By dplmq
Hello. I have followed this tutorial on setting up Wireguard: https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-22-04 My goal is to run a small droplet in my account that runs wireguard and use that as way to be able to access my other droplets that are not exposed to the internet. Following the tutorial I get a working connection and can connect to the rest of the internet as well as the VPS that is running wireguard but I can’t access other droplets using their private IPs (droplets are in the same region).
My configurations are as follows: DO VPS:
[Interface]
Address = 10.122.0.0/24
SaveConfig = true
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <my-vps-private-key>
[Peer]
PublicKey = <my-computer-public-key>
AllowedIPs = 10.122.0.0/24
Endpoint = <my-endpoint-ip>:56747
My computer configuration:
[Interface]
PrivateKey = <my-computer-private-key>
Address = 10.122.0.12/26
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = <my-vps-public-key>
AllowedIPs = 10.122.0.0/24
Endpoint = <vps-ip>:51820
10.122.0.0 is the subnet for my droplets on DO side. I suspect the issue is somewhere in the routing but can’t figure out where. Any help is appreciated. Thanks!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
If you are able to reach the internet and the VPS hosting WireGuard but not your other droplets, the issue is likely related to the routing between your private network (10.122.0.0/24) on your VPS and your droplets.
In this case, ensure you’ve configured the VPS hosting WireGuard to forward traffic. In addition, it’s important to double check the firewall rules to ensure they are not preventing the traffic from being forwarded from your VPS to your droplets.
You may want to revisit the ‘PostUp’ and ‘PreDown’ commands in your WireGuard configuration. The ‘PostUp’ commands are executed after the interface is brought up and ‘PreDown’ commands are run before the interface is taken down. Make sure your iptables and UFW settings are correctly configured to allow traffic to route properly between your WireGuard and virtual servers.
If all these settings are correct, you might need to ensure that each of your droplets’ firewall (if any exist) are configured to accept traffic from your WireGuard’s private IP address.
A more detailed guide on routing and firewalls for WireGuard can be found on DigitalOcean’s tutorial:
https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
Hope that this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Start building today
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
