Console9

WireGuard: no handshake between peers

Fix WireGuard when peers cannot complete a handshake due to blocked UDP ports or incorrect endpoint addresses.

WireGuard: no handshake between peers

WireGuard peers cannot complete a handshake when the UDP port is blocked, the endpoint address is wrong, or the keys do not match.

When WireGuard Produces This Error

wg show displays latest handshake: (none) for a peer. No data flows through the tunnel.

What Causes No Handshake in WireGuard

The server's UDP port (default 51820) is blocked by a firewall. The client's Endpoint address or port does not match the server's ListenPort. The public keys are mismatched — the server's [Peer] section does not contain the correct client public key, or vice versa.

How to Fix No Handshake in WireGuard

  1. Verify the firewall allows UDP 51820 on the server:

    sudo ufw allow 51820/udp

  2. Verify the Endpoint in the client config matches the server's IP and ListenPort.

  3. Verify public keys match on both sides:

    sudo wg show wg0

  4. Restart both sides:

    sudo wg-quick down wg0 && sudo wg-quick up wg0

How to Verify the Fix

wg show should display a latest handshake timestamp within the last few minutes.

© 2026 - Console9