---
creation date: 2022-09-05
tags: [note,linux,wireguard,wg]
---

# Wireguard

`wireguard-tools` is required.

## Forwarding

When forwarding should be allowed, the "host" needs to set the following via `sysctl` or in a `PostUp` / `PostDown` hook of WireGuard.

```shell
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
```

In addition, the `AllowedIPs` in the client's `peer` section should be `0.0.0.0/0, ::/0`.

## Import into Network Manager

When using Network Manager, WireGuard profiles can be imported

```shell
nmcli connection import type wireguard file <path to conf>
```

Ensure you've unchecked _Automatically connect_ afterwards in `nm-connection-editor`.

## Android

On Android devices, private DNS enabled might block resolving. Disable it for WireGuard