So here are my files. First befor vpn connection:
ip -4 addr
ip -4 ro li table all
ip -4 ru
iptables-save -c
ss -tulnp
And with vpn connection:
ip -4 addr
ip -4 ro li table all
ip -4 ru
iptables-save -c
ss -tulnp
Hope that helps.
There are some docker entries in the iptables.
Check what Joulinar wrote here
Other than that there are no differences in routing/rules/iptables/sockets.
There is no path called
/etc/docker/
on my system. I uninstalled docker with dietpi-software. How can I delete the entries?
Try to reboot. That will start fresh without any leftovers from uninstalled software.
yes docker is a bad guy if you are running it on a VPN server, I was running into that trap as well personally. It’s easy to fix but hard to find.
That’s basically the issue :FORWARD DROP [4972:303171]
But a reboot should fix it and remove leftover from Docker
So reboot does not help. How do I get ridd of :FORWARD DROP [4972:303171]?
can you share iptables -S
it still contains all the docker rules. strange. can you share dpkg -l docker*
sure again 
just a side node, docker-compose is is still installed, wich doesn’t make sense without docker 
do you have any think like iptables-persistent installed loading old data? Check dpkg -l iptable*
BTW: workaround would be iptables -I DOCKER-USER -i eth0 -o wg0 -j ACCEPT. Right after it should be working
seems like I have iptables-persistent installed.
Do I need this?
I tried your command but still no connection to other Pis in my network. Even after a reboot.
the workaround is temp. and not persistent at this moment. Means if you reboot, it’s gone. But our goal is to remove docker rules at all
Anyway, if you don’t need to load specific iptables data, it simply can be removed apt remove --purge iptables-persistent
Thanks, I started a new thread here: Wireguard with IPv6 not working as expected
nilsacht I hope you can fix your problem. I doubt I can be of much help from here on, compared to trendy and Joulinar.
Sibbefufzich Thanks.
@rest
This is my iptable now after uninstall of persistent
http://sprunge.us/pz1EwX
Still doesn’t work 
ok at least docker is gone now and -P FORWARD ACCEPT was correctly set.
Just some question
I check this tomorrow.
For this, a SNAT should be applied, otherwise the other lan hosts will send the packets meant for wireguard to the internet gateway, which will discard the. Or the internet router must have a static route for the wireguard network via the dietpi, and it should not drop invalid packets.
Good Morning (in Germany),
Handshake should be ok http://sprunge.us/t7AvRs
Ping to my wireguard server is successfull over vpn. And net.ipv4.ip_forward is still set to 1.
The Ping to other devices in my home network failed (as trendy mentioned)
that might be the different between PiVPN version and DietPi implementation of WireGuard. I did a test installation of the DietPi Wireguard implementation (not PiVPN) and I was able to reach every LAN device without setup anything in addition. It was working right out of the box. I explicitly used a network range not used before
root@DietPi3:~# cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.6.0.1/24
maybe because of the iptable settings done on /etc/wireguard/wg0.conf. They are DietPi specific and I guess missing or different on PiVPN
PreUp = /boot/dietpi/func/obtain_network_details
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE