knowledge-base/KB/Linux/Wireguard.md

---
creation date: 2022-09-05
tags: [note,linux,wireguard,wg]
---

# Wireguard

`wireguard-tools` is required.

## Forwarding

When forwarding should be allowed, the "host" needs to set the following via `sysctl` or in a `PostUp` / `PostDown` hook of WireGuard.

```shell
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
```

In addition, the `AllowedIPs` in the client's `peer` section should be `0.0.0.0/0, ::/0`.

## Import into Network Manager

When using Network Manager, WireGuard profiles can be imported

```shell
nmcli connection import type wireguard file <path to conf>
```

Ensure you've unchecked _Automatically connect_ afterwards in `nm-connection-editor`.

## Android

On Android devices, private DNS enabled might block resolving. Disable it for WireGuard
Manual backup: 2022-09-05 07:37:29 2022-09-05 05:37:29 +00:00			`---`
			`creation date: 2022-09-05`
			`tags: [note,linux,wireguard,wg]`
			`---`

			`# Wireguard`

			`wireguard-tools` is required.

			`## Forwarding`

			When forwarding should be allowed, the "host" needs to set the following via `sysctl` or in a `PostUp` / `PostDown` hook of WireGuard.

			```shell
			`net.ipv4.ip_forward=1`
			`net.ipv6.conf.all.forwarding=1`
			```

			In addition, the `AllowedIPs` in the client's `peer` section should be `0.0.0.0/0, ::/0`.

			`## Import into Network Manager`

			`When using Network Manager, WireGuard profiles can be imported`

			```shell
			`nmcli connection import type wireguard file <path to conf>`
			```

			Ensure you've unchecked _Automatically connect_ afterwards in `nm-connection-editor`.

			`## Android`

			`On Android devices, private DNS enabled might block resolving. Disable it for WireGuard`