diff --git a/.github/workflows/branchtest.yml b/.github/workflows/branchtest.yml
index 95c46ad2..e2e8fbdc 100644
--- a/.github/workflows/branchtest.yml
+++ b/.github/workflows/branchtest.yml
@@ -39,64 +39,11 @@ jobs:
             echo "netmakerbranch=develop" >> $GITHUB_OUTPUT
           fi
   
-  getserver:
-    runs-on: ubuntu-latest
-    needs: skip-check
-    if: ${{ needs.skip-check.outputs.skip != 'true' }}
-    outputs:
-      netmakerserver: ${{ steps.getserver.outputs.server }}
-    steps:
-      - name: setup ssh
-        run: |
-          mkdir -p ~/.ssh/
-          echo "$SSH_KEY" > ~/.ssh/id_devops
-          chmod 600 ~/.ssh/id_devops
-          cat >>~/.ssh/config <<END
-          Host *.clustercat.com
-            User root
-            IdentityFile ~/.ssh/id_devops
-            StrictHostKeyChecking no
-          END
-        env:
-          SSH_KEY: ${{ secrets.TESTING_SSH_KEY }}
-      - name: getserver
-        id: getserver
-        run: |
-          server=""
-          for arg in "branch1" "branch2" "branch3" "branch4" "branch5"; do
-            echo checking $arg
-            result=$( ssh root@server.${arg}.clustercat.com '~/branchtesting/check.sh') 
-            echo $result
-            if [ "$result" == "pass" ]
-            then
-              server=$arg
-              echo $server>>/tmp/server
-              break
-            fi
-          done
-          echo server is $server
-          if [ "$server" == "" ]
-          then
-            echo server not set
-            exit 1
-          fi
-          echo "netmakerserver=$server" >> $GITHUB_OUTPUT
-          
-  terraform:
-    needs: [getbranch, getserver]
-    uses: gravitl/devops/.github/workflows/terraform.yml@master
+  branchtest:
+    uses: gravitl/devops/.github/workflows/testdeploybranch.yml@master
+    needs: [getbranch, skip-check]
     with:
-      netclientbranch: ${{ github.head_ref }}
       netmakerbranch: ${{ needs.getbranch.outputs.netmakerbranch }}
-      server: ${{ needs.getserver.outputs.netmakerserver }}
-    secrets: inherit
-
-
-  testbranch:
-    needs: [getbranch, terraform]
-    uses: gravitl/devops/.github/workflows/branchtest.yml@master
-    with:
+      netclientbranch: ${{ github.head_ref }}
       tag: ${{ github.run_id }}-${{ github.run_attempt }}
-      network: netmaker
-    secrets: inherit
-    
+    secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e7151d9c..482bc9c2 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -21,7 +21,7 @@ jobs:
   netclient-freebsd:
     runs-on: ubuntu-latest
     steps:
-      - name: build on freebsd
+      - name: build on freebsd13
         uses: appleboy/ssh-action@v0.1.10
         with:
           host: freebsd.clustercat.com
@@ -29,9 +29,23 @@ jobs:
           key: ${{ secrets.TESTING_SSH_KEY }}
           script: |
             cd netclient
+            git fetch
             git switch ${{ github.head_ref }}
             git pull
             go build .
+      - name: build on freebsd14
+        uses: appleboy/ssh-action@v0.1.10
+        with:
+          host: freebsd14.clustercat.com
+          username: freebsd
+          key: ${{ secrets.TESTING_SSH_KEY }}
+          script: |
+            cd netclient
+            git fetch
+            git switch ${{ github.head_ref }}
+            git pull
+            go build .
+
   tests:
     runs-on: ubuntu-latest
     steps:
diff --git a/cmd/root.go b/cmd/root.go
index 8221e84b..1951f715 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -7,9 +7,11 @@ package cmd
 import (
 	"os"
 	"path/filepath"
+	"runtime"
 
 	"github.com/gravitl/netclient/config"
 	"github.com/gravitl/netclient/functions"
+	"github.com/gravitl/netclient/wireguard"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"golang.org/x/exp/slog"
@@ -54,6 +56,16 @@ func initConfig() {
 	flags.BindPFlags(rootCmd.Flags())
 	config.InitConfig(flags)
 	setupLoging(flags)
+	nc := wireguard.NewNCIface(config.Netclient(), config.GetNodes())
+	nc.Name = "netmaker-test"
+	if runtime.GOOS == "darwin" {
+		nc.Name = "utun70"
+	}
+	if err := nc.Create(); err != nil {
+		slog.Error("failed to create interface, is wireguard installed?", "error", err)
+		os.Exit(1)
+	}
+	nc.Close()
 }
 
 func setupLoging(flags *viper.Viper) {
diff --git a/functions/daemon.go b/functions/daemon.go
index d54392dd..b47ceebc 100644
--- a/functions/daemon.go
+++ b/functions/daemon.go
@@ -167,8 +167,12 @@ func startGoRoutines(wg *sync.WaitGroup) context.CancelFunc {
 
