diff --git a/client/configurators/wireguard_configurator.cpp b/client/configurators/wireguard_configurator.cpp
index 3f96e74c1..1bca973d8 100644
--- a/client/configurators/wireguard_configurator.cpp
+++ b/client/configurators/wireguard_configurator.cpp
@@ -120,7 +120,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         }
     }
 
-    QString subnetIp = containerConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+    QString subnetIp = containerConfig.value(m_protocolName).toObject().value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     {
         QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
         if (l.isEmpty()) {
diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp
index b6795a01b..7219ff7d4 100644
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@@ -346,7 +346,9 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
     }
 
     if (container == DockerContainer::Awg) {
-        if ((oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
+        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
+             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
+            || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
              != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
             || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
                 != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
@@ -370,8 +372,10 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
     }
 
     if (container == DockerContainer::WireGuard) {
-        if (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
-            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort))
+        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
+             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
+            || (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
+            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
             return true;
     }
 
@@ -607,6 +611,8 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     vars.append({ { "$SFTP_PASSWORD", sftpConfig.value(config_key::password).toString() } });
 
     // Amnezia wireguard vars
+    vars.append({ { "$AWG_SUBNET_IP",
+                    amneziaWireguarConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) } });
     vars.append({ { "$AWG_SERVER_PORT", amneziaWireguarConfig.value(config_key::port).toString(protocols::awg::defaultPort) } });
 
     vars.append({ { "$JUNK_PACKET_COUNT", amneziaWireguarConfig.value(config_key::junkPacketCount).toString() } });
diff --git a/client/server_scripts/awg/configure_container.sh b/client/server_scripts/awg/configure_container.sh
index 322cc38fa..2000c9656 100644
--- a/client/server_scripts/awg/configure_container.sh
+++ b/client/server_scripts/awg/configure_container.sh
@@ -12,7 +12,7 @@ echo $WIREGUARD_PSK > /opt/amnezia/awg/wireguard_psk.key
 cat > /opt/amnezia/awg/wg0.conf <<EOF
 [Interface]
 PrivateKey = $WIREGUARD_SERVER_PRIVATE_KEY
-Address = $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR
+Address = $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR
 ListenPort = $AWG_SERVER_PORT
 Jc = $JUNK_PACKET_COUNT
 Jmin = $JUNK_PACKET_MIN_SIZE
diff --git a/client/server_scripts/awg/start.sh b/client/server_scripts/awg/start.sh
index dc713ec22..108e85df1 100644
--- a/client/server_scripts/awg/start.sh
+++ b/client/server_scripts/awg/start.sh
@@ -17,12 +17,12 @@ iptables -A FORWARD -i wg0 -j ACCEPT
 iptables -A OUTPUT -o wg0 -j ACCEPT
 
 # Allow forwarding traffic only from the VPN.
-iptables -A FORWARD -i wg0 -o eth0 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
-iptables -A FORWARD -i wg0 -o eth1 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
+iptables -A FORWARD -i wg0 -o eth0 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
+iptables -A FORWARD -i wg0 -o eth1 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
 
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 
-iptables -t nat -A POSTROUTING -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth0 -j MASQUERADE
-iptables -t nat -A POSTROUTING -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth1 -j MASQUERADE
+iptables -t nat -A POSTROUTING -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth0 -j MASQUERADE
+iptables -t nat -A POSTROUTING -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth1 -j MASQUERADE
 
 tail -f /dev/null
diff --git a/client/ui/models/protocols/awgConfigModel.cpp b/client/ui/models/protocols/awgConfigModel.cpp
index 3a245ebe9..860c83956 100644
--- a/client/ui/models/protocols/awgConfigModel.cpp
+++ b/client/ui/models/protocols/awgConfigModel.cpp
@@ -21,6 +21,7 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
     }
 
     switch (role) {
+    case Roles::SubnetAddressRole: m_serverProtocolConfig.insert(config_key::subnet_address, value.toString()); break;
     case Roles::PortRole: m_serverProtocolConfig.insert(config_key::port, value.toString()); break;
 
     case Roles::ClientMtuRole: m_clientProtocolConfig.insert(config_key::mtu, value.toString()); break;
@@ -58,6 +59,7 @@ QVariant AwgConfigModel::data(const QModelIndex &index, int role) const
     }
 
     switch (role) {
+    case Roles::SubnetAddressRole: return m_serverProtocolConfig.value(config_key::subnet_address).toString();
     case Roles::PortRole: return m_serverProtocolConfig.value(config_key::port).toString();
 
     case Roles::ClientMtuRole: return m_clientProtocolConfig.value(config_key::mtu);
@@ -92,6 +94,7 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
     m_serverProtocolConfig.insert(config_key::transport_proto,
                                   serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
     m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
+    m_serverProtocolConfig[config_key::subnet_address] = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
     m_serverProtocolConfig[config_key::junkPacketCount] =
             serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
@@ -168,6 +171,7 @@ QHash<int, QByteArray> AwgConfigModel::roleNames() const
 {
     QHash<int, QByteArray> roles;
 
