Questions tagged as ['wireguard']

Score: 0
Exchange server via TailScale (Wireguard) and creating valid certificates
tr flag

Here is the scenario. Exchange server runs on a lan. Clients interact with the server via ActiveSync over HTTPs connections served by IIS. IIS is using a cert with SANs that are appropriate for the local domain. An example would be * I'm attempting to allow access to the server via TailScale (Wireguard) to an iOS client. The issue that arises is that when a connection is established via  ...

Score: 0
Nicolò avatar
Router [ER-X] as WireGuard Client to hide Office IP on Debian Server. Cannot bind to WireGuard IP from the server
de flag

Dear ServerFault community

I have a problem with my WireGuard Tunnel overall configuration.

I have an OVH VPS with 4 public IPs (MY_PUBLIC) acting as a WireGuard server and forwarding all the traffic (and ports) to my EdgeRouter-X router ( (which acts as a WireGuard client) and that, then, forwards it to my Debian server (

The problem is that when on the Debian server I tr ...

Score: 0
Simone Aonzo avatar
Using Wireguard on a VPS to route all traffic from a client and a server (both Linux) behind NAT
cn flag

I have two Linux machines, a client (C) in one country and a server (S) in another one.

I want to route all traffic from C to S, and therefore a VPN would be the best solution for me, but both C and S are behind NAT, and the ISP does not allow port forwarding. I don't even want to use any services like ngrok, and I want to do it myself to have complete control (and learn something new).

Therefore, I ...

Score: 0
DanRan avatar
Tunneling a LEMP server through an oracle instance with wireguard. Cannot get Nginx Certbot certificates on LEMP server. How to debug?
mx flag

I have a LEMP server at home running Ubuntu 22.02 and an Oracle cloud instance running Ubuntu 20.04. The Oracle cloud instance is acting as a Wireguard server. The LEMP server at home is acting as the Wireguard Client, and is being tunneled through the Oracle server in order to obtain an IP address that is different from my home IP address. I have set up this Wireguard Client/Server configuration per

Score: 1
ChownAlone avatar
VXLAN L3 over Wireguard L3, with VLAN-VNI Mapping
in flag

Hoping this is the right place - I originally posted on Network Engineering but it got closed and I was pointed to Server Fault.

I am currently attempting to setup a L2 bridge between two sites using VXLAN to provide the L2 connectivity and Wireguard as transport/L3. I've previously done a Layer 2 bridge like this using GRE over Wireguard and it's been rock-solid, but I'm trying to better underst ...

Score: 0
Wireguard Client to Client issues
cn flag

Server: Ubuntu

  • Wireguard server all clients connect to
  • Runs SMB share: all clients can access when the VPN is connected
  • Clients can ping eachother

Client a: Windows Server 2022

  • Firewall: Allow
  • IIS *:80
    • Works locally, works on VPN Server (wget), does not work on client b. Client b can access IIS over the server's public IP address, not the VPN address
  • SQL Server
    • configured to a ...
Score: 0
Kyle Champoux avatar
I can't get my WIreguard tunnel to complete a handshake
cn flag

I'm trying to setup a point-to-site wireguard tunnel between two different points on two seperate networks, but have setup similar tunnels setup in similar situations so I don't believe it has anything to do with the infrastructure between my tunnel's endpoints.

On one side I have a vm Windows Client with the following configuration

PrivateKey = iOoRnq+ngYGZFGpSqnRGgBsUvh9AVtWAXZGEw2Ir1FI= ...
Score: 1
Anton2319 avatar
Wireguard Client Addition without restart
za flag

I am building a Wireguard VPN network, in which I want to add and remove peers on the server without restarting the service or losing connections with existing peers. Tried searching for the results, but I found nothing that can suit my needs (all the solutions will cause a few second freeze or will require clients to redo handshake with server). Is it possible to implement this with Wireguard and if ye ...

Score: 0
Duncan Speel avatar
How to enable TUN in Ubuntu running in a docker container
us flag

So basically I'm running an Ubuntu container in docker, with the host system running Ubuntu Server 20.4 LTS, and the container running 22.4 LTS. My intended goal is to have a container to download torrents over a VPN in a container. Now I do not need to be able to access the torrents over web, so no access to my local network is needed. My problem is that anyway I install OpenVpn, WireGuard, or other VP ...

