diff --git a/cluster/services/wireguard/default.nix b/cluster/services/wireguard/default.nix
index bcebe6f..c3c78ab 100644
--- a/cluster/services/wireguard/default.nix
+++ b/cluster/services/wireguard/default.nix
@@ -24,6 +24,7 @@ in
         inherit meshNet;
         pubKey = "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk=";
         privKeyFile = ./mesh-keys/VEGAS.age;
+        extraRoutes = [ "${hosts.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ];
       };
     };
     mesh-node-prophet = {
@@ -33,6 +34,7 @@ in
         inherit meshNet;
         pubKey = "MMZAbRtNE+gsLm6DJy9VN/Y39E69oAZnvOcFZPUAVDc=";
         privKeyFile = ./mesh-keys/prophet.age;
+        extraRoutes = [];
       };
     };
   };
diff --git a/cluster/services/wireguard/mesh.nix b/cluster/services/wireguard/mesh.nix
index b29ba4f..c154968 100644
--- a/cluster/services/wireguard/mesh.nix
+++ b/cluster/services/wireguard/mesh.nix
@@ -8,7 +8,7 @@ let
     peerLink = cluster.config.links."mesh-node-${peerName}";
   in {
     publicKey = peerLink.extra.pubKey;
-    allowedIPs = [ "${peerLink.extra.meshIp}/32" ];
+    allowedIPs = [ "${peerLink.extra.meshIp}/32" ] ++ peerLink.extra.extraRoutes;
     endpoint = peerLink.tuple;
   };
 in