diff --git a/config.go b/config.go
index 7a1d105..c8d6e50 100644
--- a/config.go
+++ b/config.go
@@ -3,12 +3,11 @@ package main
 import (
 	"encoding/json"
 	"fmt"
+	"net/netip"
 	"os"
 	"strconv"
 	"strings"
 	"time"
-
-	"inet.af/netaddr"
 )
 
 const (
@@ -146,7 +145,7 @@ type serverConfig struct {
 	KeyFilename         string
 	LeaserSyncInterval  time.Duration
 	LeasesFilename      string
-	WireguardIPPrefix   netaddr.IPPrefix
+	WireguardIPPrefix   netip.Prefix
 	WireguardListenPort int
 	OauthIntrospectURL  string
 	OauthClientID       string
@@ -194,17 +193,13 @@ func verifyServerConfig(conf *serverConfig) error {
 	if conf.Address == "" {
 		return fmt.Errorf("config missing `address`")
 	}
-	ipPrefix, err := netaddr.ParseIPPrefix(conf.Address)
-	if err != nil {
-		return fmt.Errorf("could not parse address as a CIDR: %w", err)
-	}
-	conf.WireguardIPPrefix = ipPrefix
+	conf.WireguardIPPrefix = netip.MustParsePrefix(conf.Address)
 	if len(conf.AllowedIPs) == 0 {
 		logger.Verbosef("config missing `allowedIPs`, this server is not exposing any networks")
 	}
 	// Append the server wg /32 ip to the allowed ips in case the agent
 	// wants to ping it for health checking
-	conf.AllowedIPs = append(conf.AllowedIPs, fmt.Sprintf("%s/%s", conf.WireguardIPPrefix.IP().String(), "32"))
+	conf.AllowedIPs = append(conf.AllowedIPs, conf.WireguardIPPrefix.String())
 
 	if conf.DeviceName == "" {
 		conf.DeviceName = defaultWireguardDeviceName
diff --git a/config_test.go b/config_test.go
index a50dffa..2c532a3 100644
--- a/config_test.go
+++ b/config_test.go
@@ -2,11 +2,11 @@ package main
 
 import (
 	"encoding/json"
+	"net/netip"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"inet.af/netaddr"
 )
 
 func TestAgentConfigFmt(t *testing.T) {
@@ -137,7 +137,7 @@ func TestAgentConfigFmt(t *testing.T) {
 func TestServerConfig(t *testing.T) {
 	setLogLevel("error")
 	logger = newLogger("wiresteward-test")
-	ipPrefix := netaddr.MustParseIPPrefix("10.0.0.1/24")
+	ipPrefix := netip.MustParsePrefix("10.0.0.1/24")
 	testCases := []struct {
 		input []byte
 		cfg   *serverConfig
diff --git a/device.go b/device.go
index 1677055..1433b35 100644
--- a/device.go
+++ b/device.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/coreos/go-iptables/iptables"
 	"github.com/vishvananda/netlink"
+	"go4.org/netipx"
 	"golang.org/x/sys/unix"
 	"golang.zx2c4.com/wireguard/conn"
 	"golang.zx2c4.com/wireguard/device"
@@ -224,7 +225,7 @@ func newServerDevice(cfg *serverConfig) *ServerDevice {
 	}
 	return &ServerDevice{
 		deviceAddress: netlink.Addr{
-			IPNet: cfg.WireguardIPPrefix.IPNet(),
+			IPNet: netipx.PrefixIPNet(cfg.WireguardIPPrefix),
 		},
 		deviceMTU: cfg.DeviceMTU,
 		iptablesRule: []string{
diff --git a/go.mod b/go.mod
index e10380a..f973334 100644
--- a/go.mod
+++ b/go.mod
@@ -20,9 +20,10 @@ require (
 	golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
 	gopkg.in/square/go-jose.v2 v2.6.0
-	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a
 )
 
+require go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
+
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -35,8 +36,6 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
-	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
diff --git a/go.sum b/go.sum
index c54bad0..8b7d417 100644
--- a/go.sum
+++ b/go.sum
@@ -14,7 +14,6 @@ github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFE
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dvyukov/go-fuzz v0.0.0-20210103155950-6a8e9d1f2415/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -108,27 +107,19 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ
 github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go4.org/intern v0.0.0-20211027215823-ae77deb06f29/go.mod h1:cS2ma+47FKrLPdXFpr7CuxiTW3eyJbWew4qx0qtQWDA=
-go4.org/intern v0.0.0-20230525184215-6c62f75575cb h1:ae7kzL5Cfdmcecbh22ll7lYP3iuUdnfnhiPcSaDgH/8=
-go4.org/intern v0.0.0-20230525184215-6c62f75575cb/go.mod h1:Ycrt6raEcnF5FTsLiLKkhBTO6DPX3RCUCUVnks3gFJU=
-go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
-go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 h1:WJhcL4p+YeDxmZWg141nRm7XC8IDmhz7lk5GpadO1Sg=
-go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBseWJUpBw5I82+2U4M=
+go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
@@ -138,7 +129,6 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
@@ -150,9 +140,7 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -165,7 +153,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -198,5 +185,3 @@ gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0 h1:Wobr37noukisGxpKo5jAsLREcpj61RxrWYzD8uwveOY=
-inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a h1:1XCVEdxrvL6c0TGOhecLuB7U9zYNdxZEjvOqJreKZiM=
-inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a/go.mod h1:e83i32mAQOW1LAqEIweALsuK2Uw4mhQadA5r7b0Wobo=
diff --git a/lease.go b/lease.go
index c1f5cfe..75256ae 100644
--- a/lease.go
+++ b/lease.go
@@ -5,20 +5,21 @@ package main
 import (
 	"bufio"
 	"fmt"
+	"net/netip"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
 	"time"
 
