diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts
index ad405d08..6c648baa 100644
--- a/server/routers/newt/handleGetConfigMessage.ts
+++ b/server/routers/newt/handleGetConfigMessage.ts
@@ -133,7 +133,7 @@ export const handleGetConfigMessage: MessageHandler = async (context) => {
 
                 return {
                     publicKey: client.clients.pubKey!,
-                    allowedIps: [client.clients.subnet!],
+                    allowedIps: [`${client.clients.subnet.split('/')[0]}/32`], // we want to only allow from that client
                     endpoint: client.clientSites.isRelayed
                         ? ""
                         : client.clients.endpoint! // if its relayed it should be localhost
diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts
index a398d5e4..d3ce74cd 100644
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -141,7 +141,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
             );
             await addPeer(site.siteId, {
                 publicKey: publicKey,
-                allowedIps: [client.subnet],
+                allowedIps: [`${client.subnet.split('/')[0]}/32`], // we want to only allow from that client
                 endpoint: client.endpoint
             });
         } else {