Hey David, It's pretty typical behavior on Windows for IP addresses to be exclusive per interface. WireGuard for Windows does something similar: https://git.zx2c4.com/wireguard-windows/tree/tunnel/addressconfig.go#n22
With regards to permissions, you must be Local System, which is already the case if you're running inside a service. If you'd like to run as a mere Administrator process, you can steal a token with a technique like https://git.zx2c4.com/wireguard-tools/tree/src/ipc-uapi-windows.h#n14 or https://git.zx2c4.com/wireguard-windows/tree/elevate/doas.go#n30 Jason
