diff --git a/controllers/ext_client.go b/controllers/ext_client.go
index 91072d9c..b1620dbc 100644
--- a/controllers/ext_client.go
+++ b/controllers/ext_client.go
@@ -284,9 +284,6 @@ Endpoint = %s
 	w.WriteHeader(http.StatusOK)
 	json.NewEncoder(w).Encode(client)
 }
-func getFreeIpFromIngressExtCIDR() string {
-	return "10.235.166.20"
-}
 
 // swagger:route POST /api/extclients/{network}/{nodeid} ext_client createExtClient
 //
@@ -323,7 +320,6 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 
 	extclient.Network = networkName
 	extclient.IngressGatewayID = nodeid
-	extclient.InternalIP = getFreeIpFromIngressExtCIDR()
 	node, err := logic.GetNodeByID(nodeid)
 	if err != nil {
 		logger.Log(0, r.Header.Get("user"),
diff --git a/logic/extpeers.go b/logic/extpeers.go
index 98a56a6e..eb76bf8f 100644
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -138,6 +138,12 @@ func CreateExtClient(extclient *models.ExtClient) error {
 				return err
 			}
 			extclient.Address = newAddress
+
+			extclientInternalAddr, err := UniqueAddress(extclient.Network, true)
+			if err != nil {
+				return err
+			}
+			extclient.InternalIPAddr = extclientInternalAddr
 		}
 	}
 
@@ -148,6 +154,11 @@ func CreateExtClient(extclient *models.ExtClient) error {
 				return err
 			}
 			extclient.Address6 = addr6
+			extclientInternalAddr6, err := UniqueAddress6(extclient.Network, true)
+			if err != nil {
+				return err
+			}
+			extclient.InternalIPAddr6 = extclientInternalAddr6
 		}
 	}
 
diff --git a/logic/gateway.go b/logic/gateway.go
index d15c6af6..05968247 100644
--- a/logic/gateway.go
+++ b/logic/gateway.go
@@ -185,12 +185,12 @@ func CreateIngressGateway(netid string, nodeid string, failover bool) (models.No
 
 	var postUpCmd, postDownCmd string
 	node, err := GetNodeByID(nodeid)
-	if node.OS != "linux" { // add in darwin later
-		return models.Node{}, errors.New(node.OS + " is unsupported for ingress gateways")
-	}
-	if node.OS == "linux" && node.FirewallInUse == models.FIREWALL_NONE {
-		return models.Node{}, errors.New("firewall is not supported for ingress gateways")
-	}
+	// if node.OS != "linux" { // add in darwin later
+	// 	return models.Node{}, errors.New(node.OS + " is unsupported for ingress gateways")
+	// }
+	// if node.OS == "linux" && node.FirewallInUse == models.FIREWALL_NONE {
+	// 	return models.Node{}, errors.New("firewall is not supported for ingress gateways")
+	// }
 
 	if err != nil {
 		return models.Node{}, err
diff --git a/logic/peers.go b/logic/peers.go
index af29f5e8..dbbfea39 100644
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -84,10 +84,18 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			logger.Log(1, "failed to parse node pub key: ", peer.ID)
 			continue
 		}
+		proxyStatus := peer.Proxy
 		listenPort := peer.LocalListenPort
-		if listenPort == 0 {
+		if proxyStatus {
+			listenPort = peer.ProxyListenPort
+			if listenPort == 0 {
+				listenPort = proxy_models.NmProxyPort
+			}
+		} else if listenPort == 0 {
 			listenPort = peer.ListenPort
+
 		}
+
 		endpoint, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", peer.Endpoint, listenPort))
 		if err != nil {
 			logger.Log(1, "failed to resolve udp addr for node: ", peer.ID, peer.Endpoint, err.Error())
@@ -99,7 +107,6 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			// set_keepalive
 			keepalive, _ = time.ParseDuration(strconv.FormatInt(int64(node.PersistentKeepalive), 10) + "s")
 		}
-		proxyStatus := peer.Proxy
 		if peer.IsServer == "yes" {
 			proxyStatus = servercfg.IsProxyEnabled()
 		}
@@ -111,9 +118,9 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 			ReplaceAllowedIPs:           true,
 		})
 		peerConfMap[peer.PublicKey] = proxy_models.PeerConf{
-			Address:         net.ParseIP(peer.PrimaryAddress()),
-			Proxy:           proxyStatus,
-			ProxyListenPort: peer.ProxyListenPort,
+			Address:          net.ParseIP(peer.PrimaryAddress()),
+			Proxy:            proxyStatus,
+			PublicListenPort: listenPort,
 		}
 
 		if !onlyPeers && peer.IsRelayed == "yes" {
@@ -123,11 +130,11 @@ func GetPeersForProxy(node *models.Node, onlyPeers bool) (manager.ProxyManagerPa
 				if err == nil {
 					peerConfMap[peer.PublicKey] = proxy_models.PeerConf{
 
