Wireguard container (client), setting AllowedIPs on wg0.conf breaks all connections

(Using Podman)

I’m trying to set up a new custom network on docker-compose. So that didn’t work.

Eventually I traced the problem to the AllowedIPs setting. Which is a problem, because setting it to anything other than AllowedIPs = 0.0.0.0/0 breaks connections completely, so connecting to other containers in the same host is impossible.

In fact, I tried setting it to AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, which should be the same if I’m not mistaken. It also fails completely.

When it works I’m getting internet connection and a different IP. This problem also happens through the terminal and through docker-compose.

Here’s the command I used to test:

sudo podman run \
-e TZ=America/Santiago \
-e PUID=1000 -e PGID=1000 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
-v ./wireguard/ok.conf:/config/wg0.conf:ro \
-v /lib/modules:/lib/modules:ro \
--privileged \
--restart=unless-stopped \
-it lscr.io/linuxserver/wireguard:latest

Here’s my docker-compose (truncated to its bare essentials, it should work but the same problem happens):

services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: borealis_wireguard
    privileged: true
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - TZ=America/Santiago
      - PUID=1000
      - PGID=1000
    restart: "unless-stopped"
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./wireguard/ok.conf:/config/wg0.conf:ro
      - /lib/modules:/lib/modules:ro

And here’s my wg0.conf:

# client
[Interface]
Address = 10.8.0.5/24
PrivateKey = [redacted]
DNS = 9.9.9.9

# server
[Peer]
PublicKey = [redacted]
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
Endpoint = [redacted]:51832
PersistentKeepAlive = 15

Did I hit a bug or is there something I could be missing?