Wireguard container (client), setting AllowedIPs on wg0.conf breaks all connections

(Using Podman)

I’m trying to set up a new custom network on docker-compose. So that didn’t work.

Eventually I traced the problem to the AllowedIPs setting. Which is a problem, because setting it to anything other than AllowedIPs = breaks connections completely, so connecting to other containers in the same host is impossible.

In fact, I tried setting it to AllowedIPs =,, which should be the same if I’m not mistaken. It also fails completely.

When it works I’m getting internet connection and a different IP. This problem also happens through the terminal and through docker-compose.

Here’s the command I used to test:

sudo podman run \
-e TZ=America/Santiago \
-e PUID=1000 -e PGID=1000 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
-v ./wireguard/ok.conf:/config/wg0.conf:ro \
-v /lib/modules:/lib/modules:ro \
--privileged \
--restart=unless-stopped \
-it lscr.io/linuxserver/wireguard:latest

Here’s my docker-compose (truncated to its bare essentials, it should work but the same problem happens):

    image: lscr.io/linuxserver/wireguard:latest
    container_name: borealis_wireguard
    privileged: true
      - NET_ADMIN
      - SYS_MODULE
      - TZ=America/Santiago
      - PUID=1000
      - PGID=1000
    restart: "unless-stopped"
      - net.ipv4.conf.all.src_valid_mark=1
      - ./wireguard/ok.conf:/config/wg0.conf:ro
      - /lib/modules:/lib/modules:ro

And here’s my wg0.conf:

# client
Address =
PrivateKey = [redacted]

# server
PublicKey = [redacted]
AllowedIPs =,
Endpoint = [redacted]:51832
PersistentKeepAlive = 15

Did I hit a bug or is there something I could be missing?

Hello there,

I don’t know if ou are still looking into this it’s ben a couple of month, but in case you are.
Allowedips or is working fine.
In your case the volume


Might be the issue. The container use this folder to store all peers credentials.
try with something like this:

  • /full/local/path:/config:Z


restart: "unless-stopped"

is not necessary with podman.

I managed to have it working with both and with a specific range of ips. Running the container as root.
No luck with rootless container so far.