[WireGuard] WireGuard doesn't work with network namespace on ArchLinux

Jason A. Donenfeld Jason at zx2c4.com
Fri Aug 19 14:54:24 CEST 2016


>> $ cat /etc/wireguard/client.conf
>> [Interface]
>> PrivateKey = OAT5r6E1hid***iVBnY=

Never post any part of your private key to the internet. I advise you
to change your keys now.


>> ListenPort = 52345
>> [Peer]
>> PublicKey = aMC3f6kw***UDQVwo=
>> EndPoint = [2a01:4f8:***:***::5]:40111
>> AllowedIPs = fc00::10/7

Here's where you go wrong. On the _client_ you want:
    AllowedIPs=::/0,0.0.0.0/0
In other words, the client trusts the server to send data as any IP,
and the client will send any IP data to the server.

The AllowedIPs you use on the server should most likely be a /128 and
a /32, however.


More information about the WireGuard mailing list