diff --git a/common/wireguard/tasks/main.yml b/common/wireguard/tasks/main.yml
index 9cf9ba9a6e891b4622a4fded2b19aa71d14d4af2..0b3c02ec959d2e12a25ecae5eea375f0fda8ebe1 100644
--- a/common/wireguard/tasks/main.yml
+++ b/common/wireguard/tasks/main.yml
@@ -53,6 +53,11 @@
   ansible.builtin.systemd:
     daemon_reload: true
 
+- name: "Stop systemd service for wg0"
+  ansible.builtin.systemd:
+    name: "wg-quick@wg0"
+    state: stopped
+
 - name: "Start systemd service for wg0"
   ansible.builtin.systemd:
     name: "wg-quick@wg0"
diff --git a/common/wireguard/templates/webserver.conf b/common/wireguard/templates/webserver.conf
index e3b21d7c6aab4133c6f6b7f50a5a7794ca6dcc8a..0ec608c4a8883786fc56cbe26faecdcf1e9e08ea 100644
--- a/common/wireguard/templates/webserver.conf
+++ b/common/wireguard/templates/webserver.conf
@@ -5,4 +5,4 @@ ListenPort = 51821
 
 [Peer]
 PublicKey = 9FLaGBXWjInPv4PFRuAJPPrPWruzocVrXg9lsmwGdX4=
-AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/23
+AllowedIPs = 10.43.1.2, 192.168.0.0/24, 10.0.0.0/22