[Wireguard] how to access VPN server's LAN


I set up a Wireguard VPN server following WireGuard - NixOS Wiki.

I also enabled

boot.kernel.sysctl = {
    "net.ipv4.ip_forward" = 1;

But I couldn’t access the server-side LAN from the client.
I tried both allowedIPs = [ "" ]; and more restricted Ip ranges for the server on the client side.
What do I need to do?

I don’t understand why, but it works after rebooting.
It didn’t work after rebuild even though the service was up and running.
Can someone explain it?

Got an answer from someone offline. All kernel change needs rebooting.

Since Wireguard is implemented in Linux kernel. does it mean we need to reboot after any change on it?

As far as I can tell with my (admittedly still somewhat limited) understanding of nixpkgs, sysctl changes are special because they create a new kernel in the store, not modifying the currently running system. Stuff like creating new interfaces, adding new peers and so on works just fine at runtime (at least in my experience).

1 Like