 	Pull(false)
 	nc := wireguard.NewNCIface(config.Netclient(), config.GetNodes())
-	nc.Create()
-	nc.Configure()
+	if err := nc.Create(); err != nil {
+		slog.Error("error creating netclient interface", "error", err)
+	}
+	if err := nc.Configure(); err != nil {
+		slog.Error("error configuring netclient interface", "error", err)
+	}
 	wireguard.SetPeers(true)
 	server := config.GetServer(config.CurrServer)
 	if server == nil {
diff --git a/functions/mqhandlers.go b/functions/mqhandlers.go
index eaa95b48..e38bef2e 100644
--- a/functions/mqhandlers.go
+++ b/functions/mqhandlers.go
@@ -147,11 +147,12 @@ func HostPeerUpdate(client mqtt.Client, msg mqtt.Message) {
 	isInetGW := config.UpdateHostPeers(peerUpdate.Peers)
 	_ = config.WriteNetclientConfig()
 	_ = wireguard.SetPeers(false)
-	wireguard.GetInterface().GetPeerRoutes()
+	if len(peerUpdate.EgressRoutes) > 0 {
+		wireguard.SetEgressRoutes(peerUpdate.EgressRoutes)
+	}
 	if err = routes.SetNetmakerPeerEndpointRoutes(config.Netclient().DefaultInterface); err != nil {
 		slog.Warn("error when setting peer routes after peer update", "error", err)
 	}
-	_ = wireguard.GetInterface().ApplyAddrs(true)
 	gwDelta := (currentGW4.IP != nil && !currentGW4.IP.Equal(config.GW4Addr.IP)) ||
 		(currentGW6.IP != nil && !currentGW6.IP.Equal(config.GW6Addr.IP))
 	originalGW := currentGW4
diff --git a/go.mod b/go.mod
index abeeedd7..8bb3ae2f 100644
--- a/go.mod
+++ b/go.mod
@@ -7,12 +7,12 @@ require (
 	github.com/c-robinson/iplib v1.0.6
 	github.com/coreos/go-iptables v0.6.0
 	github.com/devilcove/httpclient v0.6.0
-	github.com/eclipse/paho.mqtt.golang v1.4.2
+	github.com/eclipse/paho.mqtt.golang v1.4.3
 	github.com/gin-gonic/gin v1.9.1
 	github.com/google/nftables v0.1.0
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.5.0
-	github.com/gravitl/netmaker v0.20.3
+	github.com/gravitl/netmaker v0.20.4
 	github.com/gravitl/txeh v0.0.0-20230509181318-3778c58bd69f
 	github.com/guumaster/hostctl v1.1.4
 	github.com/hashicorp/go-version v1.6.0
@@ -27,11 +27,11 @@ require (
 	github.com/vishvananda/netlink v1.1.0
 	github.com/wailsapp/wails/v2 v2.5.1
 	golang.design/x/clipboard v0.7.0
-	golang.org/x/crypto v0.10.0
+	golang.org/x/crypto v0.11.0
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/net v0.11.0
-	golang.org/x/sys v0.9.0
-	golang.org/x/term v0.9.0
+	golang.org/x/net v0.12.0
+	golang.org/x/sys v0.10.0
+	golang.org/x/term v0.10.0
 	golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb
 	golang.zx2c4.com/wireguard/windows v0.5.3
@@ -124,13 +124,13 @@ require (
 	golang.org/x/image v0.6.0 // indirect
 	golang.org/x/mobile v0.0.0-20230301163155-e0f57694e12c // indirect
 	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/oauth2 v0.9.0 // indirect
+	golang.org/x/oauth2 v0.10.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/text v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
 	golang.org/x/tools v0.6.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
index c3a8ab03..a3bc295b 100644
--- a/go.sum
+++ b/go.sum
@@ -80,8 +80,8 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/eclipse/paho.mqtt.golang v1.4.2 h1:66wOzfUHSSI1zamx7jR6yMEI5EuHnT1G6rNA5PM12m4=
-github.com/eclipse/paho.mqtt.golang v1.4.2/go.mod h1:JGt0RsEwEX+Xa/agj90YJ9d9DH2b7upDZMK9HRbFvCA=
+github.com/eclipse/paho.mqtt.golang v1.4.3 h1:2kwcUGn8seMUfWndX0hGbvH8r7crgcJguQNCyp70xik=
+github.com/eclipse/paho.mqtt.golang v1.4.3/go.mod h1:CSYvoAlsMkhYOXh/oKyxa8EcBci6dVkLCbo5tTC1RIE=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -189,11 +189,10 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gravitl/netmaker v0.20.3 h1:s+KIUcuHiSeI4gtpNboNH3wHV1p/tqMUr5P5ZF1AAmo=
-github.com/gravitl/netmaker v0.20.3/go.mod h1:h/8zpORPHUNX5POfb7h2M3p30qK/PLoX1XhSPqc6xJc=
+github.com/gravitl/netmaker v0.20.4 h1:38whUwDXoj0aM3ZE3aQWx/oC89wtjqh29mrMjajiITw=
+github.com/gravitl/netmaker v0.20.4/go.mod h1:HzJKcxKPn5c2LD+ZAgZ4Ar3A9rSPEFHprzQWMwcUaRc=
 github.com/gravitl/txeh v0.0.0-20230509181318-3778c58bd69f h1:XzsYovKdrDvj2z2HEHoeHU67+JIEFMHQKHU6oU+1fVE=
 github.com/gravitl/txeh v0.0.0-20230509181318-3778c58bd69f/go.mod h1:Nqo/7iOJSVP1JRSUv+FkZ0FgBjK89gjU0D/V8nH4xy8=
 github.com/guumaster/hostctl v1.1.4 h1:4zb9wEurBlz/hQiXFz9feHHfunf7oj+9serAH8ohGuM=
@@ -408,8 +407,8 @@ golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -474,7 +473,6 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -496,8 +494,8 @@ golang.org/x/net v0.0.0-20220923203811-8be639271d50/go.mod h1:YDH+HFinaLZZlnHAfS
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
-golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -508,8 +506,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs=
-golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw=
+golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
+golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -583,16 +581,16 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
-golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -605,8 +603,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -767,8 +765,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
diff --git a/gui/main.go b/gui/main.go
index 7cf9d0f0..49db385e 100644
--- a/gui/main.go
+++ b/gui/main.go
@@ -22,7 +22,7 @@ var assets embed.FS
 
