r/WireGuard

Is it safe to use DMZ toward Ubiquiti Dream Machine to use WireGuard?

With a simple port forwarding, WireGuard won't connect. But with DMZ turned on, it connects quickly. Is there anything I'm doing incorrectly? Or it's safe to just use DMZ since the Dream Machine has its own firewall rules?

Thanks in advance for your help.

reddit.com
u/schlobalakanishi — 1 day ago

What's the correct way to use Wireguard in a business? I'm going crazy!

I'm trying to implement WireGuard in a company with approximately 20 laptops. My main problem is that once the WireGuard tunnel is connected, it doesn't disconnect despite restarts, shutdowns, sleep, hibernation, etc. On one hand, I'm trying a scheduled task to close the tunnel with these power events so that even if the user forgets the tunnel is connected at the end of the day, it disconnects every time there's a shutdown/sleep event. Another idea is to make it persistent and use a rule in the company's network controller to prevent WireGuard from connecting when the employee is physically in the office, so that all traffic goes through the computer's "original" network. But I see that in this last case, if the office's ISP were to change its public IP address (or if WAN1 goes down and WAN2 remains as a backup), the connection of users who are connected wouldn't renew the IP address of the subdomain configured on the peer. I would inevitably have to deactivate and reactivate the tunnel. How have you implemented WireGuard in companies, whether small, medium, or large? Thank you, and please excuse my "translated" English.

reddit.com
u/TOWER-PC — 3 days ago

Allowed IPs

If the allowed IPs is set to 0.0.0.0/0, does that mean that all traffic would be routed over that open tunnel? If I only want traffic to the remote subnet to be sent over that tunnel I would adjust the allowed ips to 192.168.x.x/24 or whatever?

Sorry if a stupid question

reddit.com
u/Sea-Elderberry7047 — 4 days ago

How to reliably benchmark a Wireguard client ?

I am proposing a change in the Linux WireGuard code. I want to run a benchmark and evaluate performance before/after the change.
Have anyone here attempted a local network benchmark ?

My LAN is 2.5Gb, but only one computer has a port available for these tests. (I also have a proxmox host, but I can't stop it to use for testing).
The other computers are laptops or raspberry-pis, and I don't think the test would be reliable.

I was considering using icmp or iperf3 over the WireGuard connection. Any suggestions ? Maybe a pair of Qemu machines (if so, how?) ?

Thanks

reddit.com
u/auyer — 4 days ago
▲ 18 r/WireGuard+3 crossposts

Russia's latest VPN move feels incredibly ironic

Russia has spent years cracking down on VPNs, but now one of its biggest mobile carriers is rolling out a government approved one for its own customers. I honestly didn't expect that. From what I've read, users on one of the carrier's plans automatically get access to certain Western services without installing a separate VPN app or paying extra. Things like Spotify, Netflix, and a few other platforms that became difficult to access after companies left the Russian market are apparently available again through this built-in service. The proposal reportedly came up during an economic forum, where officials argued these services weren't actually banned they just became inaccessible after companies pulled out. Now they're bringing back access through a state-controlled system, and it sounds like other carriers could end up doing the same thing. The whole situation is pretty contradictory. For years the government has blocked VPN providers, restricted access to foreign platforms, and made it harder for people to bypass internet controls. Now it's offering its own version because access to certain services is suddenly considered useful again. That said, it's worth remembering this isn't really a privacy VPN. It's more of a controlled access tool. If you actually care about privacy, it's a completely different story.

reddit.com
u/bigtigertitties — 4 days ago
▲ 5 r/WireGuard+1 crossposts

What is the best way to make wireguard container work on multiple networks?

Hi, i have this situation:

Vmware server on which i plan to install Ubuntu 24.04 LTS with wireguard and other containers.

There are multiple networks in the office and i need this wireguard to have different certificates to access different networks.

Last time i had Proxmox and i made 2 lxc containers and assigned them to different linux bridges, one for each network.

Can i do the same with docker, if I assign 2 nics to the vm on different networks, can I the make a container that binds to one nic or the other?

Is there a better way?

reddit.com
u/Palova98 — 5 days ago

Wireguard stop working at the same time every day

My wireguard connected to Hostinger stop working everyday at the same time, need to delete and reinstall then work again.......how to solve

reddit.com
u/Stephen1688 — 6 days ago

Android feature to enable WireGuard faster

This morning, I just discovered a pretty cool feature on my phone (Magic OS) for anyone who frequently accesses their LAN using a WireGuard VPN. It’s the same on my girlfriend’s phone (Xiaomi), so I imagine it works on all Android devices with a few minor adjustments. Control Center. ---> Edit shortcuts. ---> WireGuard icon.

