diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix
index 8cb1cf2a7..7b4ed5579 100644
--- a/hosts/common/programs/assorted.nix
+++ b/hosts/common/programs/assorted.nix
@@ -1238,9 +1238,10 @@ in
     whalebird.persist.byStore.private = [ ".config/Whalebird" ];
 
     # `wg`, `wg-quick`
-    wireguard-tools.sandbox.method = "landlock";
+    wireguard-tools.sandbox.method = "bunpen";
     wireguard-tools.sandbox.net = "all";
     wireguard-tools.sandbox.capabilities = [ "net_admin" ];
+    wireguard-tools.sandbox.tryKeepUsers = true;
 
     # provides `iwconfig`, `iwlist`, `iwpriv`, ...
     wirelesstools.sandbox.method = "landlock";