 var appIcon = GetFileAsBytes("./appicon.png")
 
-var version = "v0.20.3"
+var version = "v0.20.4"
 
 var url = "http://" + functions.DefaultHttpServerAddr + ":" + functions.DefaultHttpServerPort
 
diff --git a/main.go b/main.go
index bd362e01..3f172e32 100644
--- a/main.go
+++ b/main.go
@@ -11,7 +11,7 @@ import (
 )
 
 // TODO: use -ldflags to set the right version at build time
-var version = "v0.20.3"
+var version = "v0.20.4"
 
 func main() {
 	config.SetVersion(version)
diff --git a/release.md b/release.md
index bed76d93..bb7fc899 100644
--- a/release.md
+++ b/release.md
@@ -1,25 +1,19 @@
-# Netclient v0.20.3
+# Netclient v0.20.4
 
 ## Whats New
-- Moved to new licensing server for self-hosted
-- STUN removed from netmaker server to improve memory performance
-- Added DB caching to drastically reduce read/writes from disk
+- FreeBSD 13/14 specific binaries
 
 ## What's Fixed
-- Major memory leak resolved due to STUN
-- Issues with netclient ports on daemon restart
-- Windows GUI unable to find netclient backend
-- Major scalability fixes - Can now scale to hundreds of hosts with low resources
-- Resolved ACL panic
-- Reverted blocking creation of Ingress with NAT
+- Fixes for FreeBSD
+- Mac installer installs WireGuard
+- Precise Interface routes to improve multi-network functionality
      
 ## known issues
+- Windows installer does not install WireGuard
 - netclient-gui (windows) will display an erroneous error dialog when joining a network (can be ignored)
 - netclient-gui will continously display error dialog if netmaker server is offline
 - Incorrect metrics against ext clients
-- Host ListenPorts set to 0 after migration from 0.17.1 -> 0.20.3
+- Host ListenPorts set to 0 after migration from 0.17.1 -> 0.20.4
 - Mac IPv6 addresses/route issues
 - Docker client can not re-join after complete deletion
 - netclient-gui network tab blank after disconnect
-
-
diff --git a/resources/windows/netclient.exe.manifest.xml b/resources/windows/netclient.exe.manifest.xml
index c3085547..f7a8731d 100644
--- a/resources/windows/netclient.exe.manifest.xml
+++ b/resources/windows/netclient.exe.manifest.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
     <assemblyIdentity
-            version="0.20.3.0"
+            version="0.20.4.0"
             processorArchitecture="*"
             name="netclient.exe"
             type="win32"
diff --git a/versioninfo.json b/versioninfo.json
index 1acce18a..5d25be8d 100644
--- a/versioninfo.json
+++ b/versioninfo.json
@@ -3,13 +3,13 @@
         "FileVersion": {
             "Major": 0,
             "Minor": 20,
-            "Patch": 3,
+            "Patch": 4,
             "Build": 0
         },
         "ProductVersion": {
             "Major": 0,
             "Minor": 20,
-            "Patch": 1,
+            "Patch": 4,
             "Build": 0
         },
         "FileFlagsMask": "3f",
@@ -29,7 +29,7 @@
         "OriginalFilename": "",
         "PrivateBuild": "",
         "ProductName": "Netclient",
-        "ProductVersion": "v0.20.3.0",
+        "ProductVersion": "v0.20.4.0",
         "SpecialBuild": ""
     },
     "VarFileInfo": {
diff --git a/wireguard/types.go b/wireguard/types.go
index faf53fea..bec71fbe 100644
--- a/wireguard/types.go
+++ b/wireguard/types.go
@@ -1,6 +1,7 @@
 package wireguard
 
