Explanation of multiple addresses in config

Michael Brookes mgsb81 at gmail.com
Mon Dec 30 11:16:32 CET 2019


The manpage for wg-quick states one can use Address multiple times in
the Interface section of a config.  I've tried this but it yields
unexpected results.  Here is my config which I'm using on my Ubuntu

PrivateKey = <key>
Address =
Address =

PublicKey = FgVLScjX29jwnXXbHStFpNKcFqbaiNK6LuSWFglrWCo=
AllowedIPs =,
Endpoint = endpoint1:51820
PersistentKeepalive = 10

PublicKey = itXrReVj+wuecrSs+VNnEEkpc7wHb8QhXQtMQUBrOj8=
AllowedIPs =,
Endpoint = endpoint2:51820
PersistentKeepalive = 25

wg-quick up <config> gives me an interface with both addresses
assigned, is listed first, listed second in
the ip addr output.
Running tcpdump in parallel on both peer endpoints and my latop, I
ping an address in the ranges the second peer lists in its AllowedIPs,
for example
tcpdump on the wireguard interfaces shows the following: -> : ICMP echo request

I can see the peer itXrReV... receiving the echo request but it's
coming from the first Address listed in the config and endpoint2 only
has 10.88/16 addresses in it's AllowedIPs.

Any insight into what's happening would be gratefully received, I've
tried asking a couple of times but not had any feedback, I suspect I
am fundamentally misunderstanding something here.

Regards and thanks.

More information about the WireGuard mailing list