diff --git a/app.py b/app.py
index 82b7d7b..e67b8c0 100644
--- a/app.py
+++ b/app.py
@@ -332,42 +332,42 @@ import ipaddress as _ipaddress
 _wg_managed_subnets: list = []  # beim Connect gemerkte Subnetze für sauberes Cleanup
 
 
-def _local_subnets() -> list:
-    """Alle direkt verbundenen IPv4-Subnetze außer WireGuard-Interface und Loopback."""
-    r = subprocess.run(['ip', '-4', 'route', 'show', 'table', 'main'],
-                       capture_output=True, text=True)
+def _local_subnets_before_vpn() -> list:
+    """Subnetze aller lokalen Interfaces (außer Loopback) via 'ip addr show'.
+    Muss VOR wg-quick up aufgerufen werden, damit wg-quick die Tabelle noch
+    nicht verändert hat."""
+    r = subprocess.run(['ip', '-4', 'addr', 'show'], capture_output=True, text=True)
     seen, result = set(), []
+    current_iface = ''
     for line in r.stdout.splitlines():
-        parts = line.split()
-        if not parts or parts[0] in ('default', 'unreachable', 'prohibit'):
-            continue
-        if 'dev' not in parts:
-            continue
-        dev = parts[parts.index('dev') + 1]
-        if dev == WG_IFACE:
-            continue
-        try:
-            net = str(_ipaddress.IPv4Network(parts[0], strict=False))
-            if net not in seen and not _ipaddress.IPv4Network(net).is_loopback:
-                seen.add(net)
-                result.append(net)
-        except ValueError:
-            pass
+        if not line[:1].isspace():
+            # Zeile wie "2: wlan0: <BROADCAST,..."
+            current_iface = line.split(':')[1].strip().split('@')[0] if ':' in line else ''
+        elif current_iface and current_iface != 'lo':
+            s = line.strip()
+            if s.startswith('inet '):
+                try:
+                    net = str(_ipaddress.IPv4Interface(s.split()[1]).network)
+                    if net not in seen:
+                        seen.add(net)
+                        result.append(net)
+                except Exception:
+                    pass
     return result
 
 
-def _wg_add_local_routes():
+def _wg_add_local_routes(subnets: list):
     """Alle lokalen Subnetze (Hotspot, WLAN, LAN) vom VPN-Tunnel ausschließen."""
     global _wg_managed_subnets
-    _wg_managed_subnets = _local_subnets()
-    for i, subnet in enumerate(_wg_managed_subnets):
+    _wg_managed_subnets = subnets
+    for i, subnet in enumerate(subnets):
         prio_from = 100 + i * 2
         prio_to   = 101 + i * 2
         subprocess.run(['ip', 'rule', 'add', 'from', subnet,
                         'table', 'main', 'priority', str(prio_from)], capture_output=True)
         subprocess.run(['ip', 'rule', 'add', 'to', subnet,
                         'table', 'main', 'priority', str(prio_to)], capture_output=True)
-    log.info(f'Lokale Routing-Regeln gesetzt: {_wg_managed_subnets}')
+    log.info(f'Lokale Routing-Regeln gesetzt: {subnets}')
 
 
 def _wg_remove_local_routes():
@@ -389,11 +389,12 @@ def wg_connect():
         with wg_lock:
             wg_state['error'] = 'Keine Konfiguration vorhanden'
         return False
+    local_nets = _local_subnets_before_vpn()  # VOR wg-quick lesen
     r = subprocess.run(['wg-quick', 'up', WG_IFACE],
                        capture_output=True, text=True, timeout=30)
     if r.returncode == 0:
         time.sleep(1)
-        _wg_add_local_routes()
+        _wg_add_local_routes(local_nets)
         wg_update_state()
         log.info('WireGuard verbunden')
         return True
diff --git a/version.txt b/version.txt
index fa7e3ca..a7a8343 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-1.0.29
\ No newline at end of file
+1.0.30
\ No newline at end of file