 import (
+	"fmt"
 	"net"
 	"sync"
 
@@ -8,7 +9,7 @@ import (
 	"github.com/gravitl/netclient/ncutils"
 	"github.com/gravitl/netclient/nmproxy/peer"
 	"github.com/gravitl/netmaker/logger"
-	"github.com/gravitl/netmaker/logic"
+	"github.com/gravitl/netmaker/models"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
@@ -83,49 +84,28 @@ func (n *NCIface) Configure() error {
 	wgMutex.Lock()
 	defer wgMutex.Unlock()
 	logger.Log(0, "adding addresses to netmaker interface")
-	n.GetPeerRoutes()
-	if err := n.ApplyAddrs(false); err != nil {
+	if err := n.ApplyAddrs(); err != nil {
 		return err
 	}
 	if err := n.SetMTU(); err != nil {
-		return err
+		return fmt.Errorf("Configure set MTU %w", err)
 	}
 	return apply(&n.Config)
 }
 
-// NCIface.GetPeerRoutes - fetches additional routes that are needed to be added to the interface
-func (nc *NCIface) GetPeerRoutes() {
-	var routes []ifaceAddress
-	if len(nc.Addresses) == 0 {
-		return
-	}
-	routeMap := make(map[string]struct{})
-	for _, peer := range nc.Config.Peers {
-		for _, allowedIP := range peer.AllowedIPs {
-			addRoute := true
-			for _, address := range nc.Addresses {
-				normCIDR, err := logic.NormalizeCIDR(address.Network.String())
-				if err == nil {
-					if logic.IsAddressInCIDR(allowedIP.IP, normCIDR) {
-						addRoute = false
-					}
-				}
-			}
-			if addRoute {
-				// add route to the interface
-				if _, ok := routeMap[allowedIP.String()]; !ok {
-					routeMap[allowedIP.String()] = struct{}{}
-					routes = append(routes, ifaceAddress{
-						IP:       allowedIP.IP,
-						Network:  allowedIP,
-						AddRoute: true,
-					})
-				}
+func SetEgressRoutes(egressRoutes []models.EgressNetworkRoutes) {
+	addrs := []ifaceAddress{}
+	for _, egressRoute := range egressRoutes {
+		for _, egressRange := range egressRoute.EgressRanges {
+			addrs = append(addrs, ifaceAddress{
+				IP:      egressRoute.NodeAddr.IP,
+				Network: config.ToIPNet(egressRange),
+			})
 
-			}
 		}
+
 	}
-	nc.Addresses = append(nc.Addresses, routes...)
+	SetRoutes(addrs)
 }
 
 func GetInterface() *NCIface {
diff --git a/wireguard/wireguard.go b/wireguard/wireguard.go
index 3fc293a2..d0607253 100644
--- a/wireguard/wireguard.go
+++ b/wireguard/wireguard.go
@@ -9,6 +9,7 @@ import (
 	"github.com/gravitl/netclient/config"
 	"github.com/gravitl/netclient/ncutils"
 	"github.com/gravitl/netclient/nmproxy/peer"
+	"golang.org/x/exp/slog"
 	"golang.zx2c4.com/wireguard/wgctrl"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
@@ -57,9 +58,10 @@ func UpdatePeer(p *wgtypes.PeerConfig) error {
 }
 
 func apply(c *wgtypes.Config) error {
+	slog.Debug("applying wireguard config")
 	wg, err := wgctrl.New()
 	if err != nil {
-		return err
+		return fmt.Errorf("wgctrl %w", err)
 	}
 	defer wg.Close()
 
diff --git a/wireguard/wireguard_darwin.go b/wireguard/wireguard_darwin.go
index 7c09c790..54c24b0f 100644
--- a/wireguard/wireguard_darwin.go
+++ b/wireguard/wireguard_darwin.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/gravitl/netclient/ncutils"
 	"github.com/gravitl/netmaker/logger"
+	"golang.org/x/exp/slog"
 )
 
