Problem with wireguard connection

Issue: Can no longer connect android phone to wg server. Seeing Tx packets on phone going up but no Rx.

System is raspberry pi 4 with 32bit bullseye and the end point is pinging, so I think that is OK.

Docker-compose file is…

version: '3.3'
    container_name: wireguard
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - SERVERPORT=51820
      - PEERS=SGA20,Phantom
      - PEERDNS=auto
      - 51820:51820/udp
      - type: bind
        source: ./config/
        target: /config/
      - type: bind
        source: /lib/modules
        target: /lib/modules
    restart: unless-stopped
      - NET_ADMIN
      - SYS_MODULE
      - net.ipv4.conf.all.src_valid_mark=1

Logs look OK to me…

Log viewer settings
Auto-refresh logs
Wrap lines
Display timestamps


[migrations] started

[migrations] no migrations found


      ██╗     ███████╗██╗ ██████╗ 

      ██║     ██╔════╝██║██╔═══██╗

      ██║     ███████╗██║██║   ██║

      ██║     ╚════██║██║██║   ██║


      ╚══════╝╚══════╝╚═╝ ╚═════╝ 

   Brought to you by


To support the app dev(s) visit:


To support LSIO projects visit:




User UID:    1000

User GID:    1000


Uname info: Linux efad928e2723 6.1.34-v8+ #1657 SMP PREEMPT Fri Jun 16 12:36:29 BST 2023 aarch64 GNU/Linux

**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****

**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****

**** Server mode is selected ****

**** External server address is set to SECRET ****

**** External server port is set to 51820. Make sure that port is properly forwarded to port 51820 inside this container ****

**** Internal subnet is set to ****

**** AllowedIPs for peers, ::/0 ****

**** PEERDNS var is either not set or is set to "auto", setting peer DNS to to use wireguard docker host's DNS. ****

**** Server mode is selected ****

**** No changes to parameters. Existing configs are used. ****

[custom-init] No custom files found, skipping...



linux/arm, go1.19.9, 

[#] ip link add wg0 type wireguard

[#] wg setconf wg0 /dev/fd/63

[#] ip -4 address add dev wg0

[#] ip link set mtu 1420 up dev wg0

[#] ip -4 route add dev wg0

[#] ip -4 route add dev wg0

[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

[] done.

Docker-compose pull wireguard says no V8 candidate.

I have an old image from a few weeks back that worked. Can I use that to recreate the container so that at least it works for now? If so how to do that?

Thanks for any help to get this working again :pray:

We don’t support 32bit arm on wireguard. We won’t support 32bit anything starting July 1st. It’s time for you to move to 64bit.

Thanks - It’s not July yet!

Please if there anyone who knows a way to restore the image I have to a running container I would appreciate the help as docker is not intuitive for me.

That is correct, hence why some containers still support 32bit arm. Wireguard isn’t one of them.

We will not update the container for 32bit anymore, so if you choose to be irresponsible, simply lock your version to one prior to 32bit deprecation. It will be very insecure to do so. The responsible solution is to run a 64bit OS, especially when you consider wireguard likely gives access to your LAN from the outside.

I suggest giving this a read too: A Farewell To Arm(hf) |

you should be able to use the tag v1.0.20210914-ls120 to get it working on 32bit hardware. This is a huge security risk, good luck!

P.S. don’t auto update things without verifying it doesn’t have breaking changes. It’s part of the responsibility of self-hosting.

I just need to get this working again if possible.

It is used to view cameras at my Mums house as she is 93 and has dementia.

I only need it long enough until I can replace the pi/wireguard with something like cameras with an mobile app from Amazon or similar - Would be better option now I think.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.