+    roles[SubnetAddressRole] = "subnetAddress";
     roles[PortRole] = "port";
 
     roles[ClientMtuRole] = "clientMtu";
@@ -197,6 +201,7 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
     clientJunkPacketMinSize = clientProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
     clientJunkPacketMaxSize = clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
 
+    subnetAddress = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     port = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
     serverJunkPacketCount = serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
     serverJunkPacketMinSize = serverProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
@@ -216,7 +221,7 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
 
 bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
 {
-    if (port != other.port || serverJunkPacketCount != other.serverJunkPacketCount
+    if (subnetAddress != other.subnetAddress || port != other.port || serverJunkPacketCount != other.serverJunkPacketCount
         || serverJunkPacketMinSize != other.serverJunkPacketMinSize || serverJunkPacketMaxSize != other.serverJunkPacketMaxSize
         || serverInitPacketJunkSize != other.serverInitPacketJunkSize || serverResponsePacketJunkSize != other.serverResponsePacketJunkSize
         || serverInitPacketMagicHeader != other.serverInitPacketMagicHeader
diff --git a/client/ui/models/protocols/awgConfigModel.h b/client/ui/models/protocols/awgConfigModel.h
index 06475bf5d..c1f8bb276 100644
--- a/client/ui/models/protocols/awgConfigModel.h
+++ b/client/ui/models/protocols/awgConfigModel.h
@@ -15,6 +15,7 @@ struct AwgConfig
 {
     AwgConfig(const QJsonObject &jsonConfig);
 
+    QString subnetAddress;
     QString port;
 
     QString clientMtu;
@@ -43,7 +44,8 @@ class AwgConfigModel : public QAbstractListModel
 
 public:
     enum Roles {
-        PortRole = Qt::UserRole + 1,
+        SubnetAddressRole = Qt::UserRole + 1,
+        PortRole,
 
         ClientMtuRole,
         ClientJunkPacketCountRole,
diff --git a/client/ui/models/protocols/wireguardConfigModel.cpp b/client/ui/models/protocols/wireguardConfigModel.cpp
index 555915deb..1c8e13416 100644
--- a/client/ui/models/protocols/wireguardConfigModel.cpp
+++ b/client/ui/models/protocols/wireguardConfigModel.cpp
@@ -21,6 +21,7 @@ bool WireGuardConfigModel::setData(const QModelIndex &index, const QVariant &val
     }
 
     switch (role) {
+    case Roles::SubnetAddressRole: m_serverProtocolConfig.insert(config_key::subnet_address, value.toString()); break;
     case Roles::PortRole: m_serverProtocolConfig.insert(config_key::port, value.toString()); break;
     case Roles::ClientMtuRole: m_clientProtocolConfig.insert(config_key::mtu, value.toString()); break;
     }
@@ -36,6 +37,7 @@ QVariant WireGuardConfigModel::data(const QModelIndex &index, int role) const
     }
 
     switch (role) {
+    case Roles::SubnetAddressRole: return m_serverProtocolConfig.value(config_key::subnet_address).toString();
     case Roles::PortRole: return m_serverProtocolConfig.value(config_key::port).toString();
     case Roles::ClientMtuRole: return m_clientProtocolConfig.value(config_key::mtu);
     }
@@ -56,6 +58,7 @@ void WireGuardConfigModel::updateModel(const QJsonObject &config)
     m_serverProtocolConfig.insert(config_key::transport_proto,
                                   serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
     m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
+    m_serverProtocolConfig[config_key::subnet_address] = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::wireguard::defaultPort);
 
     auto lastConfig = m_serverProtocolConfig.value(config_key::last_config).toString();
@@ -96,6 +99,7 @@ QHash<int, QByteArray> WireGuardConfigModel::roleNames() const
 {
     QHash<int, QByteArray> roles;
 
+    roles[SubnetAddressRole] = "subnetAddress";
     roles[PortRole] = "port";
     roles[ClientMtuRole] = "clientMtu";
 
@@ -108,12 +112,13 @@ WgConfig::WgConfig(const QJsonObject &serverProtocolConfig)
     QJsonObject clientProtocolConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
     clientMtu = clientProtocolConfig[config_key::mtu].toString(protocols::wireguard::defaultMtu);
 