+	"go4.org/netipx"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"inet.af/netaddr"
 )
 
 // WGRecord describes a lease entry for a peer.
 type WGRecord struct {
 	PubKey  string
-	IP      netaddr.IP
+	IP      netip.Addr
 	expires time.Time
 }
 
@@ -31,7 +32,7 @@ func (wgr WGRecord) String() string {
 type fileLeaseManager struct {
 	deviceName     string
 	filename       string
-	ipPrefix       netaddr.IPPrefix
+	ipPrefix       netip.Prefix
 	wgRecords      map[string]WGRecord
 	wgRecordsMutex sync.Mutex
 }
@@ -92,10 +93,7 @@ func (lm *fileLeaseManager) loadWgRecords() error {
 
 		username := tokens[0]
 		pubKey := tokens[1]
-		ipaddr, err := netaddr.ParseIP(tokens[2])
-		if err != nil {
-			return err
-		}
+		ipaddr := netip.MustParseAddr(tokens[2])
 		expires, err := time.Parse(time.RFC3339, tokens[3])
 		if err != nil {
 			return fmt.Errorf("expected time of exipry in RFC3339 format, got: %v", tokens[2])
@@ -208,16 +206,17 @@ func (lm *fileLeaseManager) addNewPeer(username, pubKey string, expiry time.Time
 //   - remove the *first* and *last* address (reserved)
 //     https://en.wikipedia.org/wiki/IPv4#First_and_last_subnet_addresses
 //   - remove all already leased addresses
+//
 // Remaining IPs are "available", get the first one
-func (lm *fileLeaseManager) nextAvailableAddress() netaddr.IP {
-	var b netaddr.IPSetBuilder
+func (lm *fileLeaseManager) nextAvailableAddress() netip.Addr {
+	var b netipx.IPSetBuilder
 	b.AddPrefix(lm.ipPrefix)
-	b.Remove(lm.ipPrefix.IP())
-	b.Remove(lm.ipPrefix.Range().From())
-	b.Remove(lm.ipPrefix.Range().To())
+	b.Remove(lm.ipPrefix.Addr())
+	b.Remove(lm.ipPrefix.Masked().Addr())
+	b.Remove(netipx.PrefixLastIP(lm.ipPrefix))
 	for _, r := range lm.wgRecords {
 		b.Remove(r.IP)
 	}
 	a, _ := b.IPSet()
-	return a.Prefixes()[0].IP()
+	return a.Prefixes()[0].Addr()
 }
diff --git a/lease_test.go b/lease_test.go
index d57e827..41a3c9b 100644
--- a/lease_test.go
+++ b/lease_test.go
@@ -2,15 +2,15 @@ package main
 
 import (
 	"fmt"
+	"net/netip"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"inet.af/netaddr"
 )
 
 func TestFileLeaseManager_createOrUpdatePeer(t *testing.T) {
-	ipPrefix := netaddr.MustParseIPPrefix("10.90.0.1/20")
+	ipPrefix := netip.MustParsePrefix("10.90.0.1/20")
 	lm := &fileLeaseManager{
 		wgRecords: map[string]WGRecord{},
 		ipPrefix:  ipPrefix,
@@ -25,7 +25,7 @@ func TestFileLeaseManager_createOrUpdatePeer(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if record.IP.Compare(netaddr.MustParseIP("10.90.0.2")) != 0 {
+	if record.IP != netip.MustParseAddr("10.90.0.2") {
 		t.Fatalf("Unexpected IP returned %s", record.IP.String())
 	}
 	assert.Equal(t, 1, len(lm.wgRecords))
@@ -47,15 +47,15 @@ func TestFileLeaseManager_createOrUpdatePeer(t *testing.T) {
 }
 
 func TestGetAvailableIPAddresses(t *testing.T) {
-	ipPrefix := netaddr.MustParseIPPrefix("10.90.0.1/20")
+	ipPrefix := netip.MustParsePrefix("10.90.0.1/20")
 	r1 := WGRecord{
 		PubKey:  "k1a1fEw+lqB/JR1pKjI597R54xzfP9Kxv4M7hufyNAY=",
-		IP:      netaddr.MustParseIP("10.90.0.2"),
+		IP:      netip.MustParseAddr("10.90.0.2"),
 		expires: time.Unix(0, 0)}
 
