diff --git a/cmd/config.go b/cmd/config.go
index b11ef24f6d0..3961d4619a4 100644
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -15,9 +15,10 @@ type Config struct {
 	Peers        []connection.Peer
 	StunTurnURLs []*ice.URL
 	// host:port of the signal server
-	SignalAddr string
-	WgAddr     string
-	WgIface    string
+	SignalAddr     string
+	WgAddr         string
+	WgIface        string
+	IFaceBlackList []string
 }
 
 //Write writes configPath to a file
diff --git a/cmd/up.go b/cmd/up.go
index bf48bde8a5a..da0490c040a 100644
--- a/cmd/up.go
+++ b/cmd/up.go
@@ -38,7 +38,11 @@ var (
 			//todo proper close handling
 			defer func() { signalClient.Close() }()
 
-			engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr)
+			iFaceBlackList := make(map[string]struct{})
+			for i := 0; i < len(config.IFaceBlackList); i += 2 {
+				iFaceBlackList[config.IFaceBlackList[i]] = struct{}{}
+			}
+			engine := connection.NewEngine(signalClient, config.StunTurnURLs, config.WgIface, config.WgAddr, iFaceBlackList)
 
 			err = engine.Start(myKey, config.Peers)
 			if err != nil {
diff --git a/connection/connection.go b/connection/connection.go
index 129653c404e..665e3eea257 100644
--- a/connection/connection.go
+++ b/connection/connection.go
@@ -31,6 +31,8 @@ type ConnConfig struct {
 	RemoteWgKey wgtypes.Key
 
 	StunTurnURLS []*ice.URL
+
+	iFaceBlackList map[string]struct{}
 }
 
 // IceCredentials ICE protocol credentials struct
@@ -93,6 +95,13 @@ func (conn *Connection) Open(timeout time.Duration) error {
 	a, err := ice.NewAgent(&ice.AgentConfig{
 		NetworkTypes: []ice.NetworkType{ice.NetworkTypeUDP4},
 		Urls:         conn.Config.StunTurnURLS,
+		InterfaceFilter: func(s string) bool {
+			if conn.Config.iFaceBlackList == nil {
+				return true
+			}
+			_, ok := conn.Config.iFaceBlackList[s]
+			return !ok
+		},
 	})
 	conn.agent = a
 
@@ -289,7 +298,7 @@ func (conn *Connection) listenOnConnectionStateChanges() error {
 				log.Errorf("failed selecting active ICE candidate pair %s", err)
 				return
 			}
-			log.Debugf("closed to peer %s via selected candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
+			log.Infof("will connect to peer %s via a selected connnection candidate pair %s", conn.Config.RemoteWgKey.String(), pair)
 		} else if state == ice.ConnectionStateDisconnected || state == ice.ConnectionStateFailed {
 			// todo do we really wanna have a connection restart within connection itself? Think of moving it outside
 			err := conn.Close()
diff --git a/connection/engine.go b/connection/engine.go
index e9e66f21700..fc1b95581a4 100644
--- a/connection/engine.go
+++ b/connection/engine.go
@@ -24,6 +24,8 @@ type Engine struct {
 	wgIface string
 	// Wireguard local address
 	wgIP string
+	// Network Interfaces to ignore
+	iFaceBlackList map[string]struct{}
 }
 
 // Peer is an instance of the Connection Peer
@@ -33,13 +35,15 @@ type Peer struct {
 }
 
 // NewEngine creates a new Connection Engine
-func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string) *Engine {
+func NewEngine(signal *signal.Client, stunsTurns []*ice.URL, wgIface string, wgAddr string,
+	iFaceBlackList map[string]struct{}) *Engine {
 	return &Engine{
 		stunsTurns: stunsTurns,
 		signal:     signal,
 		wgIface:    wgIface,
 		wgIP:       wgAddr,
 		conns:      map[string]*Connection{},
+		iFaceBlackList: iFaceBlackList,
 	}
 }
 
@@ -113,6 +117,7 @@ func (e *Engine) openPeerConnection(wgPort int, myKey wgtypes.Key, peer Peer) (*
 		WgKey:        myKey,
 		RemoteWgKey:  remoteKey,
 		StunTurnURLS: e.stunsTurns,
+		iFaceBlackList: e.iFaceBlackList,
 	}
 
 	signalOffer := func(uFrag string, pwd string) error {