+    subnetAddress = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     port = serverProtocolConfig.value(config_key::port).toString(protocols::wireguard::defaultPort);
 }
 
 bool WgConfig::hasEqualServerSettings(const WgConfig &other) const
 {
-    if (port != other.port) {
+    if (subnetAddress != other.subnetAddress || port != other.port) {
         return false;
     }
     return true;
diff --git a/client/ui/models/protocols/wireguardConfigModel.h b/client/ui/models/protocols/wireguardConfigModel.h
index a02bea5a5..b1ce2d610 100644
--- a/client/ui/models/protocols/wireguardConfigModel.h
+++ b/client/ui/models/protocols/wireguardConfigModel.h
@@ -10,6 +10,7 @@ struct WgConfig
 {
     WgConfig(const QJsonObject &jsonConfig);
 
+    QString subnetAddress;
     QString port;
     QString clientMtu;
 
@@ -24,7 +25,8 @@ class WireGuardConfigModel : public QAbstractListModel
 
 public:
     enum Roles {
-        PortRole = Qt::UserRole + 1,
+        SubnetAddressRole = Qt::UserRole + 1,
+        PortRole,
         ClientMtuRole
     };
 
diff --git a/client/ui/qml/Pages2/PageProtocolAwgSettings.qml b/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
index 3093e134f..44cedc11b 100644
--- a/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
@@ -76,7 +76,7 @@ PageType {
             implicitWidth: listview.width
             implicitHeight: col.implicitHeight
 
-            property alias portTextField: portTextField
+            property alias vpnAddressSubnetTextField: vpnAddressSubnetTextField
             property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
 
             ColumnLayout {
@@ -98,12 +98,32 @@ PageType {
                 }
 
                 TextFieldWithHeaderType {
-                    id: portTextField
+                    id: vpnAddressSubnetTextField
+
                     Layout.fillWidth: true
                     Layout.topMargin: 40
 
                     enabled: delegateItem.isEnabled
 
+                    headerText: qsTr("VPN address subnet")
+                    textFieldText: subnetAddress
+
+                    textField.onEditingFinished: {
+                        if (textFieldText !== subnetAddress) {
+                            subnetAddress = textFieldText
+                        }
+                    }
+
+                    checkEmptyText: true
+                }
+
+                TextFieldWithHeaderType {
+                    id: portTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
+                    enabled: delegateItem.isEnabled
+
                     headerText: qsTr("Port")
                     textFieldText: port
                     textField.maximumLength: 5
@@ -332,7 +352,8 @@ PageType {
                              junkPacketMaxSizeTextField.errorText === "" &&
                              junkPacketMinSizeTextField.errorText === "" &&
                              junkPacketCountTextField.errorText === "" &&
-                             portTextField.errorText === ""
+                             portTextField.errorText === "" &&
+                             vpnAddressSubnetTextField.errorText === ""
 
                     text: qsTr("Save")
 
diff --git a/client/ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml b/client/ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml
index 4f0f474c6..d78ae6b91 100644
--- a/client/ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml
@@ -16,7 +16,7 @@ import "../Components"
 PageType {
     id: root
 
-    defaultActiveFocusItem: listview.currentItem.mtuTextField.textField
+    //defaultActiveFocusItem: listview.currentItem.mtuTextField.textField
 
     Item {
         id: focusItem
diff --git a/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml b/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
index 8aa0b1859..68d9611dc 100644
--- a/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
@@ -59,7 +59,7 @@ PageType {
                 delegate: Item {
                     id: delegateItem
 
-                    property alias focusItemId: portTextField.textField
+                    property alias focusItemId: vpnAddressSubnetTextField
                     property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
 
                     implicitWidth: listview.width
@@ -83,12 +83,31 @@ PageType {
                         }
 
                         TextFieldWithHeaderType {
-                            id: portTextField
+                            id: vpnAddressSubnetTextField
                             Layout.fillWidth: true
                             Layout.topMargin: 40
 
                             enabled: delegateItem.isEnabled
 
+                            headerText: qsTr("VPN address subnet")
+                            textFieldText: subnetAddress
+
+                            textField.onEditingFinished: {
+                                if (textFieldText !== subnetAddress) {
+                                    subnetAddress = textFieldText
+                                }
+                            }
+
+                            checkEmptyText: true
+                        }
+
+                        TextFieldWithHeaderType {
+                            id: portTextField
+                            Layout.fillWidth: true
+                            Layout.topMargin: 16
+
+                            enabled: delegateItem.isEnabled
+
                             headerText: qsTr("Port")
                             textFieldText: port
                             textField.maximumLength: 5
@@ -129,7 +148,8 @@ PageType {
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
-                            enabled: portTextField.errorText === ""
+                            enabled: portTextField.errorText === "" &&
+                                     vpnAddressSubnetTextField.errorText === ""
 
                             text: qsTr("Save")