-						IsRelayed:       true,
-						RelayedTo:       relayTo,
-						Address:         net.ParseIP(peer.PrimaryAddress()),
-						Proxy:           proxyStatus,
-						ProxyListenPort: peer.ProxyListenPort,
+						IsRelayed:        true,
+						RelayedTo:        relayTo,
+						Address:          net.ParseIP(peer.PrimaryAddress()),
+						Proxy:            proxyStatus,
+						PublicListenPort: listenPort,
 					}
 				}
 
@@ -362,7 +369,7 @@ func getExtPeers(node *models.Node, forIngressNode bool) ([]wgtypes.PeerConfig,
 
 		var allowedips []net.IPNet
 		var peer wgtypes.PeerConfig
-		if extPeer.Address != "" {
+		if forIngressNode && extPeer.Address != "" {
 			var peeraddr = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address),
 				Mask: net.CIDRMask(32, 32),
@@ -372,7 +379,7 @@ func getExtPeers(node *models.Node, forIngressNode bool) ([]wgtypes.PeerConfig,
 			}
 		}
 
-		if extPeer.Address6 != "" {
+		if forIngressNode && extPeer.Address6 != "" {
 			var addr6 = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address6),
 				Mask: net.CIDRMask(128, 128),
@@ -381,19 +388,31 @@ func getExtPeers(node *models.Node, forIngressNode bool) ([]wgtypes.PeerConfig,
 				allowedips = append(allowedips, addr6)
 			}
 		}
-		if !forIngressNode && extPeer.InternalIP != "" {
-			peerInternalAddr := net.IPNet{
-				IP:   net.ParseIP(extPeer.InternalIP),
-				Mask: net.CIDRMask(32, 32),
+		if !forIngressNode {
+			if extPeer.InternalIPAddr != "" {
+				peerInternalAddr := net.IPNet{
+					IP:   net.ParseIP(extPeer.InternalIPAddr),
+					Mask: net.CIDRMask(32, 32),
+				}
+				if peerInternalAddr.IP != nil && peerInternalAddr.Mask != nil {
+					allowedips = append(allowedips, peerInternalAddr)
+				}
+			}
+			if extPeer.InternalIPAddr6 != "" {
+				peerInternalAddr6 := net.IPNet{
+					IP:   net.ParseIP(extPeer.InternalIPAddr6),
+					Mask: net.CIDRMask(32, 32),
+				}
+				if peerInternalAddr6.IP != nil && peerInternalAddr6.Mask != nil {
+					allowedips = append(allowedips, peerInternalAddr6)
+				}
 			}
-			allowedips = append(allowedips, peerInternalAddr)
 		}
 
 		primaryAddr := extPeer.Address
 		if primaryAddr == "" {
 			primaryAddr = extPeer.Address6
 		}
-
 		peer = wgtypes.PeerConfig{
 			PublicKey:         pubkey,
 			ReplaceAllowedIPs: true,
@@ -454,11 +473,14 @@ func getExtPeersForProxy(node *models.Node, proxyPeerConf map[string]proxy_model
 			ReplaceAllowedIPs: true,
 			AllowedIPs:        allowedips,
 		}
-
+		extInternalPrimaryAddr := extPeer.InternalIPAddr
+		if extInternalPrimaryAddr == "" {
+			extInternalPrimaryAddr = extPeer.InternalIPAddr6
+		}
 		extConf := proxy_models.PeerConf{
 			IsExtClient:   true,
 			Address:       net.ParseIP(extPeer.Address),
-			ExtInternalIp: net.ParseIP(extPeer.InternalIP),
+			ExtInternalIp: net.ParseIP(extInternalPrimaryAddr),
 		}
 		if extPeer.IngressGatewayID == node.ID {
 			extConf.IsAttachedExtClient = true
diff --git a/models/extclient.go b/models/extclient.go
index 6734c76f..5afee2ac 100644
--- a/models/extclient.go
+++ b/models/extclient.go
@@ -14,5 +14,6 @@ type ExtClient struct {
 	LastModified           int64  `json:"lastmodified" bson:"lastmodified"`
 	Enabled                bool   `json:"enabled" bson:"enabled"`
 	OwnerID                string `json:"ownerid" bson:"ownerid"`
-	InternalIP             string `json:"internal_ip" bson:"internal_ip"`
+	InternalIPAddr         string `json:"internal_ip_addr" bson:"internal_ip_addr"`
+	InternalIPAddr6        string `json:"internal_ip_addr6" bson:"internal_ip_addr6"`
 }