Why does Wireguard break my internet access when I run wg-quick up wg0

Im trying to use my raspberry pi as a wireguard server. When connecting my raspberry Pi to my router via Ethernet cable, my router assigns pi to ip **192.168.1.35** Ive confirmed the pi receives internet access via running **ping www.startpage.com** when SSH'd into the pi However, once I run **wg-quick up wg0** on the pi, I lose all internet access. Ping via ssh no longer works. To regain internet access I have to run **wg-quick down wg0** Wireguard is doing somthing to break my internet My Raspberry Pi wireguard config file sudo nano /etc/wireguard/wg0.conf [Interface] PrivateKey = PI_PRIVATE_KEY Address = 192.168.1.100 ListenPort = 51820 [Peer] PublicKey = CLIENT_PUBLIC_KEY AllowedIPs = 0.0.0.0/0, ::0 Client config file sudo nano /etc/wireguard/wg0.conf [Interface] PrivateKey = CLIENT_PRIVATE_KEY Address = 192.168.1.101/24 [Peer] PublicKey = PI_PUBLIC_KEY AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = PI/ROUTER_PUBLIC_IP:51820 NOTE : I have changed the AllowedIPs settings numerous times within both configs, to test different results, wg-quick up wg0 on my Pi still breaks the internet through my pi, without it, internet runs normally I notice that **wg-quick up wg0** is modifying my nft ruleset when **up** sudo nft list ruleset table ip wg-quick-wg0 { chain preraw { type filter hook prerouting priority raw; policy accept; iifname != "wg0" ip daddr 192.168.2.100 fib saddr type != local drop } chain premangle { type filter hook prerouting priority mangle; policy accept; meta l4proto udp meta mark set ct mark } chain postmangle { type filter hook postrouting priority mangle; policy accept; meta l4proto udp meta mark 0x0000ca6c ct mark set meta mark } } when wg0 interface is down, these rules dont exist So maybe something in these rules is blocking internet access within the pi **Problem Elimination** 1. 192.168.1.100 isnt used by any other device on router 2. uncommenting **net.ipv4.ip_forward=1** in **/etc/sysctl.conf** makes no difference, the exact problem remains the same, *inet access* with ip4 commented or uncommented with wg0 down, no *inet access* with ip4 commented or uncommented with wg0 up 3. the wireguard client-side is irrelevant at this stage 4. The problem isnt anything to do with wireguard private/public keys, as it throws errors when it is.