wireguard peer (client) loses VPN IP address shortly after connection, but stays connected to VPN server and can ping the server IP. What gives?

I am tunneling an Ubuntu 22.04 web server through a Wireguard VPN (as the vpn client), to another Ubuntu 22.04 Server as the Wireguard VPN Host (server). I have set up the Client/Server exactly according to these instructions from Linuxbabe with port forwarding and masquerading on the WG server enabled. I am also running unbound DNS on my WG Client. Both my WG Client and WG Server are running Ubuntu 22.04.

When I connect my VPN Client using sudo systemctl start wg-quick@wg-client0.service and sudo systemctl enable wg-quick@wg-client0.service, my client successfully connects to the wireguard server.

When connected to the tunnel 10.10.10.1 is the private IP address for the VPN server and 10.10.10.2 is the Private IP address of the VPN Client. I can successfully ping 10.10.10.1 from the client indicating that the VPN connection is successful.

I then run curl https://icanhazip.com on the wireguard client, and it successfully shows that I am using the IP address of the Wireguard Server. Great! Right? Well, Not exactly.

It only takes about a minute or so before the wireguard client loses the IP address of the server. After a minute of being successfully connected to the tunnel, I again try the commmand curl https://icanhazip.com, which now returns my home's public IP address, NOT the IP address of the wireguard Server.

However, it still appears that even though I am using my home IP address, I am still connected to the WG Server somehow, because when I run the command systemctl status wg-quick@wg0.service it returns the following:

● wg-quick@wg-client0.service - WireGuard via wg-quick(8) for wg/client0     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)     Active: active (exited) since Thu 2024-03-14 22:12:48 CDT; 17min ago       Docs: man:wg-quick(8)             man:wg(8)             https://www.wireguard.com/             https://www.wireguard.com/quickstart/             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8    Process: 11681 ExecStart=/usr/bin/wg-quick up wg-client0 (code=exited, status=0/SUCCESS)   Main PID: 11681 (code=exited, status=0/SUCCESS)        CPU: 364ms

Furthermore, a ping 10.10.10.1 is STILL successful after I noticed my IP address is using my home IP. So somehow, my WG client is connecting to the WG Server, but is not using the WG Server's IP address.

Here are my Wireguard Debug Logs on the WG Client:

sudo dmesg -wH | grep wireguard[  +4.964216] wireguard: wg-client0: Keypair 56 destroyed for peer 6[  +0.000031] wireguard: wg-client0: Keypair 57 destroyed for peer 6[  +0.145173] wireguard: wg-client0: Peer 6 (123.45.678.9:51820) destroyed[  +0.048057] wireguard: wg-client0: Interface destroyed[  +2.575997] wireguard: wg-client0: Interface created[  +0.022138] wireguard: wg-client0: Peer 7 created[  +0.040251] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.000055] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.054499] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000047] wireguard: wg-client0: Keypair 58 created for peer 7[  +2.921467] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.036876] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000068] wireguard: wg-client0: Keypair 59 created for peer 7[  +0.000038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.844707] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +5.255566] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.426967] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.017808] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000070] wireguard: wg-client0: Keypair 58 destroyed for peer 7[  +0.000021] wireguard: wg-client0: Keypair 60 created for peer 7[  +0.000033] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.643183] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +1.076531] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.694589] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.000355] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.040759] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000061] wireguard: wg-client0: Keypair 59 destroyed for peer 7[  +0.000021] wireguard: wg-client0: Keypair 61 created for peer 7[  +0.000031] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.597413] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.753398] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.000386] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.019951] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000053] wireguard: wg-client0: Keypair 60 destroyed for peer 7[  +0.000020] wireguard: wg-client0: Keypair 62 created for peer 7[  +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +5.165602] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.296682] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.000218] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.026552] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000048] wireguard: wg-client0: Keypair 61 destroyed for peer 7[  +0.000015] wireguard: wg-client0: Keypair 63 created for peer 7[  +0.000023] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.707453] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +2.242105] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.736789] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.018656] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000055] wireguard: wg-client0: Keypair 62 destroyed for peer 7[  +0.000017] wireguard: wg-client0: Keypair 64 created for peer 7[  +0.000028] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +3.992663] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.736520] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.006477] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000041] wireguard: wg-client0: Keypair 63 destroyed for peer 7[  +0.000013] wireguard: wg-client0: Keypair 65 created for peer 7[  +0.000020] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.557038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.711950] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +0.737920] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.007975] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000059] wireguard: wg-client0: Keypair 64 destroyed for peer 7[  +0.000021] wireguard: wg-client0: Keypair 66 created for peer 7[  +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.865521] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.251146] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +1.737488] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.008468] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000055] wireguard: wg-client0: Keypair 65 destroyed for peer 7[  +0.000019] wireguard: wg-client0: Keypair 67 created for peer 7[  +0.000025] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.406383] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.561784] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +1.734768] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)[  +0.008146] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)[  +0.000075] wireguard: wg-client0: Keypair 66 destroyed for peer 7[  +0.000025] wireguard: wg-client0: Keypair 68 created for peer 7[  +0.000036] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)[  +4.717223] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)sudo journalctl -kf | grep wireguardMar 14 22:34:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 67 destroyed for peer 7Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 69 created for peer 7Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)Mar 14 22:35:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)Mar 14 22:36:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 68 destroyed for peer 7Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 70 created for peer 7Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)

Here is my /etc/netplan/50-cloud-init.yaml file:

network:  ethernets:    eth0:      dhcp4: true      dhcp4-overrides:        route-metric: 100      optional: true  renderer: networkd  version: 2  wifis:    renderer: networkd    wlan0:      access-points:        DansWifi:          password: ******************************      dhcp4: true      dhcp4-overrides:        route-metric: 200      optional: true

Lastly, Here is a pastebin of the output of sudo tail -f /var/log/syslog when the WG Client starts, and after it loses its tunnel IP address.

Could someone please help me figure out why my WG Client keeps losing its VPN IP address, but still remains connected to the WG Server somehow? Could you please help me fix this so that the IP address of the WG Client is persistently that of the WG Server IP address?

I'm pretty clueless here and don't see much in the logs.