Tried changing the allowed ip's to what was suggested and it did not work. Same behavior as before. Also my configs were working as expected before i had my router connected to a vpn service. It required me to add the following route policy for my vpn client on my router Source IP: 192.168.1.0/24, Destination: 0.0.0.0 will go throuh the VPN. So if it matters if i connected to wireguard using the ip address of the ISP vs the IP address of the VPN? -- Arpit On Wed, Mar 6, 2019 at 1:18 AM XRP wrote: > On Wed, 2019-03-06 at 08:40 +0000, Arpit Gupta wrote: > > On my server my conf is > > > > [Interface] > > Address = 192.168.100.1/32 > > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o > > %i -j > > ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD > > -o %i > > -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE > > ListenPort = 54930 > > PrivateKey = xxxxx > > > > [Peer] > > PublicKey = xxxx > > AllowedIPs = 192.168.100.2/32 > > > > > > on my client my config is > > > > [Interface] > > Address = 192.168.100.2 > > PrivateKey = xxxxx > > ListenPort = 21841 > > DNS = 192.168.1.63 > > > > [Peer] > > PublicKey = xxxx > > Endpoint = ddns:xxx > > AllowedIPs = 192.168.1.0/24 > > > > # This is for if you're behind a NAT and > > # want the connection to be kept alive. > > PersistentKeepalive = 25 > > Try changing AllowedIPs in the client config to: > AllowedIPs = 192.168.100.1/32,192.168.1.0/24 > > Also, if you want to masquerade the traffic to the internet you need to > add 0.0.0.0./0 to the client or change the destination IP to the server > node via a NAT rule, otherwise it's going to be rejected because the IP > packet doesn't have an AllowedIP address, I think. (The source needs to > match, so either 192.168.100.1/32 or 192.168.1.0/24). My guess is > that's why you couldn't complete the handshake. > >