Can you paste the configuration code please ?
@plainmad I have exactly the same problem you discribe. No problem using wireguard on an android phone. But a similar configuration on ipad and i cannot browse internal IPs (externals are fine).
Any idea how to solve it?
Did you find a solution working solution for this?
Not possible with the WireGuard addon
I suppose you could try to create an addon with WiteGuard and AddGuard in one container… Does anyone know if that would work?
Indeed, with an other working solution like a docker image, pihole or something else that works i would also be happy.
did you solve your filtering problem differently?
No, I use AdGuard only in local LAN now.
Any solution for your problem ? I have also the same problem.
Hi all,
I had similar problems mentioned above (unable to connect to Home Assistant / access the internet when WireGuard is connected), and thought i’d share what worked for me - spoiler alert: it was a DNS issue 
I probably have a similar setup to many: Home Assistant externally accessible via port forwarding and the “DuckDNS” addon, along with AdGuard.
For me, it turned out that AdGuard wasn’t configured correctly and required a manual IP binding and exceptions in the “allowed clients”
AdGuard: Private reverse DNS servers:
Check: AdGuard → “Settings” → “DNS settings” and ensure “Private reverse DNS servers” contains your Home Assistant IP - despite the comment mentioning the resolver “172.30.32.3” should work, i was having issues with WireGuard.
AdGuard: Allowed clients:
Check: AdGuard → “Settings” → “DNS settings” and ensure “Allowed clients” either contains all the appropriate subnets, or clear the list.
Lastly, the DNS server specified in WireGuard / clients was the local IP of my Home Assistant DNS (not the 172.30.32.3)
Hope this helps or points others in the right direction - it’s now working flawlessly! 
regards,
Kurt.
Hi, same problem here…. Did you solved it? Greetings.
Hi, how can I add a static route to Wireguard like
route add 192.168.2.0/24 dev wg0
wg0 does not exist on hass os.
Hello,
I want to use my HomeAssistant to control/ get infos about devices in an external network. HAss ist reachable through cloudflare and a domain - maybe there is an easier method than wireguard (?).
However, I did start the Fritzbox setup (in the external network) for wireguard and I got a config file. I can use it with my laptop wireguard programm, works everything fine.
How can I transform this file/ use those infos, to get my HAss connected to this external network? I did try to use the normal wireguard addon and also the client addon (GitHub - bigmoby/addon-wireguard-client: Hassio Add-On Wireguard Client) but it doesnt work. I’m very new to Raspberry at all, so I probably made any mistakes in the configuration.
Thats from the fritzbox file:
[Interface]
PrivateKey = cLCrTC…cZGGWs=
Address = 192.168…02/24
DNS = 192…8.1
DNS = fritz.box
[Peer]
PublicKey = guy0P…qY74BA=
PresharedKey = vToZ…zLBSQI=
AllowedIPs = 192…58.0/24,0.0.0.0/0
Endpoint = hceqi…9.myfritz.net:54192
PersistentKeepalive = 25
When I import this into the laptop wireguard programm, I get a public key instead of an private key for interface: wM1…XIylcXw=
Btw. thats the error of the wireguard client addon
[12:08:24] INFO: Starting WireGuard Client…
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.158.202/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
sysctl: error setting key ‘net.ipv4.conf.all.src_valid_mark’: Read-only file system
[#] resolvconf -d wg0 -f
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
[12:08:54] INFO: Requesting current status from WireGuard Client…
[12:09:25] INFO: Requesting current status from WireGuard Client…
[12:10:01] INFO: Requesting current status from WireGuard Client…
[12:10:32] INFO: Requesting current status from WireGuard Client…
I have a ghost in my Wireguard setup…
I played a bit with it, but didn’t get it working fully yet on my multi-VLAN setup. So I removed the port forward again and shut down the addon. However, the wireguard client claims to still connect to the wireguard server when I turn on the switch in the mobile app… what the f is going on here?
Are you actually receiving something (Rx) or just transmitting with the client? (Tx)
Only transmitting. It’s quite misleading that it presents this as a successful connection?
Never mind, I had some typos in the config. Working now and very smoothly, this is cool!
Yesterday I noticed something weird. I seem to have lost my configuration blocks for server aswell as for the peers part. Trying to view the code in yaml results in an empty screen too. I am running plug-in version 0.80 on :
Home Assistant 2023.3.6
Supervisor 2023.03.3
Operating System 9.5
Frontend-version: 20230309.1 - latest
Since I already had created 1 peer, I can confirm that WireGuard is operational.
Because I am fairly new to HA, I have no idea where to start investigating thuis issue, anyone noticed the same or have a clue what could have caused this?
Thanks for a great add-on!
So I’ve set up a network-to-network tunnel, unifying my home network with another home LAN. Basically it works well - for traffic coming into HASS. However traffic going from HASS into the remote network would (obviously) not find itself in the tunnel.
Specifically, I’d like traffic from ESPHome to find its ESP devices on the remote network. ESPHome runs in its own container and clearly does not see the routing table and NAT configs done by WG.
Is there a simple way to achieve that? I’d settle for a hack that’s specific to ESPHome. I tried some routing table manipulations but so far no luck. I’d appreciate any pointers. Thanks!
(HA OS, on Yellow.)
Add this in your Home Assistant configuration:
command_line:
- sensor:
name: Wireguard addon internal IP
command: "host_result=$(host a0d7b954-wireguard); addon_ip=${host_result##* }; ip route replace 172.27.66.0/24 via $addon_ip; echo $addon_ip"
It will automatically create the necessary route.
Note auto-discovery is based on mDNS and won’t work with Wireguard; you’ll need to set up each ESPHome node manually with their Wireguard IP address.
4 Likes
Thank you @CarlosGS ! This is extremely helpful.
I ended up using it with one change - needed to append ...src <hass-visible-address> to the route so that the returning packets will come from the visible IP address of HASS.
Traffic seem to be flowing nicely now - thanks again!
2 Likes