BE86U wireguard not connecting from wifi.

[ttbf_n]

I have installed OVPN server is working, but speed connecting to LAN is very slow.
Have also installed a Wireguard server and it is working if connecting from the phone on cellular, but not from Wifi. I was suspecting a corporate wifi, possibly behind firewalls or something, but not sure how to troubleshoot. Port scanning shows all ports closed, but OVPN (port 1194) is working.
I have also tried to use port 1194 for Wireguard, but it is not working too, so not sure what could possibly be wrong.
Wifi is managed by external IT and asking questions is not an option. I would imagine that if there was any blocking, OVPN would be blocked first. Could it be something in router settings, or anything else to try?

What is "listen port" for WG client (apparently a random port), maybe that is the one getting blocked? If so, how to troubleshoot?

Any suggestion appreciated. Thanks!

 

[ttbf_n]

Apparently, it is even weirder than I thought. On iPhone, if I first connect with Wifi off, then turn Wifi on and cellular off, connection remains working. It should mean that ports are OK?
But if I try to connect with Wifi on (with same settings), there is no connection.

It is also probably not a server issue, because commercial Wireguard connection has similar issue.

 

[ttbf_n]

My current understanding is that Wireguard requires "listening port" on the client be opened from outside, but on the corporate WiFi all ports are blocked from outside, so Wireguard cannot work.
Apparently, outgoing port communication is allowed, so OVPN can create a tunnel on port 1194, which remains open in both directions. However, port 1194 is closed from outside the WiFi network, so Wireguard will not work even on port 1194.

If so, is there any way to make Wireguard work at all on this Wifi network?

 

[916Area52]

@ ttbf_n,

I'm very new at all router stuff. So, this WireGuard setup worked for me. Here's a link that helped me out... https://support.flashrouters.com/?s=merlin+wireguard .

While I have a different model router and probably different VPN service than you, the attached may be of help.

 

[ttbf_n]

Thanks, but I have a different problem, description may be unclear. Wireguard on the router is working properly.

I am not able to connect to my Wireguard VPN server from corporate Wifi. I am coming to conclusion that Wireguard is somewhat limited for such application, because it is not a "client-server" connection like OVPN but requires an open port for the client as well, which is of course not possible on corporate Wifi.

At the beginning I thought something was wrong with my server setup, but because I have same issues connecting to a commercial VPN, it is apparently a limitation of Wireguard protocol. Sorry for confusing the matter.

 

[bennor]

I am not able to connect to my Wireguard VPN server from corporate Wifi.

To rule out the Corporate Firewall, have you tried using another network to test from? Like your local library, a friend or family member's internet service, public WiFi hotspot, cellphone cellular data (with WiFi turned off on the cellphone), etc.

 

[ttbf_n]

Yes, it works fine when iPhone is on cellular. It apparently even works when initiate connection on cellular, then turn on Wifi. But on Wifi, connection cannot be established. This is true for both connecting to my Wireguard server and also the same for a commercial Wireguard VPN.

 

[Tech9]

This is weird because I have WireGuard based Teleport VPN back to my Ubiquiti system and it works with virtually any connection outside my home. So the issue you are experiencing is not in WireGuard as type of VPN. There is something else wrong.

 

[ttbf_n]

This is weird because I have WireGuard based Teleport VPN back to my Ubiquiti system and it works with virtually any connection outside my home. So the issue you are experiencing is not in WireGuard as type of VPN. There is something else wrong.

Makes sense, but there is this "Listen port" in Wireguard client. How would it receive anything on this port, if there is no port forwarding done on the router?

I have just verified it again - iPhone on cellular can connect to Wireguard server. If at that point enable Wifi and disable cellular, connection still remains active and works without issues.
However, if I am initially connected to Wifi, connection shows as "active" but there is no data received.

So, it seems reasonable to assume that if this "listen port" is not reachable, then connection cannot be established? But then, how would it work for others?
I am not sure what else could I possibly test. Thanks.