Score: 0
Wireguard Client Cannot Connect to Server Subnet
fr flag

I have a working setup of wireguard (Ubuntu 20.04 server, one Ubuntu 20.04 client and one Windows 10 client). I can connect to devices behind the VPN server.

VPN Server (EndPoint):
Public Subnet EndPoint sits in:
WireGuard Server Address:
Office LAN:
Peer Address:

The problem is that the clients cannot connect to anything that should go over th ...

Score: 0
WireGuard combining Hub and Spoke with Point to Site
us flag

I want a Point to Site topology but since the "client" and "server" hosts are both in their own NAT networks I need to rely on a third host in a Hub and Spoke topology.


Host A (hub)

PrivateKey = 
Address =
ListenPort = 51820

PreUp = sysctl -w net.ipv4.ip_forward=1

PublicKey = 
AllowedIPs =

PublicKey = 
AllowedIPs = ...
Score: 1
How to redirect tailscale to shadowsocks
tr flag

How to redirect tailscale traffic (TPC+UDP) through shadowsocks proxy on Linux? I've tried ss-redirect with no success.

Score: 0
Andreas avatar
Wireguard networking issues
sa flag

I'm having some wireguard networking issues and hope you guys can help me. My goal is to build a side to side vpn. For that I have host A (public) and host B (private). Below is my config to create the tunnel. So far I can ping from each side to the other like this: from to and from to But when I try to ping from to lets say i get ping: sendto ...

Score: 0
Krzysztofa Krzysztof avatar
How do I configure Wireguard for a K8s multi-site?
mx flag

I tried to configure Wireguard for a K3s multi-site cluster, my issue is with routing. There are at least 4 nodes, 2 in one location + 1 in other location and + 1 in other location.


  • network is for physical nodes
  • network is for pods
  • network is for services
  • Each of physical node can create a Pod, which have assigned an unique IP address in 10.42.0 ...
Score: 0
Robber1986 avatar
Set network route after starting docker container on ubuntu 20.04 TLS
kr flag

is there a possibility to add an additional route to the host table (ubuntu 20.04 LTS) with docker toolset after starting a docker container?


  • Docker version 20.10.12, build e91ed57
  • installed wireguard as container (image: )
  • wireguard container has IP
  • wireguard network is
  • wireguard host peer has ip
  • wireguard clients peers have 1 ...
Score: 0
vgaggia avatar
Forward traffic via multiple vps servers User ----> Solution ----> VPS 1 ----> Solution ----> VPS 2 ----> Internet
in flag

I've tried using Wireguard and a proxy to no avail, i'm not aware of any other ways of doing this, i'm open to suggestions for other ways of doing this, if anyone even wants to help with this,

My reason for doing this is basically this; i need to connect from South Africa to Asia Pacific, my ISP does not have capacity on the undersea cable that has direct access to asia pacific, so instead of get ...

Score: 0
Aaron Esau avatar
WireGuard `wg-quick up` hangs on `ip link add $profile type wireguard`
bw flag

I've been a happy WireGuard user for several years and never had any issues. Today, for seemingly no reason, I started having issues.

I ran wg-quick up $profile as root and that terminal session locked up (ctrl+c/d etc don't kill it). The only output was [#] ip link add $profile type wireguard.

Here's my config:

PrivateKey = $privatekey
Address =,fd9d:bc11:4021::3/48
DNS = ...
Score: 0
How setup wireguard + nixos to access servers (PostgreSQL, nginx) from workstation?
ma flag

I wanna give access to operators using wireguard to services like PostgreSQL, nginx, ssh, etc without giving the public IP of the host.

I use nixos, but a plain setup with wireguard + iptables can work for me.

The tunnel is established and packets are transferring, as shown (on the server):

❯ wg
interface: wg0
  public key: k4lOk+/rXONPolNI...
  private key: (hidden)
  listening port: 51820

pee ...
Score: 0
API-Server on master stops after adding second control-plane
us flag

In my current test setup I've several VMs running Debian-11. All nodes have a private IP and a second wireguard interface. In the future the nodes will be in different locations with different network and Wireguard is used to "overlay" all the different network environments. I want to install a Kubernetes on all nodes.

node   public ip        wireguard ip
vm2     ...
Score: 0
async await avatar
How do I configure IPv6 via WireGuard?
cn flag

I rented a VDS in order to set up WireGuard VPN on it and distribute all VPN clients /64 IPv6 subnets. From the hosting I originally got the address 2a0c:xxx:yyy::1/32. Here are the configurations of the network interfaces that I set up:

❯ ip a
    inet6 2a0c:xxx:yyy:1001::1/32 scope global
        valid_lft forever preferred_lft for ...
Score: 0
Wrapping Kubernetes with Wireguard
us flag

I've a scenario with many different nodes. Some have public IPv4, some have IPv6, some are dual stack. So I've created a wireguard network (, so that any peer can reach any other inside a private network regarding of IP-stack and location. I'd like to build a Kubernetes over this wireguard networks.

