Mark Clowes (38M 🇬🇧)

Index - Wireguard Clients Flip-Flop

2021-03-04

A server-client Wireguard setup must only have one client per tunnel by design. If you somehow end up with two clients trying to connect to the same tunnel with the same settings, they will fight over which way the tunnel is routed. From the client point of view the connection will timeout for a few seconds and then resume for a few seconds repeatedly and it won't be obvious why. On the server you can monitor the endpoints for flip-flopping and realise you have the same tunnel still active on another client device:

watch --differences=permanent wg show wg0 endpoints