[Solved] Wireguard - multiple SERVER_ALLOWEDIPS_PEER_xx


I am trying to set up 2 (or more) site-to-site wireguard connections. In my compose file for the server, I have:

  • PEERS=a,b

where, and are the other site LANs.

when I run docker exec wireguard-server wg I get following:

peer: (a)
  preshared key: (hidden)
  allowed ips:

peer: (b)
  preshared key: (hidden)
  allowed ips:,

any idea why peer (a) does not have under allowed ips?


I forgot to mention that in the wg0.conf I can see peer (a) set up correctly:

# peer_a
PublicKey = xx
PresharedKey = xx
AllowedIPs =,

# peer_b
PublicKey = xx
PresharedKey = xx
AllowedIPs =,

and also I tried to restart the container / redeploy the stack etc…

It looks like wg0.conf was created correctly. That’s the part our init handles. Going from wg0.conf to the working wireguard setup is handled by wireguard’s wg-quick script. We don’t have control over that.

I just ran this:
docker run -d --rm --name test --cap-add=NET_ADMIN --cap-add=SYS_MODULE -e PEERS='a,b' -e SERVER_ALLOWEDIPS_PEER_a="" -e SERVER_ALLOWEDIPS_PEER_b="" lscr.io/linuxserver/wireguard:latest
and then checked docker exec test wg show
and I get

interface: wg0
  public key: lFe+dn/pW1ISb49o/qFrXArZSNcjFrknWpDtM4+KVDM=
  private key: (hidden)
  listening port: 51820

peer: 0YwExoarlEur5ErY8+0ihN4kX99e0VHzbm/aGphVDns=
  preshared key: (hidden)
  allowed ips:,

peer: Tvf2Si6830ey+XjY+R0Arp0/UoIcY3pISRQgoJ9DaWM=
  preshared key: (hidden)
  allowed ips:,

as expected

I just found my issue - forgot to change one of the networks


that caused the issue apparently.

Thanks @aptalca for fast response!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.