I have no idea if I was the only one who didn’t know about this—it’s going to change my life now—so I thought I’d share it. Have a great day, everyone!

u/BreakHeavy2673 — 5 days ago
🔥 Hot ▲ 33.5k r/WireGuard+11 crossposts

This is Musk pulling off his Nazi solute. He Fuckin did it. You can't back peddle on this.

u/BoomstickBottom — 12 days ago

WG VPN in China 2026

I've been living in China for about a month and have been using AmneziaVPN WG the entire time without any issues. Today, however, something strange happened.

The VPN connects successfully, and my VPS shows that I'm connected. AmneziaVPN also shows traffic being forwarded, so on the surface everything looks normal. However, I can't access any Western websites at all.

I tested two different AmneziaVPN WG profiles on two separate VPS servers with different IP addresses, and both have the exact same issue. The app says "Connected," but in reality no websites load.

Could this mean the Great Firewall is somehow blocking or interfering with the connection? Has anyone experienced something similar recently?

Any troubleshooting suggestions or fixes would be greatly appreciated. Thanks!

reddit.com
u/wukong321 — 6 days ago

Split tunneling / One sided tunnel usage only

Hello,

My goal is to have a wg tunnel established between a "client" and "server", but not send any of the client's traffic through the wg tunnel. I only want the server traffic to go through the client.

No matter what, it seems like the tunnel won't work unless the client has AllowedIPs = 0.0.0.0/0 . If I keep this, then the server is bi-directional full tunneling.

  • 10.66.66.5 is the homeserver wg client IP
  • 10.66.66.1 is the VPS wg server IP

>>> Client - Homeserver that hosts a website

[Interface]
PrivateKey = REDACTED
Address = 10.66.66.5/32
DNS = 9.9.9.9,1.1.1.1
[Peer]
PublicKey = REDACTED
PresharedKey = REDACTED
Endpoint = 123.123.123.123:12345
AllowedIPs = 0.0.0.0/0 # This puts client traffic in tunnel. Changing it to "10.66.66.1/32" does not keep server traffic in the tunnel. The server cannot reach the client when I set this to anything other than 0.0.0.0/0.

>>> Server - VPS that acts as a proxy to homeserver website (nginx -> anubis -> homeserver)

[Interface]
Address = 10.66.66.1/24
ListenPort = 12345
PrivateKey = REDACTED
PostUp = iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
[Peer]
PublicKey = REDACTED
PresharedKey = REDACTED
AllowedIPs = 10.66.66.5/32

>>> client

>>> ip route

default via 192.168.1.1 dev enx7cc2c64af446 proto dhcp metric 100 
169.254.0.0/16 dev enx7cc2c64af446 scope link metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-e766702ebe72 proto kernel scope link src 172.18.0.1 linkdown 
192.168.1.0/24 dev enx7cc2c64af446 proto kernel scope link src 192.168.1.16 metric 100

>>> server

>>> ip route

216.128.x.x metric 100default via 216.128.x.x dev enp1s0 proto dhcp src 216.128.182.135 metric 100 
10.66.66.5 dev wg0 scope link 
108.61.10.10 via 216.128.x.x dev enp1s0 proto dhcp src 216.128.x.x metric 100 
169.254.x.x via 216.128.x.x dev enp1s0 proto dhcp src 216.128.x.x metric 100 
216.128.x.x/23 dev enp1s0 proto kernel scope link src 216.128.x.x metric 100 
216.128.x.x dev enp1s0 proto dhcp scope link src
reddit.com
u/q5305s17 — 7 days ago

Made Wireguard GUI Client for Linux

Greetings. I've decided to write a WireGuard GUI client for regular users who don't know how to work with the terminal or for those new to Linux. The target audience is Linux newbies. Essentially, it's a wrapper around CLI tools.

Tested only Fedora 44 KDE Plasma.

Written in Python 3.14.5, UI Framework Flet, policykit

- Github: https://github.com/nickstrlnkv/wireguard-gui-client

u/beemermoving — 9 days ago

Migrate WG server to a new device

I am currently running WS4W on a Windows box, but due to issues with ICS and a locally hosted DNS server, I need to migrate it to another device. I am considering a GL.inet Brume 3 or Beryl 7 instead.

