diff --git a/modules/nixos/services/vpn/wireguard/client.nix b/modules/nixos/services/vpn/wireguard/client.nix
index 9be3134..a187b7b 100644
--- a/modules/nixos/services/vpn/wireguard/client.nix
+++ b/modules/nixos/services/vpn/wireguard/client.nix
@@ -2,6 +2,11 @@
 
 let
   cfg = config.local.services.vpn.wireguard;
+
+  addrsViaDefaultInterface = [
+    # cache.nixos.org
+    "151.101.86.217/32"
+  ];
 in
 {
   options.local.services.vpn.wireguard = with lib; {
@@ -46,9 +51,18 @@ in
         postUp = ''
           addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
           interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
-          # don't use wg with cache.nixos.org
-          ${pkgs.iproute}/bin/ip route add 151.101.86.217/32 via $addr dev $interface
-        '';
+        '' + lib.concatLines (map
+          (addr: "${pkgs.iproute}/bin/ip route add ${addr} via $addr dev $interface") 
+          addrsViaDefaultInterface
+        );
+
+        preDown = ''
+          addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
+          interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
+        '' + lib.concatLines (map
+          (addr: "${pkgs.iproute}/bin/ip route del ${addr} via $addr dev $interface") 
+          addrsViaDefaultInterface
+        );
 
         peers = [
           # For a client configuration, one peer entry for the server will suffice.