Wireguard on Mac not working through a corporate VPN

[Michael Lennartz]

Hi team,

Since a while already we’re testing Wireguard in our environment and I think, it’s a great project.
The focus is currently on Mac clients, where we’ve used the CLI version from homebrew so far very successfully.

It’s important to note, the we’re reaching the server peer via another (Corporate) VPN interface.


Recently we’ve updated to MacOS 11.2 (Big Sur) on the M1 architecture and the (most recent) CLI version of Wireguard stopped working:
When I now try to connect to the server peer, the "wg-quick up …” hangs at the first ‘wg set utun3 peer …’ command.

Then we try to use the GUI version from the AppStore, which seems to establish the tunnel interface and routing correctly. But we can’t see any traffic passing the corporate VPN interface towards the server peer. Even not the initial handshake.


Do you have some hints, if this setup is supposed to be working ? Or any suggestion where to look at ?


Br,
Michael