 // NCIface.Create - makes a new Wireguard interface for darwin users (userspace)
@@ -15,49 +16,71 @@ func (nc *NCIface) Create() error {
 }
 
 // NCIface.ApplyAddrs - applies address for darwin userspace
-func (nc *NCIface) ApplyAddrs(addOnlyRoutes bool) error {
+func (nc *NCIface) ApplyAddrs() error {
 
 	for _, address := range nc.Addresses {
-		if !addOnlyRoutes && !address.AddRoute && address.IP != nil {
+		if address.IP != nil {
 			if address.IP.To4() != nil {
 
-				cmd := exec.Command("ifconfig", nc.Name, "inet", "alias", address.IP.String(), address.IP.String())
+				cmd := exec.Command("ifconfig", nc.Name, "inet", "add", address.IP.String(), address.IP.String())
 				if out, err := cmd.CombinedOutput(); err != nil {
-					logger.Log(0, fmt.Sprintf("adding address command \"%v\" failed with output %s and error: ", cmd.String(), out))
+					slog.Error("error adding address", "command", cmd.String(), "error", string(out))
 					continue
 				}
 			} else {
 
-				cmd := exec.Command("ifconfig", nc.Name, "inet6", "alias", address.IP.String(), address.IP.String())
+				cmd := exec.Command("ifconfig", nc.Name, "inet6", "add", address.IP.String(), address.IP.String())
 				if out, err := cmd.CombinedOutput(); err != nil {
-					logger.Log(0, fmt.Sprintf("adding address command \"%v\" failed with output %s and error: ", cmd.String(), out))
+					slog.Error("error adding address", "command", cmd.String(), "error", string(out))
 					continue
 				}
 			}
 
 		}
-		if address.Network.IP != nil &&
-			address.Network.String() != "0.0.0.0/0" &&
-			address.Network.String() != "::/0" {
-			if address.Network.IP.To4() != nil {
-				cmd := exec.Command("route", "add", "-net", "-inet", address.Network.String(), "-interface", nc.Name)
-				if out, err := cmd.CombinedOutput(); err != nil {
-					logger.Log(0, fmt.Sprintf("failed to add route with command %s - %v", cmd.String(), out))
-					continue
-				}
-			} else {
-				cmd := exec.Command("route", "add", "-net", "-inet6", address.Network.String(), "-interface", nc.Name)
-				if out, err := cmd.CombinedOutput(); err != nil {
-					logger.Log(0, fmt.Sprintf("failed to add route with command %s - %v", cmd.String(), out))
-					continue
-				}
+		if address.Network.IP.To4() != nil {
+			cmd := exec.Command("route", "add", "-net", "-inet", address.Network.String(), address.IP.String())
+			if out, err := cmd.CombinedOutput(); err != nil {
+				slog.Error("failed to add route", "command", cmd.String(), "error", string(out))
+				continue
+			}
+		} else {
+			cmd := exec.Command("route", "add", "-net", "-inet6", address.Network.String(), address.IP.String())
+			if out, err := cmd.CombinedOutput(); err != nil {
+				slog.Error("failed to add route", "command", cmd.String(), "error", string(out))
+				continue
 			}
 		}
+
 	}
 
 	return nil
 }
 
+// SetRoutes - sets additional routes to the interface
+func SetRoutes(addrs []ifaceAddress) {
+	for _, addr := range addrs {
+		if addr.IP == nil || addr.Network.IP == nil || addr.Network.String() == "0.0.0.0/0" ||
+			addr.Network.String() == "::/0" {
+			continue
+		}
+
+		if addr.Network.IP.To4() != nil {
+			cmd := exec.Command("route", "add", "-net", "-inet", addr.Network.String(), addr.IP.String())
+			if out, err := cmd.CombinedOutput(); err != nil {
+				slog.Error("failed to add route with", "command", cmd.String(), "error", string(out))
+				continue
+			}
+		} else {
+			cmd := exec.Command("route", "add", "-net", "-inet6", addr.Network.String(), addr.IP.String())
+			if out, err := cmd.CombinedOutput(); err != nil {
+				slog.Error("failed to add route with", "command", cmd.String(), "error", string(out))
+				continue
+			}
+		}
+
+	}
+}
+
 func (nc *NCIface) SetMTU() error {
 	// set MTU for the interface
 	cmd := exec.Command("ifconfig", nc.Name, "mtu", fmt.Sprint(nc.MTU), "up")
diff --git a/wireguard/wireguard_freebsd.go b/wireguard/wireguard_freebsd.go
index 7d54ea10..73d4334f 100644
--- a/wireguard/wireguard_freebsd.go
+++ b/wireguard/wireguard_freebsd.go
@@ -2,24 +2,24 @@ package wireguard
 
 import (
 	"fmt"
-	"os"
 	"os/exec"
 	"strconv"
 
