Wireguard Tunnel on Fire TV 4k MAX not working. Where is the error?

First of all: This is not strictly a DIETPI issue. My past experience is just, that here are highly skilled IT People and i hope im getting some hints/help, where the issues is. BUT i dont not expect any help. thanks for reading:

So i have following setup:

Router: Asus RT-AX86U
→ This has a Wireguard Server Function. So you can run a Wireguard Server out of the box.

Client: Amazon Fire TV 4K Max
I using the latest available .apk from the wireguard website. It links to the f-droid store and i used Version 1.0.20220516 (492)

So what i did until now:

  1. I went to my asus router page, and used the Wireguard VPN Server Tab to create .conf files to connect with my client to the wireguard server.
  2. First i tested a .conf file with my iphone and it worked perfectly. icould import the .conf file in the official wireguard client for iOS
  3. than i created another .conf files designated for the fire tv stick 4k MAX.
  4. I installed via f-droid and the Downloader app the wireguard client apk.

→ During Import of the .conf file i get the error:

Unable to import tunnel: Unknown section in Config

Here a screenshot: Bild-2023-01-24-112158883 hosted at ImgBB — ImgBB

That is in the .conf file:

For me that looks all normal? I ofc deleted my keys for privacy reasons.

What is my issue and can it get fixed? Online it seems that many people report, that using wireguard with a fire tv device works.

I tested it on a second device: Fire TV Cube (2nd Gen) and got the same error

Maybe it’s a hidden character like blank or tab which is in the config file. You may check this an remove carriage returns, blanks etc.

This could be a reason. Maybe the parser is a bit piggy…

first of all thank you for your feedback!

The Problem is, that i just have this vanilla file from my asus router. i do not have a comparison file, which i know how the structure etc should be.

Is there some examples? The wireguard website did not provide such a thing

the file looking good. We basically have the same file on plain Wiregaurd install

Address =
PrivateKey = Yxxx=

# Comment the following to preserve the clients default DNS server, or force a desired one.

# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server
# NB: This requires "iptables" to be installed, thus will most likely not work on mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

PublicKey = Dxxx=
# Tunnel all network traffic through the VPN:
#	AllowedIPs =, ::/0
# Tunnel access to server-side local network only:
#	AllowedIPs =
# Tunnel access to VPN server only:
#	AllowedIPs =
AllowedIPs =, ::/0
Endpoint = your.ddns.com:51820

# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
#PersistentKeepalive = 25