Hey folks,

I’ve been using WireGuard on my macOS, Linux & Windows machines for a while now 
and recently the Windows machines started to block WireGuard in a strange way.
I’m using Windows 10 & 11 with the latest updates. WireGuard client version is 

The config looks like this:

PrivateKey = <client_private_key>
Address =

PublicKey = <server_public_key>
AllowedIPs =
Endpoint = vpn.example.com:51820

When I activate the WireGuard VPN it reports that the connection is active and 
ready to go. I even see the new adapter created in the Windows network settings 
but when I try to ping resources behind the VPN, I get a “General Failure” 
message from the command line.
Pinging the local client VPN adapter IP works.

First I tried a couple simple things that may help the WireGuard client to 

        • Reboot
        • Run as administrator
        • Re-install client
        • Re-generate keys & config
        • Try same config on a Mac to rule out mismatches (this works)
        • Run WireGuard in Windows 7 compatibility mode
        • Configure the TCP/IP stack in the registry to favor IPv4 over IPv6
        • Disable IPv6 entirely
        • Add explicit firewall rule to allow WireGuard ports
        • Disable firewall entirely
        • Try full-tunnel via in "AllowedIPs"

None of the above points produced any change whatsoever.

Finally I took to WireShark to see if it can help me identify where the packets 
get stuck and surprisingly WireShark doesn’t show ANY packets destined for the 
51820 UDP port on ANY interface. Which is the point at which I ran out of ideas.
I tried this on 2 different Windows machines and both exhibit the same behavior 
so it doesn’t look like it is something that is special to a machine. I have 
not yet gotten to test a complete fresh install of windows as that is a bigger 


Reply via email to