 	"github.com/gravitl/netclient/ncutils"
 	"github.com/gravitl/netmaker/logger"
+	"golang.org/x/exp/slog"
 )
 
 const kernelModule = "/boot/modules/if_wg.ko"
 
 // NCIface.Create - creates a linux WG interface based on a node's given config
 func (nc *NCIface) Create() error {
-	if _, err := os.Stat(kernelModule); err != nil {
-		logger.Log(3, "using userspace wireguard")
-		return nc.createUserSpaceWG()
+	if _, err := ncutils.RunCmd("kldstat | grep if_wg", false); err != nil {
+		slog.Info("loading kernel wireguard")
+		return create(nc)
 	}
-	logger.Log(3, "using kernel wireguard")
-	return create(nc)
+	slog.Info("using userspace wireguard")
+	return nc.createUserSpaceWG()
 }
 
 func create(nc *NCIface) error {
@@ -51,45 +51,63 @@ func (nc *NCIface) Close() {
 }
 
 // NCIface.ApplyAddrs - applies the assigned node addresses to given interface (netLink)
-func (nc *NCIface) ApplyAddrs(addOnlyRoutes bool) error {
+func (nc *NCIface) ApplyAddrs() error {
 	ifconfig, err := exec.LookPath("ifconfig")
 	if err != nil {
 		logger.Log(0, "failed to locate ifconfig", err.Error())
 		return fmt.Errorf("failed to locate ifconfig %w", err)
 	}
 	for _, address := range nc.Addresses {
-		if !addOnlyRoutes && !address.AddRoute {
-			if address.IP.To4() != nil {
-				if _, err := ncutils.RunCmd(ifconfig+" "+nc.Name+" inet "+address.IP.String()+" alias", true); err != nil {
-					logger.Log(1, "error adding address to interface: ", address.IP.String(), err.Error())
-				}
-			} else {
-				if _, err := ncutils.RunCmd(ifconfig+" "+nc.Name+" inet6 "+address.IP.String()+" alias", true); err != nil {
-					logger.Log(1, "error adding address to interface: ", address.IP.String(), err.Error())
-				}
+		if address.IP.To4() != nil {
+			address.Network.IP = address.IP
+			cmd := ifconfig + " " + nc.Name + " inet " + address.Network.String() + " alias"
+			slog.Info("adding address", "cmd", cmd)
+			if _, err := ncutils.RunCmd(cmd, true); err != nil {
+				logger.Log(1, "error adding address to interface: ", address.IP.String(), err.Error())
+			}
+		} else {
+			address.Network.IP = address.IP
+			cmd := ifconfig + " " + nc.Name + " inet6 " + address.Network.String() + " alias"
+			slog.Info("adding address", "cmd", cmd)
+			if _, err := ncutils.RunCmd(cmd, true); err != nil {
+				logger.Log(1, "error adding address to interface: ", address.IP.String(), err.Error())
 			}
 		}
+	}
+	cmd := fmt.Sprintf("ifconfig %s up", ncutils.GetInterfaceName())
+	slog.Info("bringing interface up", "cmd", cmd)
+	if _, err := ncutils.RunCmd(cmd, true); err != nil {
+		slog.Error("error bringing interface up ", "error", err.Error())
+	}
+	return nil
+}
 
-		if address.AddRoute &&
-			address.Network.String() != "0.0.0.0/0" &&
-			address.Network.String() != "::/0" {
-			if address.IP.To4() != nil {
-				if _, err := ncutils.RunCmd(fmt.Sprintf("route add -net -inet %s -interface %s", address.Network.String(), nc.Name), true); err != nil {
-					logger.Log(1, "error adding address to interface ", address.Network.String(), err.Error())
+// SetRoutes - sets additional routes to the interface
+func SetRoutes(addrs []ifaceAddress) {
+	for _, addr := range addrs {
+		if addr.IP == nil || addr.Network.IP == nil || addr.Network.String() == "0.0.0.0/0" ||
+			addr.Network.String() == "::/0" {
+			continue
+		}
+		if addr.Network.String() != "0.0.0.0/0" &&
+			addr.Network.String() != "::/0" {
+			if addr.IP.To4() != nil {
+				if _, err := ncutils.RunCmd(fmt.Sprintf("route add -net -inet %s %s", addr.Network.String(), addr.IP.String()), true); err != nil {
+					slog.Error("error adding address to interface", "address", addr.Network.String(), "error", err.Error())
 				}
 			} else {
-				if _, err := ncutils.RunCmd(fmt.Sprintf("route add -net -inet6 %s -interface %s", address.Network.String(), nc.Name), true); err != nil {
-					logger.Log(1, "error adding address to interface ", address.Network.String(), err.Error())
+				if _, err := ncutils.RunCmd(fmt.Sprintf("route add -net -inet6 %s %s", addr.Network.String(), addr.IP.String()), true); err != nil {
+					slog.Error("error adding address to interface ", "address", addr.Network.String(), "error", err.Error())
 				}
 			}
 
