TCP traffic in ipip tunnel inside wireguard connection

Jason A. Donenfeld Jason at
Mon May 29 23:02:16 CEST 2017

Hi Ivan,

I'll try to reproduce in order to determine whether or not there's a
checksum bug with nested tunnels. However, all of this seems quite

Just set allowed-ips to be your /30 for each peer. If you need one to
be at one time or another, you can change these at runtime.
Alternatively, if you _must_ have multiple just use two
different wireguard interfaces running on different UDP ports, and
then you'll have the full power of the ordinary linux routing table
for this sort of craziness.


More information about the WireGuard mailing list