 	r2 := WGRecord{
 		PubKey:  "E1gSkv2jS/P+p8YYmvm7ByEvwpLPqQBdx70SPtNSwCo=",
-		IP:      netaddr.MustParseIP("10.90.0.4"),
+		IP:      netip.MustParseAddr("10.90.0.4"),
 		expires: time.Unix(0, 0)}
 
 	lm := &fileLeaseManager{
@@ -65,11 +65,11 @@ func TestGetAvailableIPAddresses(t *testing.T) {
 
 	testCases := []struct {
 		t fileLeaseManager
-		e netaddr.IP
+		e netip.Addr
 	}{
 		{
 			t: *lm,
-			e: netaddr.IPv4(10, 90, 0, 3),
+			e: netip.MustParseAddr("10.90.0.3"),
 		},
 	}
 	for _, test := range testCases {
diff --git a/metrics_test.go b/metrics_test.go
index 701795e..432023d 100644
--- a/metrics_test.go
+++ b/metrics_test.go
@@ -3,12 +3,12 @@ package main
 import (
 	"fmt"
 	"net"
+	"net/netip"
 	"testing"
 	"time"
 
 	"github.com/mdlayher/promtest"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"inet.af/netaddr"
 )
 
 func TestCollector(t *testing.T) {
@@ -87,12 +87,12 @@ func TestCollector(t *testing.T) {
 				wgRecords: map[string]WGRecord{
 					userA: WGRecord{
 						PubKey:  pubPeerA.String(),
-						IP:      netaddr.MustParseIP("10.0.0.1"),
+						IP:      netip.MustParseAddr("10.0.0.1"),
 						expires: time.Unix(100, 0),
 					},
 					userB: WGRecord{
 						PubKey: pubPeerB.String(),
-						IP:     netaddr.MustParseIP("10.0.0.3"),
+						IP:     netip.MustParseAddr("10.0.0.3"),
 					},
 				},
 			},
diff --git a/ping.go b/ping.go
index f4d380b..00e78f3 100644
--- a/ping.go
+++ b/ping.go
@@ -5,18 +5,18 @@ package main
 import (
 	"fmt"
 	"net"
+	"net/netip"
 	"os"
 	"time"
 
 	"golang.org/x/net/icmp"
 	"golang.org/x/net/ipv4"
-	"inet.af/netaddr"
 )
 
 var nextPingCheckerID = os.Getpid() & 0xffff
 
 type pingChecker struct {
-	IP      netaddr.IP
+	IP      netip.Addr
 	ID      int
 	Seqnum  int
 	Timeout Duration
@@ -28,10 +28,7 @@ type checker interface {
 }
 
 func newPingChecker(device, address string, timeout Duration) (*pingChecker, error) {
-	ip, err := netaddr.ParseIP(address)
-	if err != nil {
-		return nil, fmt.Errorf("No valid ip for %s", address)
-	}
+	ip := netip.MustParseAddr(address)
 	id := nextPingCheckerID
 	nextPingCheckerID++
 	return &pingChecker{
@@ -69,14 +66,18 @@ func newICMPv4EchoRequest(id, seqnum int, data []byte) ([]byte, error) {
 	return wm.Marshal(nil)
 }
 
-func exchangeICMPEcho(ip netaddr.IP, timeout time.Duration, echo []byte) error {
+func exchangeICMPEcho(ip netip.Addr, timeout time.Duration, echo []byte) error {
 	c, err := net.ListenPacket("ip4:icmp", "")
 	if err != nil {
 		return err
 	}
 	defer c.Close()
 
-	_, err = c.WriteTo(echo, ip.IPAddr())
+	ipAddr := &net.IPAddr{
+		IP: ip.AsSlice(),
+	}
+
+	_, err = c.WriteTo(echo, ipAddr)
 	if err != nil {
 		return err
 	}
@@ -88,8 +89,8 @@ func exchangeICMPEcho(ip netaddr.IP, timeout time.Duration, echo []byte) error {
 		if err != nil {
 			return err
 		}
-		rip := netaddr.MustParseIP(addr.String())
-		if ip.Compare(rip) != 0 {
+		rip := netip.MustParseAddr(addr.String())
+		if ip != rip {
 			continue
 		}
 		// 1 == ipv4 ICMP proto number
diff --git a/serve.go b/serve.go
index 692f3bd..6df6b12 100644
--- a/serve.go
+++ b/serve.go
@@ -100,7 +100,7 @@ func (lh *HTTPLeaseHandler) newPeerLease(w http.ResponseWriter, r *http.Request)
 		response := &leaseResponse{
 			Status:            "success",
 			IP:                fmt.Sprintf("%s/32", wg.IP.String()),
-			ServerWireguardIP: lh.serverConfig.WireguardIPPrefix.IP().String(),
+			ServerWireguardIP: lh.serverConfig.WireguardIPPrefix.Addr().String(),
 			AllowedIPs:        lh.serverConfig.AllowedIPs,
 			PubKey:            pubKey,
 			Endpoint:          lh.serverConfig.Endpoint,