Trouble running a proxy VPN

Pranesh Prakash pranesh at
Sat Jun 17 06:26:27 CEST 2017

Jason A. Donenfeld <Jason at> [2017-06-14 13:48:45 +0200]:
> Looks like maybe you forgot to enable IP forwarding and masquerading
> on the server.

This was exactly it.  Thanks for the help on the IRC as well.

I had forwarding configured for OpenVPN on a different IP range, but had 
to change it for WireGuard and the IP range I was using with it.

For future novices reading this thread, the things one has to do on a 
*fresh* Ubuntu installation:

Step 1: Change /proc/sys/net/ipv4/ip_forward to allow IPv4 packets to be 
forwarded in this session:
$ sudo sysctl -w net.ipv4.ip_forward=1

Step 2: Change /etc/sysctl.conf to allow the forwarding of IPv4 packets 
even after reboots:
$ sudo sed '/ip_forward/s/^# *//' /etc/sysctl.conf

Step 3: Enable masquerading for the IP range which is there in the 
AcceptedIPs line on what is to act as the proxy server (ex:
$ sudo iptables -t nat -A POSTROUTING -o <external interface> -s -j MASQUERADE

... where <external interface> is something like eth0, enp0s25, wlan0, 
wlp3s0, etc., depending on which network interface is being used to 
connect to the Internet.  You can do this by checking via:

$ ip route ls

Once you've done that, this should work

$ sudo wg-quick up <name>


Pranesh Prakash
Policy Director, Centre for Internet and Society | tel:+91 80 40926283
sip:pranesh at | xmpp:pranesh at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the WireGuard mailing list