I simply don't understand. It is working to me but now for me it is more important to understand why it is working and why following what wg0-client.conf suggests instead does not make it working.
Did you have time to do some test?
I re-attached my wg0-client.conf:
And this is how my wireguard client on my android phone is configured. Actually you will notice that here I had not changed AllowedIPs from /24 to /32
Code: Select all
[Interface] # The address must be unique for each client, use "10.8.0.3/24" for the second client and so on. Address = 10.8.0.2/24 PrivateKey = HIDDEN # Comment the following to preserve the clients default DNS server, or force a desired one. DNS = 192.168.1.1 # Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server # NB: This requires "iptables" to be installed, thus will most likely not work on mobile phones. #PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark -m addrtype ! --d$ #PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark -m addrtype ! --$ [Peer] PublicKey = HIDDEN # Tunnel all network traffic through the VPN: # AllowedIPs = 0.0.0.0/0, ::/0 # Tunnel access to server-side local network only: # AllowedIPs = 192.168.1.0/24 # Tunnel access to VPN server only: # AllowedIPs = 192.168.1.2/32 AllowedIPs = 192.168.1.0/32 Endpoint = HIDDEN # Uncomment the following, if you're behind a NAT and want the connection to be kept alive. #PersistentKeepalive = 25