 		}
 	}
-	return nil
 }
 
 // NCIface.SetMTU - set MTU for netmaker interface
 func (nc *NCIface) SetMTU() error {
+	slog.Debug("setting mtu for netmaker interface")
 	ifconfig, err := exec.LookPath("ifconfig")
 	if err != nil {
 		logger.Log(0, "failed to locate ifconfig", err.Error())
diff --git a/wireguard/wireguard_linux.go b/wireguard/wireguard_linux.go
index 443299a4..22933238 100644
--- a/wireguard/wireguard_linux.go
+++ b/wireguard/wireguard_linux.go
@@ -9,6 +9,7 @@ import (
 	"github.com/gravitl/netclient/ncutils"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/vishvananda/netlink"
+	"golang.org/x/exp/slog"
 )
 
 // NCIface.Create - creates a linux WG interface based on a node's host config
@@ -80,60 +81,74 @@ func (l *netLink) Close() error {
 }
 
 // netLink.ApplyAddrs - applies the assigned node addresses to given interface (netLink)
-func (nc *NCIface) ApplyAddrs(addOnlyRoutes bool) error {
+func (nc *NCIface) ApplyAddrs() error {
 	l, err := netlink.LinkByName(nc.Name)
+	if err != nil {
+		return fmt.Errorf("failed to locate link %w", err)
+	}
+
+	currentAddrs, err := netlink.AddrList(l, 0)
 	if err != nil {
 		return err
 	}
-	if !addOnlyRoutes {
-		currentAddrs, err := netlink.AddrList(l, 0)
-		if err != nil {
-			return err
-		}
-		routes, err := netlink.RouteList(l, 0)
+	routes, err := netlink.RouteList(l, 0)
+	if err != nil {
+		return err
+	}
+
+	for i := range routes {
+		err = netlink.RouteDel(&routes[i])
 		if err != nil {
-			return err
+			return fmt.Errorf("failed to list routes %w", err)
 		}
+	}
 
-		for i := range routes {
-			err = netlink.RouteDel(&routes[i])
+	if len(currentAddrs) > 0 {
+		for i := range currentAddrs {
+			err = netlink.AddrDel(l, &currentAddrs[i])
 			if err != nil {
-				return err
-			}
-		}
-
-		if len(currentAddrs) > 0 {
-			for i := range currentAddrs {
-				err = netlink.AddrDel(l, &currentAddrs[i])
-				if err != nil {
-					return err
-				}
+				return fmt.Errorf("failed to delete route %w", err)
 			}
 		}
 	}
 
 	for _, addr := range nc.Addresses {
-		if !addOnlyRoutes && !addr.AddRoute && addr.IP != nil {
-			logger.Log(3, "adding address", addr.IP.String(), "to netmaker interface")
+		if addr.IP != nil && addr.Network.IP != nil {
+			slog.Info("adding address", "address", addr.IP.String(), "network", addr.Network.String())
 			if err := netlink.AddrAdd(l, &netlink.Addr{IPNet: &net.IPNet{IP: addr.IP, Mask: addr.Network.Mask}}); err != nil {
-				logger.Log(1, "error adding addr", err.Error())
+				slog.Error("error adding addr", "error", err.Error())
 
 			}
 		}
-		if addr.AddRoute && addr.Network.String() != "0.0.0.0/0" && addr.Network.String() != "::/0" {
-			logger.Log(3, "adding route", addr.IP.String(), "to netmaker interface")
-			if err := netlink.RouteAdd(&netlink.Route{
-				LinkIndex: l.Attrs().Index,
-				Dst:       &addr.Network,
-			}); err != nil {
-				logger.Log(1, "error adding route", err.Error())
-			}
-		}
 
 	}
 	return nil
 }
 
+// SetRoutes - sets additional routes to the interface
+func SetRoutes(addrs []ifaceAddress) {
+	l, err := netlink.LinkByName(ncutils.GetInterfaceName())
+	if err != nil {
+		slog.Error("failed to get link to interface", "error", err)
+		return
+	}
+	for _, addr := range addrs {
+		if addr.IP == nil || addr.Network.IP == nil || addr.Network.String() == "0.0.0.0/0" ||
+			addr.Network.String() == "::/0" {
+			continue
+		}
+		slog.Info("adding route to interface", "route", fmt.Sprintf("%s -> %s", addr.IP.String(), addr.Network.String()))
+		if err := netlink.RouteAdd(&netlink.Route{
+			LinkIndex: l.Attrs().Index,
+			Gw:        addr.IP,
+			Dst:       &addr.Network,
+		}); err != nil {
+			slog.Error("error adding route", "error", err.Error())
+		}
+
+	}
+}
+
 // == private ==
 
