WireGuard Endpoints and IP Addresses
When getting started with WireGuard, it can be hard to understand the interaction between the network layers below WireGuard (the “real” network, often a physical Ethernet or WiFi network) and the WireGuard VPN (Virtual Private Network). This article will cover which configuration settings are used for which (“real” network or virtual network), and will trace how an individual packet flows between the two.
If you’re wondering about some of the terminology used by this article, take a look at at the WireGuard Terminology article for clarification.
Let’s first look at a simple WireGuard configuration file. Here you’ll see three different settings with IP addresses — Address, AllowedIPs, and Endpoint:
The Address setting is the virtual address of the local WireGuard peer. It’s the IP address of the virtual network interface that WireGuard sets up for the peer; and as such you can set it to whatever you want (whatever makes sense for the virtual WireGuard network you’re building).
