diff --git a/client/internal/peer/conn.go b/client/internal/peer/conn.go
index 514c7bf30..bc694d306 100644
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -115,8 +115,6 @@ type Conn struct {
 
 	guard     *guard.Guard
 	semaphore *semaphoregroup.SemaphoreGroup
-
-	endpointUpdater *endpointUpdater
 }
 
 // NewConn creates a new not opened Conn to the remote peer.
@@ -143,11 +141,6 @@ func NewConn(engineCtx context.Context, config ConnConfig, statusRecorder *Statu
 		statusRelay:    NewAtomicConnStatus(),
 		statusICE:      NewAtomicConnStatus(),
 		semaphore:      semaphore,
-		endpointUpdater: &endpointUpdater{
-			log:       connLog,
-			wgConfig:  config.WgConfig,
-			initiator: isWireGuardInitiator(config),
-		},
 	}
 
 	ctrl := isController(config)
@@ -245,7 +238,7 @@ func (conn *Conn) Close() {
 		conn.wgProxyICE = nil
 	}
 
-	if err := conn.endpointUpdater.removeWgPeer(); err != nil {
+	if err := conn.removeWgPeer(); err != nil {
 		conn.log.Errorf("failed to remove wg endpoint: %v", err)
 	}
 
@@ -373,7 +366,7 @@ func (conn *Conn) onICEConnectionIsReady(priority ConnPriority, iceConnInfo ICEC
 	}
 
 	conn.log.Infof("configure WireGuard endpoint to: %s", ep.String())
-	if err = conn.endpointUpdater.configureWGEndpoint(ep); err != nil {
+	if err = conn.configureWGEndpoint(ep); err != nil {
 		conn.handleConfigurationFailure(err, wgProxy)
 		return
 	}
@@ -410,7 +403,7 @@ func (conn *Conn) onICEStateDisconnected() {
 	if conn.isReadyToUpgrade() {
 		conn.log.Infof("ICE disconnected, set Relay to active connection")
 
-		if err := conn.endpointUpdater.configureWGEndpoint(conn.wgProxyRelay.EndpointAddr()); err != nil {
+		if err := conn.configureWGEndpoint(conn.wgProxyRelay.EndpointAddr()); err != nil {
 			conn.log.Errorf("failed to switch to relay conn: %v", err)
 		}
 
@@ -475,7 +468,7 @@ func (conn *Conn) onRelayConnectionIsReady(rci RelayConnInfo) {
 	}
 
 	wgProxy.Work()
-	if err := conn.endpointUpdater.configureWGEndpoint(wgProxy.EndpointAddr()); err != nil {
+	if err := conn.configureWGEndpoint(wgProxy.EndpointAddr()); err != nil {
 		if err := wgProxy.CloseConn(); err != nil {
 			conn.log.Warnf("Failed to close relay connection: %v", err)
 		}
@@ -505,7 +498,7 @@ func (conn *Conn) onRelayDisconnected() {
 
 	if conn.currentConnPriority == connPriorityRelay {
 		conn.log.Debugf("clean up WireGuard config")
-		if err := conn.endpointUpdater.removeWgPeer(); err != nil {
+		if err := conn.removeWgPeer(); err != nil {
 			conn.log.Errorf("failed to remove wg endpoint: %v", err)
 		}
 	}
@@ -546,6 +539,16 @@ func (conn *Conn) listenGuardEvent(ctx context.Context) {
 	}
 }
 
+func (conn *Conn) configureWGEndpoint(addr *net.UDPAddr) error {
+	return conn.config.WgConfig.WgInterface.UpdatePeer(
+		conn.config.WgConfig.RemoteKey,
+		conn.config.WgConfig.AllowedIps,
+		defaultWgKeepAlive,
+		addr,
+		conn.config.WgConfig.PreSharedKey,
+	)
+}
+
 func (conn *Conn) updateRelayStatus(relayServerAddr string, rosenpassPubKey []byte) {
 	peerState := State{
 		PubKey:             conn.config.Key,
@@ -725,6 +728,10 @@ func (conn *Conn) iceP2PIsActive() bool {
 	return conn.currentConnPriority == connPriorityICEP2P && conn.statusICE.Get() == StatusConnected
 }
 
+func (conn *Conn) removeWgPeer() error {
+	return conn.config.WgConfig.WgInterface.RemovePeer(conn.config.WgConfig.RemoteKey)
+}
+
 func (conn *Conn) handleConfigurationFailure(err error, wgProxy wgproxy.Proxy) {
 	conn.log.Warnf("Failed to update wg peer configuration: %v", err)
 	if wgProxy != nil {