 type netLink struct {
diff --git a/wireguard/wireguard_windows.go b/wireguard/wireguard_windows.go
index 927bd4e1..15572d39 100644
--- a/wireguard/wireguard_windows.go
+++ b/wireguard/wireguard_windows.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/gravitl/netclient/ncutils"
 	"github.com/gravitl/netmaker/logger"
+	"golang.org/x/exp/slog"
 	"golang.org/x/sys/windows"
 	"golang.zx2c4.com/wireguard/windows/driver"
 )
@@ -28,58 +29,50 @@ func (nc *NCIface) Create() error {
 			return err
 		}
 	} else {
-		logger.Log(0, "re-using existing adapter")
+		slog.Info("re-using existing adapter")
 	}
 
-	logger.Log(3, "created Windows tunnel")
+	slog.Info("created Windows tunnel")
 	nc.Iface = adapter
 	return adapter.SetAdapterState(driver.AdapterStateUp)
 }
 
 // NCIface.ApplyAddrs - applies addresses to windows tunnel ifaces, unused currently
-func (nc *NCIface) ApplyAddrs(addOnlyRoutes bool) error {
+func (nc *NCIface) ApplyAddrs() error {
 	adapter := nc.Iface
 	prefixAddrs := []netip.Prefix{}
-	egressRanges := []ifaceAddress{}
-	var egressRoute *ifaceAddress
 	for i := range nc.Addresses {
-		if !nc.Addresses[i].AddRoute {
-			maskSize, _ := nc.Addresses[i].Network.Mask.Size()
-			logger.Log(1, "appending address", fmt.Sprintf("%s/%d to nm interface", nc.Addresses[i].IP.String(), maskSize))
-			addr, err := netip.ParsePrefix(fmt.Sprintf("%s/%d", nc.Addresses[i].IP.String(), maskSize))
-			if err == nil {
-				prefixAddrs = append(prefixAddrs, addr)
-			} else {
-				logger.Log(0, fmt.Sprintf("failed to append ip to Netclient adapter %v", err))
-			}
-			if egressRoute == nil {
-				egressRoute = &nc.Addresses[i]
-			}
+
+		maskSize, _ := nc.Addresses[i].Network.Mask.Size()
+		slog.Info("appending address", "address", fmt.Sprintf("%s/%d to nm interface", nc.Addresses[i].IP.String(), maskSize))
+		addr, err := netip.ParsePrefix(fmt.Sprintf("%s/%d", nc.Addresses[i].IP.String(), maskSize))
+		if err == nil {
+			prefixAddrs = append(prefixAddrs, addr)
 		} else {
-			egressRanges = append(egressRanges, nc.Addresses[i])
+			slog.Error("failed to append ip to Netclient adapter", "error", err)
 		}
 	}
 
-	if egressRoute != nil && len(egressRanges) > 0 {
-		for i := range egressRanges {
-			if egressRanges[i].Network.String() == "0.0.0.0/0" ||
-				egressRanges[i].Network.String() == "::/0" {
-				continue
-			}
-			maskSize, _ := egressRanges[i].Network.Mask.Size()
-			mask := net.IP(egressRanges[i].Network.Mask)
-			logger.Log(1, "appending egress range", fmt.Sprintf("%s/%d to nm interface", egressRanges[i].IP.String(), maskSize))
-			cmd := fmt.Sprintf("route -p add %s MASK %v %s", egressRanges[i].IP.String(),
-				mask,
-				egressRoute.IP.String())
-			_, err := ncutils.RunCmd(cmd, false)
-			if err != nil {
-				logger.Log(0, "failed to apply egress range", egressRanges[i].IP.String())
-			}
+	return adapter.(*driver.Adapter).LUID().SetIPAddresses(prefixAddrs)
+}
+
+// SetRoutes - sets additional routes to the interface
+func SetRoutes(addrs []ifaceAddress) {
+	for _, addr := range addrs {
+		if addr.IP == nil || addr.Network.IP == nil || addr.Network.String() == "0.0.0.0/0" ||
+			addr.Network.String() == "::/0" {
+			continue
+		}
+		mask := net.IP(addr.Network.Mask)
+		slog.Info("adding route to interface", "route", fmt.Sprintf("%s -> %s", addr.IP.String(), addr.Network.String()))
+		cmd := fmt.Sprintf("route -p add %s MASK %v %s", addr.IP.String(),
+			mask,
+			addr.IP.String())
+		_, err := ncutils.RunCmd(cmd, false)
+		if err != nil {
+			slog.Error("failed to apply", "egress range", addr.IP.String())
 		}
 	}
-
-	return adapter.(*driver.Adapter).LUID().SetIPAddresses(prefixAddrs)
 }
 
 // NCIface.Close - closes the managed WireGuard interface