macOS wireguard client: traffic to wireguard interface self IP travels through VPN server

Dmitrij Gusev dmitrij.gusev at zealid.com
Wed Jan 6 16:46:40 UTC 2021


Hello.
We just started to use the WireGuard VPN in our company.
Thanks for the great software!

I discovered, that while using the macOS wireguard client a traffic to the wireguard interface self IP travels through VPN server.

So for example if I ping wireguard interface self IP from macOS machine - both echo-request and echo-reply goes through WireGuard VPN server’s nftables “forward" chain.
Normally this kind of traffic is expected to travel locally.

Is it a bug in the WireGuard macOS client or is it related to macOS network (tunnel) stack glitches?
Are you already aware of a such behaviour?

macOS Big Sur version 11.1
WireGuard app version 1.0.12 (22)

macOS wireguard config looks like this:
[Interface]
PrivateKey = <PRIV KEY>
Address = 10.0.0.5/24
DNS = 10.1.0.53, example.local

[Peer]
PublicKey = <PUB KEY>
AllowedIPs = 0.0.0.0/0
Endpoint = vpn-srv.example.com:28283
PersistentKeepalive = 20

Thanks,
Dmitrij Gusev
System Architect
dmitrij.gusev at zealid.com
+370 6330 5550
ZealiD



More information about the WireGuard mailing list