I've build a small test cluster ...

node   public ip        wireguard ip
vm1    192.168.1 ...
Score: 2
How to configure wireguard to forward client IP address (with gateway)?
jp flag

I am trying to configure wireguard to work as a VPN server. The main problem is, that the gateway only forwards the VPN server ip to other server, not my client IP.

My setup is the following:

                                                        - server A (
CLIENT ( -> wireguard server ( -- 
Score: 0
cernoel avatar
MTU Problems with vxnet over wireguard and linux bridge
cn flag

My Setup: Several Proxmox Hosts with one eth0 connected to LAN via bridge (vmbr0) in proxmox. (Default setup)

There is another "dummy" bridge device for internal traffic between Guests (vmbr100).

As first guest we have a "Router" VMs on each Host (debian bullseye) which are connected to vmbr0(host) on ens18(guest) and vmbr100 on ens19.

on the router we also have a simple vmbr100 linux bridge.

The Router's ...

Score: 0
Docker, WireGuard, firewalld
vn flag


  1. Ubuntu 20.04 LTS
  2. Docker
  3. WireGuard
  4. firewalld

I checked systemctl status firewalld

I have this message

Mar 10 23:04:29 vpnwaw firewalld[542]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No cha>
Mar 10 23:04:29 vpnwaw firewalld[542]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed>
Mar 1 ...
Score: 0
PTwr avatar
Internal DNS without Wireguard "proxy"
cn flag

Problem: Wireguard obfuscates DNS request, so all DNS lookups from devices connected via VPN are seen as coming from Wireguard server. This prevents me from setting up per-device DNS white/black lists.

Entering IP of internal DNS server as DNS in Wireguard profile does not work (nothing resolves) despite access to that IP through VPN.

Do I need to set DNS server as one of Wireguard clients for it to wo ...

Score: 0
How to start wireguard client on windows, in the background?
cn flag

I have multiple computers (Win10 pro) placed at different remote locations (my partners) that I need to manage. I need to access them from a central location. So I have a central VPN server, and I want multiple Win10 pro instances to connect to it. I'm using L2TP, but I would like to migrate to wireguard. With L2TP, it is possible to start rasdial.exe in the background, from the task scheduler. The main ...

Score: 0
Kevin avatar
Sent WG trafic to eth1
se flag

I setup a wireguard server with AWS, setup the wireguard client with a raspberry PI.

Now I need to redirect the WG traffic (wg0) to eth1 (eth0 is the uplink to my switch)

-- my goal is to get a IP from my WG server when a client is connected to the PI eth1 (Full tunnel)

my WG config

Address =
ListenPort = 51820
PrivateKey = ##
PostUp = iptables -t nat -A POSTROUTING -o eth0 ...
Score: 0
inzig0 avatar
WireGuard traffic not making it through tunnel
ma flag

I have a server( and a client(, both with wg. I've configured both using the wg command in a way that they should be able to talk to each other.

client wg:

interface: wg0
  public key: abc123=
  private key: (hidden)
  listening port: 51820

peer: xyz987=
  allowed ips:
  transfer: 0 B received, 7.37 KiB sent

server wg:

interface: wg0
Score: 0
Send response back through same device for connections coming in through Wireguard
us flag

I have a server lanserver running in my private LAN that is connected to a public server publicserver using Wireguard. publicserver forwards TCP connections to certain ports to lanserver through the Wireguard connection using an iptables DNAT rule.

On lanserver, Wireguard is set up as a NetworkManager connection. It is routing all internet traffic through Wireguard using AllowedIPs =, ::/0

Score: 0
Tetrapod avatar
How to give Wireguard client access to Internet only
it flag

I have a couple of WireGuard interfaces set up and can per peer decide to give access to server only or server and LAN/Internet. What I want to do for a specific peer is to give access to the Internet only and not to the server and LAN.

I think that I can't do this on tunnel/interface level but have to do it with iptables in the peer config - right? How would I go about doing this?

I have tried to f ...