower/tun_linux.go
@@ -8,6 +8,9 @@ func (n *NIC) prepare() {
 	execute("/sbin/ip", "addr", "add", n.ip, "dev", n.ifce.Name())
 	execute("/sbin/ip", "link", "set", "dev", n.ifce.Name(), "up")
 	execute("/sbin/ip", "route", "add", n.subnet, "dev", n.ifce.Name())
+	for _, c := range n.cidrs {
+		execute("/sbin/ip", "route", "add", c, "dev", n.ifce.Name())
+	}
 }
 
 func (n *NIC) Up() {
diff --git a/main.go b/main.go
index 7812c77..fda8de5 100644
--- a/main.go
+++ b/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"flag"
 	"fmt"
+	"net"
 	"os"
 
 	base14 "github.com/fumiama/go-base16384"
@@ -127,7 +128,30 @@ func main() {
 		os.Exit(0)
 	}
 
-	nic := lower.NewNIC(c.IP, c.SubNet)
+	cidrsmap := make(map[string]bool, 32)
+	_, mysubnet, err := net.ParseCIDR(c.SubNet)
+	if err != nil {
+		panic(err)
+	}
+	for _, p := range c.Peers {
+		for _, ip := range p.AllowedIPs {
+			ipnet, _, err := net.ParseCIDR(ip)
+			if err != nil {
+				panic(err)
+			}
+			if !mysubnet.Contains(ipnet) {
+				cidrsmap[ip] = true
+			}
+		}
+	}
+	cidrs := make([]string, len(cidrsmap))
+	i := 0
+	for k := range cidrsmap {
+		cidrs[i] = k
+		i++
+	}
+
+	nic := lower.NewNIC(c.IP, c.SubNet, cidrs...)
 	me := link.NewMe(&key, c.IP+"/32", c.EndPoint, true)
 
 	for _, peer := range c.Peers {