What is the best way to migrate the server config? I only have a few users, so that is not the issue, but they are located in multiple countries. I want to simplify the migration and not involve someone remote to handle it. Although I could remote into the other locations if needed.

The current server is behind my firewall with port forwarding enabled. I would do the same with the new device. The only other change is that the internal IP would be different. External would stay the same.

reddit.com
u/Temporary-Cherry-282 — 11 days ago
▲ 6 r/WireGuard+1 crossposts

Wireguard VPN handshake fails

I am running the Wireguard vpn server on my Cloud Gateway Ultra. It has been running flawlessly for the last year. Today I changed the MTU on the CGU and suddenly every client stopped working. First I assumed something changed the credentials, so I regenerated them, but the client (Wireguard App on Android) will not connect anymore.

The logs show only two entries. "Sending handshake initiation" followed by "Handshake did not complete after 5 seconds". I am at loss why this is happening. I did not change anything else. Firewall and configured IPs are the same as before....

I am remembering something in the back of my head and cannot remember if this was related to ubiquity or something else, but could it be that it blocks traffic for a specific period of time once something was changed in the config?

reddit.com
u/Doomsday9069 — 12 days ago

What breaks in daily use for WireGuard on router vs individual devices

This might be a newbie question. I understand the basic appeal of running WireGuard on a router where all devices behind it can use the tunnel without configuring each device separately. But I’m wondering if there are some downsides in normal home use. such as gaming latency problems, stream device behavior, and what happens when the tunnel drops etc.

reddit.com
u/Long-Journalist-1373 — 12 days ago

PiHole Setup to Add NAS

Hi!

I'm currently using Wireguard on my phone to access my PiHole as a DNS split tunnel when away from home.

I'm considering building/buying a NAS to replace my cloud storage options. If I want to access my NAS away from home, do I need to install Wireguard on it?

Or, can I use my PiHole/Wireguard setup to access my local network?

Thank you!

reddit.com
u/arwu88 — 12 days ago

Windows client sends no UDP packets - 0 bytes received, no handshake

Environment:

- Windows 10, WireGuard for Windows (latest)

- Server: Ubuntu 24.04, WireGuard on UDP port 54507

Problem:

WireGuard shows "Active" but handshake never completes.

Transfer always shows 0 bytes received, no handshake time.

Server-side tcpdump shows NO packets arriving from Windows

client during connection attempts.

Confirmed:

- ICMP ping to server works (~186ms)

- macOS, iOS, Android clients work fine on same server

- Issue persists on both WiFi and mobile hotspot

- Added Windows Firewall rules for UDP in/out

- Fresh reinstall as Administrator

- Kill-switch disabled

What could cause WireGuard on Windows to not send any UDP packets?

reddit.com
u/Leon_19731 — 13 days ago

Need some help getting Asus router Wiregaurd server working

Had it running on an old Asus router.

Got a newer router and now can't figure it out.

​

Asus firmware latest

No-ip.com setup for DNNS

Used the barcode on my android phone.

​

The logs show handshake is not connecting.

​

I have tried this on/off my home network. No change

reddit.com
u/Theedudenator — 14 days ago

Recieved packet with Invalid mac1

So ive been trying to put a wireguard server on my Rapsberry pi 5 and trying to connect it to my android but it keeps saying the error mentioned in the Title and im kind of in a loophole here and cant get out like i checked the keys multiple times the port forwarding the correct ips the correct dyndns i configured if the router allows vpn passthrough and i dont think its NAT but im kind of stuck here

My config for the client:

[Interface] Address = 10.100.0.2/32, fd08:4711::2/128 DNS = 192.168.0.101 PrivateKey = [hidden]

[Peer] AllowedIPs = 10.100.0.2/32, fd08:4711::2/128 Endpoint = [the public ip]:47111 PersistentKeepalive = 25 PreSharedKey = [hidden] PublicKey = [hidden]

config for the server:

[Interface] Address = 10.100.0.1/24, fd08:4711::1/64 ListenPort = 47111 PrivateKey = [hidden]

[Peer] PublicKey = [hidden] PresharedKey = [hidden] AllowedIPs = 10.100.0.2/32, fd08:4711::2/128

reddit.com
u/Fishremix — 14 days ago