WireGuardNT: Tunnels cannot be "nested"

David Lönnhager dv.lnh.d at gmail.com
Mon Aug 23 10:21:30 UTC 2021


I'm trying to connect to one peer/endpoint via another peer. Using
wireguard-go, or using WireGuard in the Linux kernel, this could be
accomplished with a configuration kind of like this one:

Endpoint = A:51820
AllowedIPs = B/32
Endpoint = B:51820
AllowedIPs =

When I try this setup with WireGuardNT (0.4), it seems as if B is
being connected to directly (outside of any tunnel), even if I route
"B" through the WireGuard interface.

Are routes using the interface being ignored
(https://git.zx2c4.com/wireguard-nt/tree/driver/socket.c#n213), and is
this the reason why the above no longer seems to work?

Is there any chance that this will change?

Thank you,

More information about the WireGuard mailing list