diff --git a/.changelog/15065.txt b/.changelog/15065.txt
new file mode 100644
index 0000000000..1a7af8a6c8
--- /dev/null
+++ b/.changelog/15065.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+peering: fix the error of wan address isn't taken by the peering token.
+```
\ No newline at end of file
diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go
index d9daeaea15..ba3c387ad5 100644
--- a/agent/consul/peering_backend.go
+++ b/agent/consul/peering_backend.go
@@ -205,23 +205,33 @@ func meshGatewayAdresses(state *state.Store, ws memdb.WatchSet, wan bool) ([]str
 	return addrs, nil
 }
 
+func parseNodeAddr(node *structs.ServiceNode) string {
+	// Prefer the wan address
+	if v, ok := node.TaggedAddresses[structs.TaggedAddressWAN]; ok {
+		return v
+	}
+	return node.Address
+}
+
 func serverAddresses(state *state.Store) ([]string, error) {
-	_, nodes, err := state.ServiceNodes(nil, "consul", structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword)
+	_, nodes, err := state.ServiceNodes(nil, structs.ConsulServiceName, structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword)
 	if err != nil {
 		return nil, err
 	}
 	var addrs []string
 	for _, node := range nodes {
+		addr := parseNodeAddr(node)
+
 		// Prefer the TLS port if it is defined.
 		grpcPortStr := node.ServiceMeta["grpc_tls_port"]
 		if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 {
-			addrs = append(addrs, node.Address+":"+grpcPortStr)
+			addrs = append(addrs, addr+":"+grpcPortStr)
 			continue
 		}
 		// Fallback to the standard port if TLS is not defined.
 		grpcPortStr = node.ServiceMeta["grpc_port"]
 		if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 {
-			addrs = append(addrs, node.Address+":"+grpcPortStr)
+			addrs = append(addrs, addr+":"+grpcPortStr)
 			continue
 		}
 		// Skip node if neither defined.
diff --git a/agent/consul/peering_backend_test.go b/agent/consul/peering_backend_test.go
index a962bdefc0..e8218bc431 100644
--- a/agent/consul/peering_backend_test.go
+++ b/agent/consul/peering_backend_test.go
@@ -9,6 +9,7 @@ import (
 
 	gogrpc "google.golang.org/grpc"
 
+	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/consul/state"
 	"github.com/hashicorp/consul/agent/pool"
@@ -99,6 +100,28 @@ func TestPeeringBackend_GetLocalServerAddresses(t *testing.T) {
 		require.Equal(t, []string{expect}, addrs)
 	})
 
+	testutil.RunStep(t, "prefer WAN address for servers", func(t *testing.T) {
+		req := structs.RegisterRequest{
+			Datacenter:     cfg.Datacenter,
+			Node:           cfg.NodeName,
+			ID:             cfg.NodeID,
+			Address:        "127.0.0.1",
+			EnterpriseMeta: *acl.DefaultEnterpriseMeta(),
+
+			// Add a tagged WAN address to the server registration
+			TaggedAddresses: map[string]string{
+				structs.TaggedAddressWAN: "3.4.5.6",
+			},
+		}
+		require.NoError(t, srv.fsm.State().EnsureRegistration(200, &req))
+
+		addrs, err := backend.GetLocalServerAddresses()
+		require.NoError(t, err)
+
+		expect := fmt.Sprintf("3.4.5.6:%d", srv.config.GRPCTLSPort)
+		require.Equal(t, []string{expect}, addrs)
+	})
+
 	testutil.RunStep(t, "existence of mesh config entry is not enough to peer through gateways", func(t *testing.T) {
 		mesh := structs.MeshConfigEntry{
 			// Enable unrelated config.
@@ -112,7 +135,7 @@ func TestPeeringBackend_GetLocalServerAddresses(t *testing.T) {
 		require.NoError(t, err)
 
 		// Still expect server address because PeerThroughMeshGateways was not enabled.
-		expect := fmt.Sprintf("127.0.0.1:%d", srv.config.GRPCTLSPort)
+		expect := fmt.Sprintf("3.4.5.6:%d", srv.config.GRPCTLSPort)
 		require.Equal(t, []string{expect}, addrs)
 	})